Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet going down

Started by KtC Angel of Peace , Jan 15 2007 09:35 PM

  • Please log in to reply

#1
KtC Angel of Peace
Posted 15 January 2007 - 09:35 PM

KtC Angel of Peace

    Member

  • Member
  • PipPip
  • 94 posts
To expand, when I restart my computer and connect to the internet, my internet works fine. But after say, 30 hours of being online it starts to slow down, and then it just isn't able to connect anywhere anymore. I'm using Firefox, and my internet explorer is messed up anyway, but that doesn't connect either.

However, I am still able to connect to the internet as I am able to access Trillian and everything else. For instance, just now, I exited out of firefox, went to sleep, and upon waking, it is now not able to find any servers. Yeah.... But Trillian still works!

Here's my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 7:31:35 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Desktop Search\wds_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kevin Tran\Desktop\HJT\Rwar.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by KtC Angel of Peace, 16 January 2007 - 08:36 AM.

  • 0

Advertisements

#2
Technical_1
Posted 27 January 2007 - 10:51 PM

Technical_1

    Visiting Staff

  • Member
  • PipPipPip
  • 735 posts
Hello KtC Angel of Peace and welcome to G2G's Malware Forum.

Very sorry for the delay. As your log is fairly old at this point, please rescan with Hijack This and post a new log for review.

I'll get it looked at ASAP.

:whistling:
  • 0

#3
KtC Angel of Peace
Posted 28 January 2007 - 09:50 PM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Logfile of HijackThis v1.99.1 [Relabled to Rwar]
Scan saved at 7:48:31 PM, on 1/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kevin Tran\Desktop\HJT\Rwar.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Gizmo Project for LJ Talk] C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:41:55 AM 1/27/2007

+ Scan result:



C:\Documents and Settings\Kevin Tran\Desktop\HJT\backups\backup-20061108-155814-369.dll -> Adware.Suggestor : Cleaned.
:mozilla.225:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.226:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.227:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.228:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.229:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.295:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.333:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.321:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.238:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.239:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.240:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.241:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.242:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.243:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.262:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.164:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.165:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.166:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.167:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.180:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.116:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.463:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.464:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.465:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.112:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.113:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.114:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.115:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.119:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.120:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.121:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.122:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.123:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.124:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.412:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.49:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.64:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.67:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.432:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.21:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.272:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.273:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.274:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.275:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.276:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.100:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.96:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.97:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.98:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.253:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.125:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.126:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.479:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.480:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.431:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.80:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.81:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.82:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.83:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.117:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.118:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.181:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.182:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.183:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.184:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.185:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.186:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.187:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.188:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.441:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.251:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.513:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.514:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.515:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.516:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.355:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.356:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.357:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.358:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.359:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.360:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.524:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.525:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.346:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.347:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.348:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.211:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.212:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.213:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.214:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.215:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.278:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.216:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.217:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.218:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.219:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.220:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.221:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.222:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.223:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.224:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.78:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.79:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.491:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.245:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.246:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.247:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.248:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.93:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.94:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.95:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end




SUPERAntiSpyware Scan Log
Generated 01/27/2007 at 11:35 AM

Application Version : 3.5.1016

Core Rules Database Version : 3173
Trace Rules Database Version: 1183

Scan type : Complete Scan
Total Scan Time : 00:43:04

Memory items scanned : 378
Memory threats detected : 0
Registry items scanned : 5369
Registry threats detected : 0
File items scanned : 37530
File threats detected : 3

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Adware.MovieLand/MediaPipe
C:\PROGRAM FILES\FSUPPORT\NOTIFIER.EXE


If there is a problem, please tell me. S'weird why it's going on like this =P.
  • 0

#4
Technical_1
Posted 29 January 2007 - 07:56 AM

Technical_1

    Visiting Staff

  • Member
  • PipPipPip
  • 735 posts
Some of those results indicate smitfraud. Let's run the first part of the tool to verify whether it's there or not.
  • Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlog...processutil.htm
  • Please re-open HiJackThis and scan and save a new log file.
  • Post Logs
  • Smitfraud Results
  • New Hijack This Log


  • 0

#5
KtC Angel of Peace
Posted 30 January 2007 - 08:16 AM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Here y'are =). By the way, thank you for helping me, and the many others that you have contributing your time here on Geeks to Go =).

SmitFraudFix v2.137

Scan done at 6:12:16.34, Tue 01/30/2007
Run from C:\Documents and Settings\Kevin Tran\Desktop\Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kevin Tran


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kevin Tran\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KEVINT~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\ZipCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Windows NT\\meheby.html"
"SubscribedURL"=""
"FriendlyName"=""


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





Logfile of HijackThis v1.99.1
Scan saved at 6:15:47 AM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Kevin Tran\Desktop\HJT\Rwar.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Gizmo Project for LJ Talk] C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#6
Technical_1
Posted 30 January 2007 - 10:24 AM

Technical_1

    Visiting Staff

  • Member
  • PipPipPip
  • 735 posts

By the way, thank you for helping me, and the many others that you have contributing your time here on Geeks to Go =).

You're welcome. :whistling:

As you may have noticed, I have wrapped my reply to you in quotes. Seems there is a bug in the system from the server swap. Sometimes this is the only way to get a post to show. Just FYI in case it happens to you here.

Looks like there was one folder found. Let's run the second step now and get a scan in.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
  • Run Smitfraud
    • Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
    • Select option #2 - Clean by typing 2 and press Enter.
    • Wait for the tool to complete and disk cleanup to finish.
    • You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
    • The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll.
    • Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
    • A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please
      do it yourself manually.
    • The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
  • Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox browserClick Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browserClick Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.
  • Click here to download Dr.Web CureIt and save it to your desktop.
    • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, see if you can click the icon next to the files found: Posted Image
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
      Posted Image
      This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • Please re-open HiJackThis and scan and save a new log file.
  • Post Logs
    • SmitFraudfix Results
    • Dr. Web CureIt Results
    • New Hijack This Log


  • 0

#7
KtC Angel of Peace
Posted 01 February 2007 - 08:26 AM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
SmitFraudFix v2.137

Scan done at 16:56:00.12, Wed 01/31/2007
Run from C:\Documents and Settings\Kevin Tran\Desktop\Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Kevin Tran\Desktop\Downloads\SmitfraudFix\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Kevin Tran\Desktop\Downloads\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Kevin Tran\Desktop\New Folder (2)\New Folder\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Kevin Tran\Desktop\New Folder (2)\New Folder\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
aolsetup.exe;C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7;Probably BACKDOOR.Trojan;Incurable.Moved.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.60;Incurable.Moved.;
bkf.exe;C:\Program Files\softnyx\GunboundWC;Probably DLOADER.Trojan;Incurable.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;

Logfile of HijackThis v1.99.1
Scan saved at 6:22:59 AM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kevin Tran\Desktop\HJT\Rwar.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Gizmo Project for LJ Talk] C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#8
Technical_1
Posted 01 February 2007 - 09:06 PM

Technical_1

    Visiting Staff

  • Member
  • PipPipPip
  • 735 posts
Hello again KtC Angel of Peace.

Looks like that got smitfraud. Let's get an entry with Hijack This and get you an Anti-Virus installed.
  • Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below being careful to get only these:

    O4 - Startup: PowerReg Scheduler V3.exe

    Now close all windows other than HiJackThis, then click Fix Checked. Exit Hijack This.
  • Download, install, update and scan with one of the following free Anti-Virus Programs. Save any results for posting here along with any other requested logs.
    Choose only one Anti-Virus program.
  • Please re-open HiJackThis and scan and save a new log file.
  • Post Logs
    • Scan results from the AV you chose
    • New Hijack This Log
Are things running any better.

:whistling:
  • 0

#9
KtC Angel of Peace
Posted 11 February 2007 - 10:19 AM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Sorry, trying to figure out this firewall/virus scan thingy, I'll post as soon as I can!
  • 0

#10
KtC Angel of Peace
Posted 11 February 2007 - 10:20 AM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
And yes, things have been running better, no slowing down, and I"m able to run FF and/or IE for more than 2 days if needed =) [hugs] Thanks! =D
  • 0

Advertisements

#11
Technical_1
Posted 11 February 2007 - 06:37 PM

Technical_1

    Visiting Staff

  • Member
  • PipPipPip
  • 735 posts
Good to hear. Post the scan results when you can along with that new Hijack This Log.

:whistling:
  • 0

#12
KtC Angel of Peace
Posted 15 February 2007 - 09:25 PM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:22:06 PM 2/15/2007

+ Scan result:



C:\System Volume Information\_restore{E39D788E-C32D-4234-BCFB-DF7D306185DA}\RP310\A0209633.dll -> Adware.Suggestor : No action taken.
:mozilla.133:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.134:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.135:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.166:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.68:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.157:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.158:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.159:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.160:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.161:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.30:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.32:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.33:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.34:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.36:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.100:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.101:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.57:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.58:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.59:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.60:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.61:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.88:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.89:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.97:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.23:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.48:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.125:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.161:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.162:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.200:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.201:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.202:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.97:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.98:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.99:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.184:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.41:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Com : No action taken.
:mozilla.22:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.64:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.109:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.110:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.213:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.214:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.215:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.216:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.127:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.128:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.91:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.92:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.129:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.28:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.29:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.17:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Overture : No action taken.
:mozilla.22:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Overture : No action taken.
:mozilla.23:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.121:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.122:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.123:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.124:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.163:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.164:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.155:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.156:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@sexlist[1].txt -> TrackingCookie.Sexlist : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.148:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin [email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.162:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.163:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.164:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.165:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.166:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.167:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.168:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.168:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.169:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.169:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.170:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.171:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.172:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.173:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.174:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.126:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies-1.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.89:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Kevin Tran\Cookies\kevin tran@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : No action taken.
:mozilla.18:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.20:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.21:C:\Documents and Settings\Kevin Tran\Application Data\Mozilla\Firefox\Profiles\xgui2zsh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 7:25:08 PM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kevin Tran\Desktop\HJT\Rwar.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Gizmo Project for LJ Talk] C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?54742a2a733144de8421e143a2768240
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project for LJ Talk\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#13
Technical_1
Posted 15 February 2007 - 09:32 PM

Technical_1

    Visiting Staff

  • Member
  • PipPipPip
  • 735 posts
Log looks good. :whistling:

I don't see any Anti-Virus running though. The log you posted was from AVG Anti-Spyware (it just found cookies, BTW) and this is different from the Anti-Virus. Go ahead and get an AV installed and we'll get you finished up. If you're having trouble getting the AV installed, let me know and we'll see what we can do to get you going.

:blink:
  • 0

#14
KtC Angel of Peace
Posted 15 February 2007 - 09:33 PM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Ah, so that's what that was all about. I was wondering why it didn't pick up any malware or suspected stuff like that =p
  • 0

#15
KtC Angel of Peace
Posted 16 February 2007 - 12:43 AM

KtC Angel of Peace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Alright, AVG says it's clean! Thank you! =).
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP