CPU on 100% OVERLOAD!!! HELP PLZZZZ
Surtlab
Georgia
Have been having this problem for a while now.
PC started over with new owner and lost some things, recovered some things.
I've ran my virus scan.....found nothing!
I've ran my adware scan... found nothing!
Here is my AVG scan...
Here is my HTL....
Here is MY HTJ UNINSTALL...
AVG Anti-Spyware - Scan Report
+ Created at: 10:35:41 AM 5/1/2007
+ Scan result:
:mozilla.34:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.83:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.84:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.85:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.118:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 10:37:14 AM, on 5/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.BALTRUS\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
END REPORT
HIGHJACK THIS LOG>>> UNINSTALL LIST
Ad-Aware SE Personal
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.4
AVG Anti-Spyware 7.5
Blue Coat® K9 Web Protection
BroadJump Client Foundation
Busytown Uninstall
CA Internet Security Suite
CA Pest Patrol Realtime Protection
Digital Media Reader
DVD Shrink 3.2
DVD43 v3.6.2
Finding Nemo: Nemo's Underwater World of Fun
FinePixViewer Ver.4.2
FUJIFILM USB Driver
GdiplusUpgrade
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Image Zone 4.7
HP Photosmart Essential 2.0
HP PSC & OfficeJet 4.7
HP Software Update
ImageMixer VCD2 for FinePix
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Picture It! Premium 10
Microsoft Works
MicroStaff WINASPI
Mozilla Firefox (2.0.0.3)
MSN
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Multimedia Keyboard Driver
Napster Burn Engine
Nero BurnRights
Nero OEM
PowerDVD
PureVoice
QuickTime
RAW FILE CONVERTER LE
Realtek AC'97 Audio
Recovery Software Suite eMachines
RegCure 1.3.0.2
RegistryFix v3.0
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SoftV92 Data Fax Modem with SmartCP
Sonic Encoders
Supportsoft Web Controls
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Hope someone can help. My CPU fans sound like a plane fixing to take off!!! NO LIE, they run at full speed constantly.
PC started over with new owner and lost some things, recovered some things.
I've ran my virus scan.....found nothing!
I've ran my adware scan... found nothing!
Here is my AVG scan...
Here is my HTL....
Here is MY HTJ UNINSTALL...
AVG Anti-Spyware - Scan Report
+ Created at: 10:35:41 AM 5/1/2007
+ Scan result:
:mozilla.34:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.83:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.84:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.85:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.118:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 10:37:14 AM, on 5/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.BALTRUS\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
END REPORT
HIGHJACK THIS LOG>>> UNINSTALL LIST
Ad-Aware SE Personal
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.4
AVG Anti-Spyware 7.5
Blue Coat® K9 Web Protection
BroadJump Client Foundation
Busytown Uninstall
CA Internet Security Suite
CA Pest Patrol Realtime Protection
Digital Media Reader
DVD Shrink 3.2
DVD43 v3.6.2
Finding Nemo: Nemo's Underwater World of Fun
FinePixViewer Ver.4.2
FUJIFILM USB Driver
GdiplusUpgrade
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Image Zone 4.7
HP Photosmart Essential 2.0
HP PSC & OfficeJet 4.7
HP Software Update
ImageMixer VCD2 for FinePix
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Picture It! Premium 10
Microsoft Works
MicroStaff WINASPI
Mozilla Firefox (2.0.0.3)
MSN
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Multimedia Keyboard Driver
Napster Burn Engine
Nero BurnRights
Nero OEM
PowerDVD
PureVoice
QuickTime
RAW FILE CONVERTER LE
Realtek AC'97 Audio
Recovery Software Suite eMachines
RegCure 1.3.0.2
RegistryFix v3.0
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SoftV92 Data Fax Modem with SmartCP
Sonic Encoders
Supportsoft Web Controls
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Hope someone can help. My CPU fans sound like a plane fixing to take off!!! NO LIE, they run at full speed constantly.
0
Comments
You have a loads of programs which start when your computer starts. These are unnecessary programs on startup, so you can lessen them with HijackThis.
(run HjT.exe, klick Do system scan only, check these lines and klick Fix checked.)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
please, Boot your comp now
Panda ActiveScan
(Works only Internet Explorer)
- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Do NOT lose it!
Please, send the Panda activescan report and a fresh HijackThis log
OH, by the way, the scan found a virus and disinfected it, but acidentally started scan over and it didn't find it again, don't know what it was or if it's still there.
Incident Status Location
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dad\Cookies\dad@casalemedia[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.clickbank.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default
User\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner.BALTRUS\Cookies\owner@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.BALTRUS\Cookies\owner@atdmt[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner.BALTRUS\Cookies\owner@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner.BALTRUS\Cookies\owner@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner.BALTRUS\Desktop\SmitfraudFix\Process.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.go.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.2o7.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.zedo.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.go.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Thomas\Cookies\thomas@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Thomas\Cookies\thomas@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Thomas\Cookies\thomas@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
DON'T KNOW WHY THE PANDA SCAN COPIED LIKE ABOVE.
Logfile of HijackThis v1.99.1
Scan saved at 6:32:46 PM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner.BALTRUS\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunOnce: [ccube_TrustList] "C:\Program Files\CA\eTrust Internet Security Suite\caunst.exe" /trustlist
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
Please do the following...
1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
- Windows Temp
- Current User Temp
- All Users Temp
- Temporary Internet Files
- Prefetch
- Java Cache
*The other boxes are optional*Then click the Empty Selected button.
Click Exit on the Main menu to close the program.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Once in Safe Mode:Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Scan saved at 6:35:07 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.BALTRUS\Desktop\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/network/install.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA Personal Firewall ASEM - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
END>>>>>>>>>>>>>>>>>>>>>>>
AVG Anti-Spyware - Scan Report
+ Created at: 6:23:54 PM 5/3/2007
+ Scan result:
:mozilla.41:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.83:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.115:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.118:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
::Report end
I'm also going to send two other reports following this as too long to include all in one.
Thanx
Scan done at 18:25:25.10, Thu 05/03/2007
Run from C:\Documents and Settings\Owner.BALTRUS\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E338385D-5CBF-4517-968C-5CF9E0A5FB64}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E338385D-5CBF-4517-968C-5CF9E0A5FB64}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E338385D-5CBF-4517-968C-5CF9E0A5FB64}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E338385D-5CBF-4517-968C-5CF9E0A5FB64}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Incident Status Location
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dad\Cookies\dad@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.clickbank.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner.BALTRUS\Application Data\Mozilla\Firefox\Profiles\1l7kmofe.Default User\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner.BALTRUS\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner.BALTRUS\Cookies\owner@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.BALTRUS\Cookies\owner@atdmt[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner.BALTRUS\Cookies\owner@bluestreak[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner.BALTRUS\Cookies\owner@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner.BALTRUS\Cookies\owner@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner.BALTRUS\Desktop\SmitfraudFix\Process.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.go.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.2o7.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\3gn5yan7.default\cookies.txt[.zedo.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.go.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vxw968b3.Thomas\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Thomas\Cookies\thomas@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Thomas\Cookies\thomas@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Thomas\Cookies\thomas@doubleclick[1].txt
I always seem to have these same tracking cookie spyware. Avg quarantines them, my other spyware deletes them, but they are always there again.
Hope you can help this
PC before I trash it.
Surtlab
Your comp looks ok.
For the cookies problem:
download and install SpywareBlaser