Solved: Notification tray "System alert" Ballon keeps popping up

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Beshires1

Thread Starter
Joined
Jan 20, 2007
Messages
8
Please look at this HTL I need help! Logfile of HijackThis v1.99.1
Scan saved at 1:36:01 PM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158528709578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158528963625
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

Can't seem to get rid of NewDotNet,Other programs such as Dealio, When U Save also keep reappearing.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!

Run HijackThis and click Open the Misc Tools section
Click Open Uninstall Manager, Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of the log here in your next reply.
 

Beshires1

Thread Starter
Joined
Jan 20, 2007
Messages
8
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Stock Photos 1.0
Age of Empires III - The WarChiefs Trial
Avance AC'97 Audio
AVG Free Edition
AVIcodec (remove only)
Belarc Advisor 7.2
Dealio Toolbar
Enable S3 for USB Device
Enemy Territory 2.60 - 2.60b Patch Selector
ET Starter Pro
EWB DesignSuite Freeware Edition 9
EWB Shared Components
EWB Support and Upgrade Utility
Form Fill (Windows Live Toolbar)
GameSpy Arcade
Google Toolbar for Internet Explorer
Google Video Player
Google Video Uploader
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP OfficeJet Series 700 (Remove Only)
IGN Download Manager 2.3.3
Indeo® software
J2SE Runtime Environment 5.0 Update 8
jWorkbook
Logitech MouseWare 9.79.1
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla ActiveX Control v1.7.1
Mozilla Firefox (2.0.0.1)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
National Instruments Software
New.net Domains 7.48
NI EULA Depot
NI MDF Support
PowerISO
ProSavageDDR and Utilities
Public Messenger ver 2.03
QuickTime
RealPlayer
RegScrubXP 3.25
RelevantKnowledge
Rhapsody Player Engine
RTLSetup
S3Display
S3Gamma2
S3Info2
S3Overlay
Sansa Media Converter
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Smart Menus (Windows Live Toolbar)
SpeedSim
SpywareBlaster v3.5.1
Survival
TeamSpeak 2 RC2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Veo Digital Studio
Veo Stingray
WhenU SaveNow
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinSnap
Wolfenstein - Enemy Territory
Yahoo! Toolbar
 

Beshires1

Thread Starter
Joined
Jan 20, 2007
Messages
8
SmitFraudFix v2.132

Scan done at 18:08:12.04, Sat 01/20/2007
Run from C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\gwquvw.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\gwquvw.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ANTHON~1.ANT\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 

Beshires1

Thread Starter
Joined
Jan 20, 2007
Messages
8
Logfile of HijackThis v1.99.1
Scan saved at 6:24:12 PM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\My Documents\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158528709578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158528963625
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
 

Beshires1

Thread Starter
Joined
Jan 20, 2007
Messages
8
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:38:27 PM 1/20/2007

+ Scan result:



C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Local Settings\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\Cache(2)\5CB1B112d01 -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-2111687655-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-2111687655-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D123AED6C340E304988D0F6852B28775 -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\blackexperience.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP167\A0142751.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP167\A0143738.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP170\A0146961.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP170\A0146962.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP170\A0146963.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP170\A0147059.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP171\A0147261.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP215\A0185256.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP215\A0185262.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP215\A0186329.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP215\A0186332.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0186356.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0186446.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0186447.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0186448.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-2111687655-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-2111687655-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-2111687655-725345543-1004\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\blackexperience.zip\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP166\A0141732.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP215\A0186331.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0186466.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners\WUSV -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP184\A0155740.exe -> Adware.Stud : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0188474.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP191\A0166900.dll -> Downloader.Small.cgu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP211\A0182070.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP211\A0182073.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP211\A0182074.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.194:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.195:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.435:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.765:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.862:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.865:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.672:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.673:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.328:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.329:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.331:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.333:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.334:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.337:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.595:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.588:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.589:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.590:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.415:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.416:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.417:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.418:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.419:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.420:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.584:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.551:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.358:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.443:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.780:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.879:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.908:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.157:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.158:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.159:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.160:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.480:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.481:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.482:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.483:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.484:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.485:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.734:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.735:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.736:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.737:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.738:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.739:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.447:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.469:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.533:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.534:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.803:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.804:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.872:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.953:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.982:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.640:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.720:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.721:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.835:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.621:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.622:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.954:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.101:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.114:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.115:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.116:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.396:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.397:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.398:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.706:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.707:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.799:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.29:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.645:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.646:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
 

Beshires1

Thread Starter
Joined
Jan 20, 2007
Messages
8
Logfile of HijackThis v1.99.1
Scan saved at 8:51:09 PM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\My Documents\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158528709578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158528963625
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Go to Add/Remove programs and remove these:
New.net Domains 7.48
RelevantKnowledge
WhenU SaveNow

Restart the machine and post your log again.
 

Beshires1

Thread Starter
Joined
Jan 20, 2007
Messages
8
Logfile of HijackThis v1.99.1
Scan saved at 11:48:41 AM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ET Starter Pro\Apps\etmin.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\My Documents\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158528709578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158528963625
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

I think I have it clean now. What do you think?
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Looks good to me as well. (y)



It's a good idea to Flush your System Restore after removing malware:

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Restart the computer.

To create a new restore point:
  • Start go to All Programs
  • Accessories, System Tools and select System Restore.
  • In the System Restore wizard, select "Create a restore point" and click the Next button.
  • Type a description for your new restore point. Something like "After trojan/spyware cleanup".
  • Click Create and you're done.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top