1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Notification tray "System alert" Ballon keeps popping up

Discussion in 'Virus & Other Malware Removal' started by Beshires1, Jan 20, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Beshires1

    Beshires1 Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    8
    Please look at this HTL I need help! Logfile of HijackThis v1.99.1
    Scan saved at 1:36:01 PM, on 1/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system32\rlvknlg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\My Documents\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158528709578
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158528963625
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

    Can't seem to get rid of NewDotNet,Other programs such as Dealio, When U Save also keep reappearing.
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    Run HijackThis and click Open the Misc Tools section
    Click Open Uninstall Manager, Save list and save the log to your Desktop.
    A list of programs will open in Notepad. Post the contents of the log here in your next reply.
     
  3. Beshires1

    Beshires1 Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    8
    Ad-Aware SE Personal
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0.9
    Adobe Stock Photos 1.0
    Age of Empires III - The WarChiefs Trial
    Avance AC'97 Audio
    AVG Free Edition
    AVIcodec (remove only)
    Belarc Advisor 7.2
    Dealio Toolbar
    Enable S3 for USB Device
    Enemy Territory 2.60 - 2.60b Patch Selector
    ET Starter Pro
    EWB DesignSuite Freeware Edition 9
    EWB Shared Components
    EWB Support and Upgrade Utility
    Form Fill (Windows Live Toolbar)
    GameSpy Arcade
    Google Toolbar for Internet Explorer
    Google Video Player
    Google Video Uploader
    HijackThis 1.99.1
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    HP OfficeJet Series 700 (Remove Only)
    IGN Download Manager 2.3.3
    Indeo® software
    J2SE Runtime Environment 5.0 Update 8
    jWorkbook
    Logitech MouseWare 9.79.1
    Logitech SetPoint
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Windows Journal Viewer
    Microsoft Word 2002
    Microsoft Works 2002 Setup Launcher
    Microsoft Works 6.0
    Microsoft Works Suite Add-in for Microsoft Word
    Mozilla ActiveX Control v1.7.1
    Mozilla Firefox (2.0.0.1)
    MSN Music Assistant
    MSXML 4.0 SP2 (KB927978)
    National Instruments Software
    New.net Domains 7.48
    NI EULA Depot
    NI MDF Support
    PowerISO
    ProSavageDDR and Utilities
    Public Messenger ver 2.03
    QuickTime
    RealPlayer
    RegScrubXP 3.25
    RelevantKnowledge
    Rhapsody Player Engine
    RTLSetup
    S3Display
    S3Gamma2
    S3Info2
    S3Overlay
    Sansa Media Converter
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB926255)
    Smart Menus (Windows Live Toolbar)
    SpeedSim
    SpywareBlaster v3.5.1
    Survival
    TeamSpeak 2 RC2
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Veo Digital Studio
    Veo Stingray
    WhenU SaveNow
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Live Outlook Toolbar (Windows Live Toolbar)
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WinRAR archiver
    WinSnap
    Wolfenstein - Enemy Territory
    Yahoo! Toolbar
     
  4. Beshires1

    Beshires1 Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    8
    SmitFraudFix v2.132

    Scan done at 18:08:12.04, Sat 01/20/2007
    Run from C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

    [HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
    @="C:\WINDOWS\system32\gwquvw.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
    @="C:\WINDOWS\system32\gwquvw.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\gwquvw.dll -> Hoax.Win32.Renos.gen.i
    C:\WINDOWS\system32\gwquvw.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\DOCUME~1\ANTHON~1.ANT\FAVORI~1\Online Security Test.url Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  5. Beshires1

    Beshires1 Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    8
    Logfile of HijackThis v1.99.1
    Scan saved at 6:24:12 PM, on 1/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system32\rlvknlg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\My Documents\HijackThis.exe

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158528709578
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158528963625
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
     
  6. Beshires1

    Beshires1 Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    8
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 8:38:27 PM 1/20/2007

    + Scan result:



    C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Local Settings\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\Cache(2)\5CB1B112d01 -> Adware.180Solutions : Cleaned with backup (quarantined).
    HKU\S-1-5-21-343818398-2111687655-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-343818398-2111687655-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D123AED6C340E304988D0F6852B28775 -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\Program Files\filesubmit\blackexperience.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP167\A0142751.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP167\A0143738.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP170\A0146961.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP170\A0146962.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP170\A0146963.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP170\A0147059.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP171\A0147261.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP215\A0185256.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP215\A0185262.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP215\A0186329.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP215\A0186332.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0186356.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0186446.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0186447.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0186448.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-343818398-2111687655-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-343818398-2111687655-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-343818398-2111687655-725345543-1004\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\Program Files\filesubmit\blackexperience.zip\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP166\A0141732.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP215\A0186331.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0186466.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\WhenUSave\Partners\WUSV -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP184\A0155740.exe -> Adware.Stud : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP216\A0188474.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP191\A0166900.dll -> Downloader.Small.cgu : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP211\A0182070.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP211\A0182073.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{C92B0608-A08D-4EC3-A553-F5A7888D09B3}\RP211\A0182074.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined).
    :mozilla.193:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.194:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.195:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.435:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.765:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.862:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.865:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.672:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.673:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.328:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.329:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.331:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.333:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.334:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.337:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.595:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
    :mozilla.588:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.589:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.590:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.415:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.416:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.417:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.418:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.419:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.420:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.584:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.551:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.358:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.443:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.780:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.879:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.908:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.157:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.158:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.159:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.160:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.480:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.481:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.482:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.483:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.484:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.485:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.734:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.735:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.736:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.737:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.738:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.739:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.447:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.469:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.533:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.534:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.803:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.804:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.872:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.953:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.982:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.640:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Information : Cleaned.
    :mozilla.720:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.721:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.835:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
    :mozilla.621:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.622:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.954:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.101:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.102:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.103:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.104:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.105:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.106:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.107:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.108:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.109:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.110:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.111:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.112:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.113:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.114:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.115:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.116:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.117:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.396:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.397:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.398:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.706:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.707:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
    :mozilla.799:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.29:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.48:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.49:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.50:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.51:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.54:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.55:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.56:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.645:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.646:C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\Application Data\Mozilla\Firefox\Profiles\ikt1cewi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end
     
  7. Beshires1

    Beshires1 Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    8
    Logfile of HijackThis v1.99.1
    Scan saved at 8:51:09 PM, on 1/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system32\rlvknlg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\My Documents\HijackThis.exe

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158528709578
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158528963625
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Go to Add/Remove programs and remove these:
    New.net Domains 7.48
    RelevantKnowledge
    WhenU SaveNow

    Restart the machine and post your log again.
     
  9. Beshires1

    Beshires1 Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    8
    Logfile of HijackThis v1.99.1
    Scan saved at 11:48:41 AM, on 1/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ET Starter Pro\Apps\etmin.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Anthony Beshires.ANTHONY-N34BTDX\My Documents\HijackThis.exe

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158528709578
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158528963625
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

    I think I have it clean now. What do you think?
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Looks good to me as well. (y)



    It's a good idea to Flush your System Restore after removing malware:

    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    • Restart the computer.

    To create a new restore point:
    • Start go to All Programs
    • Accessories, System Tools and select System Restore.
    • In the System Restore wizard, select "Create a restore point" and click the Next button.
    • Type a description for your new restore point. Something like "After trojan/spyware cleanup".
    • Click Create and you're done.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/536898

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice