Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Anything wrong with my computer?

Status
Not open for further replies.
Trevor88

Trevor88

Technical User
Mar 8, 2007
4
CA
Hi everybody. I'm new here.

These last few days my computer has been running slower than normal, and today the worse thing happened. Anytime I did a google search and clicked on a link (with IE) it redirected me to some nonsense websites. So I opened up my Mozilla (which was working okay) and tried to find a solution to my problem and it led me to this website.
So I looked at the other guy's thread who had the same problem as me and I downloaded and ran a bunch of programs and lucky me, my google is working again.
But since I'm a computer-noob, can you guys please tell me if there's anything else wrong with my computer? I don't want anymore weird surprises happening anymore.

Thanks a lot.

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 3:57:45 AM, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\TELUS\TELUS Security service\Freedom.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
O2 - BHO: (no name) - {49673228-323F-F70F-5D9C-131F6E582F01} - blank (file missing)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on pikachu] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P42 "Auto EPSON Stylus CX3800 Series on pikachu" /O18 "\\PIKACHU\EPSONSty" /M "Stylus CX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Program Files\PokerTimeMPP\MPPoker.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0E85B9A6-D79E-6ECC-B801-649436B8BDAE} - O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - O16 - DPF: {37D29DDC-4754-B54D-BB04-5D865235BF21} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - O16 - DPF: {87013DDA-3A4A-4A43-B718-597151C08801} (VPlayer Control) - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CCS\Services\Tcpip\..\{598DFA37-3DF8-4983-B985-9BB25A9F6C83}: NameServer = 85.255.116.66,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B7EF6A3-39D5-4915-AACB-B4FD2CE1A744}: NameServer = 85.255.116.66,85.255.112.61
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.61
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JMP License Service - SAS Institute Inc. - C:\Program Files\Common Files\SAS Institute Inc Shared\Service\JMPLicSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe


Thanks again.
 
Sort by date Sort by votes
Sorry if I wasn't clear.

I ALREADY FIXED the google problem. But since I have no idea how to read a HijackThis log, I was just wondering if there's ANYTHING ELSE (besides the google redirect problem) wrong with my computer?

For example, I just ran Registry Mechanic and it said I had 709 registry problems. So obviously my computer isn't in perfect shape.
I want my comp to be as clean as possible so I was just wondering if you experts could tell me if I have any problems.

Thanks
 
Upvote 0 Downvote
Running Registry mechanic on a 'mature' PC will often throw up a lot of stuff, most of this is due to Windows bad house keeping and nothing to worry about. Run registry mechanic periodicly to keep your machine clear of lost links bad registry entrys etc.

You can check you own Hijack this log on line click here if you are unsure about anything that the site shows ask again here.




Steve [The sane]: Delphi a feersum engin indeed.
 
Upvote 0 Downvote
Please download FixWareout from one of these sites:




Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.

==================================
If you get an Autoexec nt error do the following

XP Fix -
Scroll down to get XP Fix

And run FixWareout again.

Hclean32.exe Fix.


I'm attaching hclean.exe, unzip it to your desktop, and doubleclick it to
enter it into the registry, say yes to allow it to merge with the registry!




have hijack this fix these entries. close all browsers and programmes before
clicking FIX.



O17 - HKLM\System\CCS\Services\Tcpip\..\{598DFA37-3DF8-4983-B985-9BB25A9F6C83}: NameServer = 85.255.116.66,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B7EF6A3-39D5-4915-AACB-B4FD2CE1A744}: NameServer = 85.255.116.66,85.255.112.61
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.61


* Go to Control Panel. - If you are using Windows XP's Category View, select
the Network and Internet Connections category. If you are in Classic View,
go to the next step .

* Double-click the Network Connections icon
* Right-click the Local Area Connection icon and select Properties.
* Hilight Internet Protocol (TCP/IP) and click the Properties button.
* Be sure Obtain DNS server address automatically is selected.
* OK your way out.



* Restart your computer.


* Got to Start > Run and type in cmd.
Click OK.
Type this line in the command window:

ipconfig /flushdns

Hit Enter.






Download AVG Anti-Spyware



* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"


Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.



* Click here to download ATF Cleaner by Atribune and save it to your desktop.



* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.




Run AVG Anti-Spyware!

# IMPORTANT: Do not open any other windows or programs while AVG is scanning as it may interfere with the scanning process:
# Launch AVG Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
# AVG will now begin the scanning process. Be patient this may take a little time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
# Close AVG and reboot your system back into Normal Mode.



reboot to normal mode and run a few online scans!



Note: this is a stand alone, it doesn't install to start/programmes.

Download Mwav,



double click on it and it will extract to C:\kaspersky. Click
on the kaspersky folder and click on Kavupd, a black dos window will open
and it will update the programme for you, be patient it will take 5-10
minutes to download the new definitions. Once it's updated, click on mwavscan
to launch the programme.

Use the defaults of:

Memory
startup folders
Registry
system folders
services

Choose drive , all drives and, click scan all files
and then click scan/clean. After it finishes scanning and cleaning post
the log here with a new hijack this log.

Note: this is a very thorough scanner, it might take anything up to an hour
or more, depending on how many drives you have and how badly infected your
pc is.



Highlight the portion of the scan that lists infected items and hold
CTRL + C to Copy then paste it here. The whole log with be extremely
big so there is no way to copy the whole thing. I just need the
infected items list.




post another hijack this log, the AVG Anti-Spyware log, the wareout log and the Mwav scan log.


Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Thanks for the help pechenegs/khazars.

The Mwav scan said that everything is alright so I'm not going to post it.

Here are the other 3 logs you requested:

Logfile of HijackThis v1.99.1
Scan saved at 12:22:22 AM, on 11/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PartyGaming\PartyGaming.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Program Files\PokerTimeMPP\MPPoker.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0E85B9A6-D79E-6ECC-B801-649436B8BDAE} - O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - O16 - DPF: {37D29DDC-4754-B54D-BB04-5D865235BF21} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - O16 - DPF: {87013DDA-3A4A-4A43-B718-597151C08801} (VPlayer Control) - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - O17 - HKLM\Software\..\Telephony: DomainName =
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JMP License Service - SAS Institute Inc. - C:\Program Files\Common Files\SAS Institute Inc Shared\Service\JMPLicSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:43:13 PM 10/03/2007

+ Scan result:



C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP498\A0074268.exe -> Adware.Casino : Cleaned.
C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP498\A0074276.exe -> Adware.Casino : Cleaned.
C:\WINDOWS\system32\opnkkjg.dll -> Adware.Virtumonde : Cleaned.
C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Cleaned.
C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP525\A0079025.exe -> Downloader.Agent.bil : Cleaned.
C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP525\A0079092.dll -> Logger.Sters.ao : Cleaned.
C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP525\A0079021.exe -> Not-A-Virus.Hoax.Win32.Renos.hc : Cleaned.
C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll -> Proxy.Xorpix.ar : Cleaned.
C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll~ -> Proxy.Xorpix.ar : Cleaned.
:mozilla.131:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Jane Tan\Application Data\Mozilla\Firefox\Profiles\nn45s1dc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.257:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.302:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.429:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Justin Tan\Cookies\justin tan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Justin Tan\Cookies\justin tan@workopolis.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.358:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.359:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.219:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.220:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.227:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.228:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.221:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.222:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.223:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.224:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Trevor Tan\Cookies\trevor tan@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Justin Tan\Cookies\justin tan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Trevor Tan\Cookies\trevor tan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.160:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.80:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.81:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.82:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.83:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.84:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.85:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.86:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.87:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.88:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.89:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Justin Tan\Cookies\justin tan@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Trevor Tan\Cookies\trevor tan@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.62:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Justin Tan\Cookies\justin tan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Trevor Tan\Cookies\trevor tan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.104:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.105:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.106:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.107:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.212:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.371:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Justin Tan\Cookies\justin tan@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.139:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.140:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.141:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.308:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.309:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.326:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.327:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.334:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.339:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Justin Tan\Cookies\justin tan@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Justin Tan\Cookies\justin tan@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Trevor Tan\Cookies\trevor tan@ehg-mybc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Trevor Tan\Cookies\trevor tan@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.230:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.159:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Justin Tan\Cookies\justin tan@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.462:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.463:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.67:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.68:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.69:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.129:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.130:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.316:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.317:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.318:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.319:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.370:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Trevor Tan\Cookies\trevor tan@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.54:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.55:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.56:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.57:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.58:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.59:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.408:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.225:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.226:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.121:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.122:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.16:C:\Documents and Settings\Jane Tan\Application Data\Mozilla\Firefox\Profiles\nn45s1dc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.100:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.101:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.102:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.93:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.10:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Justin Tan\Cookies\justin tan@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Trevor Tan\Cookies\trevor tan@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.178:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.413:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.414:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.109:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.110:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.111:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.112:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.116:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Justin Tan\Cookies\justin tan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.117:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.123:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.124:C:\Documents and Settings\Justin Tan\Application Data\Mozilla\Firefox\Profiles\2kkpcmut.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP525\A0080173.exe -> Trojan.DNSChanger.ik : Cleaned.
C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP525\A0079015.exe -> Worm.Zhelatin.as : Cleaned.
C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP525\A0079017.exe -> Worm.Zhelatin.as : Cleaned.
C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP525\A0079020.exe -> Worm.Zhelatin.az : Cleaned.
C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP525\A0079004.exe -> Worm.Zhelatin.bb : Cleaned.
C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP525\A0079006.exe -> Worm.Zhelatin.bb : Cleaned.
C:\System Volume Information\_restore{DDA9D888-59E9-470C-8DDB-4522A24BDCD9}\RP525\A0079019.exe -> Worm.Zhelatin.bb : Cleaned.


::Report end




Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
Or
»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iRiver Updater"="C:\\Program Files\\iRiver\\iRiver Manager\\Updater\\Updater.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RegistryMechanic"=""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"TELUS Security service"="\"C:\\Program Files\\TELUS\\TELUS Security service\\Freedom.exe\""
"Auto EPSON Stylus CX3800 Series on pikachu"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P42 \"Auto EPSON Stylus CX3800 Series on pikachu\" /O18 \"\\\\PIKACHU\\EPSONSty\" /M \"Stylus CX3800\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SoundMan"="SOUNDMAN.EXE"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Lexmark_X79-55"="C:\\WINDOWS\\system32\\lsasss.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


Thanks again
 
Upvote 0 Downvote
fix these with hijack this!

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O20 - AppInit_DLLs:




go to this site and download these tools and once you get both
adaware Se 1.6 and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk
entries". Click next to start the scan. Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.



Download Superantispyware.



Once downloaded and installed update the defintions
and then run a full system scan quarantine what it finds!



All tools can be downloaded at the link below and found on that page!

. SUPERAntiSpyware
. SpyBot search and destroy
. AdAware SE personal




Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
178
SamBones
SamBones
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
260
2ffat
2ffat
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
483
ChrisHirst
ChrisHirst
2ffat
  • Locked
  • News
Lenovo isn't the only one with bad certificates 5
Replies
6
Views
425
2ffat
2ffat
DrB0b
  • Locked
  • Question
Crytowall 3.0 and How I dealt with it 2
Replies
7
Views
205
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top