Hey I think somethings wrong with my PC and I was hoping you guys could take a look at it. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 1:56:03 PM, on 05/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Documents and Settings\Aidan\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NapsterShell] E:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [\\ESPM\EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P33 "\\ESPM\EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
0
HJT Log
Started by Nojoy, May 05 2007 05:54 PM
8 replies to this topic
#2 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 05 May 2007 - 07:29 PM
What kind of problems are you having?
Run Kaspersky WebScanner
Run Kaspersky WebScanner
- Please go HERE and click Kaspersky Online Scanner
- Read and Accept the Agreement
- You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- If you see a Windows dialog asking if you want to install this software, click the Install button.
- The program will launch and then begin downloading the latest definition files,
- When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
- Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
- Under "Please select a target to scan:", click My Computer to start the scan.
- When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
- Paste kaspersky log onto forum.
#3 OFFLINE
-
- Members
-
- 54 posts
Advanced Member
Posted 05 May 2007 - 10:37 PM
All of a sudden my PC is missing memory and my PC-cillin keeps giving me warning messages.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 05, 2007 6:38:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/05/2007
Kaspersky Anti-Virus database records: 313671
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 49032
Number of viruses found: 7
Number of infected objects: 22 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:46:00
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cert8.db Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\history.dat Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\key3.db Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\parent.lock Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Aidan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\History\History.IE5\MSHist012007050520070506\index.dat Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Temp\flaEC.tmp Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Temp\hsperfdata_Aidan\1312 Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aidan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Aidan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe/data0001.cab/Weather/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe/data0001.cab/Weather/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe Embedded CAB: infected - 5 skipped
C:\Program Files\Save\ACM.dll Object is locked skipped
C:\Program Files\Save\Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\71.tmp/stream/data0001/01.exe Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\71.tmp/stream/data0001 Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\71.tmp/stream Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\71.tmp NSIS: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\71.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\72.tmp/stream/data0001/01.exe Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\72.tmp/stream/data0001 Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\72.tmp/stream Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\72.tmp NSIS: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\72.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\99.tmp/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\99.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\99.tmp CryptFF.b: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{835DD86E-969D-4C82-B474-29D4789BD0F3}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\change.log Object is locked skipped
E:\Program Files\Altnet\Download Manager\asm.exe Object is locked skipped
E:\Program Files\Altnet\Download Manager\asmps.dll Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\chandir.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\chandir.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\chn.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\chn.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\D0000000.FCS Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\inuse.txt Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\L0000005.FCS Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\main.log Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_die.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_die.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_dnd.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_dnd.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_ext.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_ext.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_rcv.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_rcv.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\storydb.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\storydb.idx Object is locked skipped
E:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\change.log Object is locked skipped
E:\Temp\hsperfdata_Aidan\3276 Object is locked skipped
E:\Temp\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
Scan process completed.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 05, 2007 6:38:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/05/2007
Kaspersky Anti-Virus database records: 313671
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 49032
Number of viruses found: 7
Number of infected objects: 22 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:46:00
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cert8.db Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\history.dat Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\key3.db Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\parent.lock Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Aidan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\History\History.IE5\MSHist012007050520070506\index.dat Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Temp\flaEC.tmp Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Temp\hsperfdata_Aidan\1312 Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aidan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Aidan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe/data0001.cab/Weather/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe/data0001.cab/Weather/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
C:\Program Files\GDivX Zenith Player\SaveInstWm.exe Embedded CAB: infected - 5 skipped
C:\Program Files\Save\ACM.dll Object is locked skipped
C:\Program Files\Save\Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\71.tmp/stream/data0001/01.exe Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\71.tmp/stream/data0001 Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\71.tmp/stream Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\71.tmp NSIS: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\71.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\72.tmp/stream/data0001/01.exe Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\72.tmp/stream/data0001 Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\72.tmp/stream Infected: Packed.Win32.PolyCrypt.b skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\72.tmp NSIS: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\72.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\99.tmp/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\99.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\99.tmp CryptFF.b: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{835DD86E-969D-4C82-B474-29D4789BD0F3}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\change.log Object is locked skipped
E:\Program Files\Altnet\Download Manager\asm.exe Object is locked skipped
E:\Program Files\Altnet\Download Manager\asmps.dll Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\chandir.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\chandir.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\chn.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\chn.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\D0000000.FCS Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\inuse.txt Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\L0000005.FCS Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\main.log Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_die.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_die.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_dnd.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_dnd.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_ext.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_ext.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_rcv.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\prs_rcv.idx Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\storydb.dat Object is locked skipped
E:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aidan\Data\storydb.idx Object is locked skipped
E:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\change.log Object is locked skipped
E:\Temp\hsperfdata_Aidan\3276 Object is locked skipped
E:\Temp\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
Scan process completed.
#4 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 06 May 2007 - 03:33 AM
Find and delete the following files:
C:\Program Files\Save\Save.exe
E:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
Then uninstall a program called GDivX Zenith Player.
Then delete the following folder:
C:\Program Files\GDivX Zenith Player
--------------
Download AVG Anti-Spyware
Post the AVG log and a new hijackthis log.
C:\Program Files\Save\Save.exe
E:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
Then uninstall a program called GDivX Zenith Player.
Then delete the following folder:
C:\Program Files\GDivX Zenith Player
--------------
Download AVG Anti-Spyware
- Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Click on the Scanner tab at the top and then click on Complete System Scan
- Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
- Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back
Post the AVG log and a new hijackthis log.
#5 OFFLINE
-
- Members
-
- 54 posts
Advanced Member
Posted 06 May 2007 - 01:27 PM
C:\Program Files\GDivX Zenith Player did not seem to exist after uninstalling GDivX Zenith Player.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:28:46 AM 06/05/2007
+ Scan result:
C:\Program Files\Save -> Adware.SaveNow : Ignored.
C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Ignored.
C:\Program Files\Save\ffext.mod -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206076.exe/Save.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206076.exe/SaveUninst.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206076.exe/Weather\Uninst.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206076.exe/Weather\Weather.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206082.exe -> Adware.SaveNow : Ignored.
:mozilla.114:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.137:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.46:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.47:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.48:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.49:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.51:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.52:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.120:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.63:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.10:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.13:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.16:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.19:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.102:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.103:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.104:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.105:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.106:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.35:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@real[2].txt -> TrackingCookie.Real : Cleaned.
:mozilla.98:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.78:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.79:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.81:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.153:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.156:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.157:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.158:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.159:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.160:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.161:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.162:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.163:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.164:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.165:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.20:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.121:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 9:30:26 AM, on 06/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\QuickTime\qttask.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\D-Link AirPlus G\AirPlus.exe
E:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
E:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE
E:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Documents and Settings\Aidan\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NapsterShell] E:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [\\ESPM\EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P33 "\\ESPM\EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:28:46 AM 06/05/2007
+ Scan result:
C:\Program Files\Save -> Adware.SaveNow : Ignored.
C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Ignored.
C:\Program Files\Save\ffext.mod -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206076.exe/Save.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206076.exe/SaveUninst.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206076.exe/Weather\Uninst.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206076.exe/Weather\Weather.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206082.exe -> Adware.SaveNow : Ignored.
:mozilla.114:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.137:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.46:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.47:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.48:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.49:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.51:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.52:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.120:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.63:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.10:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.13:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.16:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.19:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.102:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.103:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.104:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.105:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.106:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.35:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@real[2].txt -> TrackingCookie.Real : Cleaned.
:mozilla.98:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.78:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.79:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.81:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.153:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.156:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.157:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.158:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.159:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.160:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.161:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.162:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.163:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.164:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.165:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.20:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.121:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 9:30:26 AM, on 06/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\QuickTime\qttask.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\D-Link AirPlus G\AirPlus.exe
E:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
E:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE
E:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Documents and Settings\Aidan\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NapsterShell] E:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [\\ESPM\EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P33 "\\ESPM\EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
#6 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 07 May 2007 - 07:32 AM
Find and delete this folder:
C:\Program Files\Save
Download Superantispyware
C:\Program Files\Save
Download Superantispyware
- Load Superantispyware and click the check for updates button.
- Once the update is finished click the scan your computer button.
- Check Perform Complete Scan and then next.
- Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
- Make sure that they all have a check next to them and press next.
- Click finish and you will be taken back to the main interface.
- Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
- Copy and paste the log onto the forum.
#7 OFFLINE
-
- Members
-
- 54 posts
Advanced Member
Posted 07 May 2007 - 09:25 PM
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/07/2007 at 04:29 PM
Application Version : 3.7.1018
Core Rules Database Version : 3232
Trace Rules Database Version: 1243
Scan type : Complete Scan
Total Scan Time : 00:29:08
Memory items scanned : 469
Memory threats detected : 0
Registry items scanned : 4191
Registry threats detected : 37
File items scanned : 28724
File threats detected : 5
Adware.Tracking Cookie
C:\Documents and Settings\Aidan\Cookies\aidan@atdmt[2].txt
C:\Documents and Settings\Aidan\Cookies\aidan@statse.webtrendslive[1].txt
C:\Documents and Settings\Aidan\Cookies\aidan@mediaplex[1].txt
Adware.WhenU
HKCR\ACM.ACMFactory
HKCR\ACM.ACMFactory\CLSID
HKCR\ACM.ACMFactory\CurVer
HKCR\ACM.ACMFactory.1
HKCR\ACM.ACMFactory.1\CLSID
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version
HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
HKCR\AppId\ACM.DLL
HKCR\AppId\ACM.DLL#AppID
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\win32
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version
C:\SYSTEM VOLUME INFORMATION\_RESTORE{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206076.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206082.EXE
Logfile of HijackThis v1.99.1
Scan saved at 5:25:44 PM, on 07/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\D-Link AirPlus G\AirPlus.exe
E:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
E:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Documents and Settings\Aidan\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NapsterShell] E:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [\\ESPM\EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P33 "\\ESPM\EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
http://www.superantispyware.com
Generated 05/07/2007 at 04:29 PM
Application Version : 3.7.1018
Core Rules Database Version : 3232
Trace Rules Database Version: 1243
Scan type : Complete Scan
Total Scan Time : 00:29:08
Memory items scanned : 469
Memory threats detected : 0
Registry items scanned : 4191
Registry threats detected : 37
File items scanned : 28724
File threats detected : 5
Adware.Tracking Cookie
C:\Documents and Settings\Aidan\Cookies\aidan@atdmt[2].txt
C:\Documents and Settings\Aidan\Cookies\aidan@statse.webtrendslive[1].txt
C:\Documents and Settings\Aidan\Cookies\aidan@mediaplex[1].txt
Adware.WhenU
HKCR\ACM.ACMFactory
HKCR\ACM.ACMFactory\CLSID
HKCR\ACM.ACMFactory\CurVer
HKCR\ACM.ACMFactory.1
HKCR\ACM.ACMFactory.1\CLSID
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version
HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
HKCR\AppId\ACM.DLL
HKCR\AppId\ACM.DLL#AppID
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\win32
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version
C:\SYSTEM VOLUME INFORMATION\_RESTORE{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206076.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP401\A0206082.EXE
Logfile of HijackThis v1.99.1
Scan saved at 5:25:44 PM, on 07/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\D-Link AirPlus G\AirPlus.exe
E:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
E:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Documents and Settings\Aidan\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NapsterShell] E:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [\\ESPM\EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P33 "\\ESPM\EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
#8 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 08 May 2007 - 06:18 PM
This log looks ok. Do all of your problems seem to be fixed?
If so then all you need to do is clear your restore points and make a new one.(instructions below)
To Flush the infected restore points:
Click Start Menu > All Programs > Accessories > System Tools > SystemRestore
Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
If so then all you need to do is clear your restore points and make a new one.(instructions below)
To Flush the infected restore points:
Click Start Menu > All Programs > Accessories > System Tools > SystemRestore
Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
#9 OFFLINE
-
- Members
-
- 54 posts
Advanced Member
Posted 08 May 2007 - 08:10 PM
All my problems seem to be solved. Thank you.
