DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   Heeelp (http://www.daniweb.com/forums/thread44623.html)

gawduranidiot May 2nd, 2006 6:30 pm
Heeelp
 
I need to know if I have any spyware that AdAware isn't finding.

Here is my HJT Logfile...

Logfile of HijackThis v1.99.1
Scan saved at 4:29:53 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\F?nts\w?wexec.exe
C:\WINDOWS\PPPATC~1\dvdplay.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\winFA.tmp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dylan's\My Documents\folders\Nokia_Multimedia_Converter_2_0\Nokia_Multimedia_Converter_2_0\MMConverter.exe
C:\Documents and Settings\Dylan's\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: (no name) - {CCD29B07-06B7-2E37-B528-2917206870C5} - C:\WINDOWS\system32\ilcftnvb.dll
R3 - URLSearchHook: (no name) - {F9FFAB07-2B84-1B03-9818-193A10585DF5} - C:\WINDOWS\system32\ilcftnvb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hp2FF.tmp (file missing)
O2 - BHO: (no name) - {CCD29B07-06B7-2E37-B528-2917206870C5} - C:\WINDOWS\system32\ilcftnvb.dll
O2 - BHO: (no name) - {F9FFAB07-2B84-1B03-9818-193A10585DF5} - C:\WINDOWS\system32\ilcftnvb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 ,ClientStartup -s
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Qqxotmq] C:\WINDOWS\F?nts\w?wexec.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\PPPATC~1\dvdplay.exe" -vt ndrv
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136671254437
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FB} - http://download.energy-factor.com/plug/dscert_652.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C745C310-98C5-45B1-B2A4-3100E822A6F0}: NameServer = 207.69.188.185 207.69.188.186
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwrv32 - C:\WINDOWS\SYSTEM32\winwrv32.dll
O23 - Service: ADSService - Copyright© Aluria Software, LLC - C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~3\PROTEC~1\EFWPPS~1.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

'Stein May 2nd, 2006 9:22 pm
Re: Heeelp
 
Welcome to Daniweb :) Hmm ya, ya definitely have some remnants of spyware that Adaware didnt clean.

Let's begin by uninstalling the following via the Add/Remove Programs:

New.net

After doing this, download LSP-Fix, and run a scan with it, fixing everything.

Next, continue by downloading Ewido Security Suite.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click Update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Now, post back here with a new HJT log, and the Ewido scan log.

Thanks.

gawduranidiot May 3rd, 2006 6:00 pm
Re: Heeelp
 
Thanks


Logfile of HijackThis v1.99.1
Scan saved at 3:59:23 PM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Dylan's\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: (no name) - {CCD29B07-06B7-2E37-B528-2917206870C5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
R3 - URLSearchHook: (no name) - {F9FFAB07-2B84-1B03-9818-193A10585DF5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {CCD29B07-06B7-2E37-B528-2917206870C5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
O2 - BHO: (no name) - {F9FFAB07-2B84-1B03-9818-193A10585DF5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 ,ClientStartup -s
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\PPPATC~1\dvdplay.exe" -vt ndrv
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136671254437
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FB} - http://download.energy-factor.com/plug/dscert_652.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C745C310-98C5-45B1-B2A4-3100E822A6F0}: NameServer = 207.69.188.185 207.69.188.186
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ADSService - Copyright© Aluria Software, LLC - C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~3\PROTEC~1\EFWPPS~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe










---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:47:40 PM, 5/3/2006
+ Report-Checksum: 358AD6DA

+ Scan result:

:mozilla.21:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\3s5d339c.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\fuaxnk6m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Program Files\FileSubmit\doughboycur.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\FileSubmit\doughboycur.zip\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup
C:\Program Files\ISTsvc -> Adware.ISTBar : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\WINDOWS\ainbfuq.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\rdgUS2404.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\inst_adperform.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\SYSTEM32\ilcftnvb.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\navshext1.dll -> Adware.Chiem : Cleaned with backup
C:\WINDOWS\SYSTEM32\oins.exe -> Downloader.PurityScan.bt : Cleaned with backup
C:\WINDOWS\SYSTEM32\winwrv32.dll -> Downloader.Small.cml : Cleaned with backup
C:\WINDOWS\SYSTEM32\zwqw -> Worm.Randon.am : Cleaned with backup
C:\WINDOWS\SYSTEM32\аttrib.exe -> Adware.PurityScan : Cleaned with backup


::Report End

'Stein May 3rd, 2006 11:37 pm
Re: Heeelp
 
Ok, let's try uninstalling New.Net 1 more time. THis is sorta important.

Now, fix the following via HJT:

R3 - URLSearchHook: (no name) - {CCD29B07-06B7-2E37-B528-2917206870C5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
R3 - URLSearchHook: (no name) - {F9FFAB07-2B84-1B03-9818-193A10585DF5} - C:\WINDOWS\system32\ilcftnvb.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 ,ClientStartup -s
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\PPPATC~1\dvdplay.exe" -vt ndrv
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O17 - HKLM\System\CCS\Services\Tcpip\..\{C745C310-98C5-45B1-B2A4-3100E822A6F0}: NameServer = 207.69.188.185 207.69.188.186

Now, restart the computer, and post back here with a new log.

Thanks.

gawduranidiot May 4th, 2006 9:08 am
Re: Heeelp
 
Logfile of HijackThis v1.99.1
Scan saved at 7:01:33 AM, on 5/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Dylan's\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136671254437
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FB} - http://download.energy-factor.com/plug/dscert_652.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C745C310-98C5-45B1-B2A4-3100E822A6F0}: NameServer = 207.69.188.185 207.69.188.186
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ADSService - Copyright© Aluria Software, LLC - C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~3\PROTEC~1\EFWPPS~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

'Stein May 4th, 2006 6:30 pm
Re: Heeelp
 
1 more to fix:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080


Also, is this the same computer that's in your other thread?

gawduranidiot May 4th, 2006 7:37 pm
Re: Heeelp
 
ya

'Stein May 4th, 2006 7:41 pm
Re: Heeelp
 
Ok, we'll just work from the other thread then.

No more posting here.


ANd ya, next time, we ask that you use only one thread.

Thanks.


All times are GMT -4. The time now is 10:51 am.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC