 |  |  |  |  |  |  |  |
Another problem???
 |
•
•
Join Date: Jun 2005
Posts: 88
Reputation: 
Solved Threads: 0
Junior Poster in Training
Been getting some new pop ups. Did a HJ this log. Please advise. Thanks
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\YourSiteBar\ysb.dll"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: office.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOW
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\YourSiteBar\ysb.dll"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: office.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOW
The top portion of your HJT log, which contains some important summary data, is missing from your post. Can you please run HJT again and post a full and complete log?
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Jun 2005
Posts: 88
Reputation:
Solved Threads: 0
Junior Poster in Training
•
•
•
•
Originally Posted by DMR
The top portion of your HJT log, which contains some important summary data, is missing from your post. Can you please run HJT again and post a full and complete log?
Logfile of HijackThis v1.99.1
Scan saved at 5:14:09 AM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: office.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
•
•
Join Date: Jun 2005
Posts: 88
Reputation:
Solved Threads: 0
Junior Poster in Training
I have just noticed I got something in add/remove programs called OIN. When I go to unistall it brings me to a web pag type form. I have no idea what this is. No pop ups but the darn thing is spyware as I googled it. HELP............
OIN is definitely an unwanted guest, but I don't see any malicious components listed in your HJT log, so we'll have to try another route.
You will need to disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.
1. Open your ewido Security Suite program and use its online update feature to make sure you have the most current spyware database installed. Donot run a system scan yet, just close the program after the update completes.
2. Download and install Microsoft Antispyware beta. Open the program and do the online update as you did with ewido; again- do not run a scan yet.
3. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:
http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php
4. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)
- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):
Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!
1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files
- Delete the entire content of your C:\Windows\Temp folder.
- Delete the entire content of your C:\Windows\Prefetch folder.
Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.
- Empty your Recycle Bin.
5. While still in Safe Mode, run full system scans with ewido and MS Antispyware. Have them fix/remove all "nasties" that they find.
6. Reboot normally, run HJT again, and post the new log. Also post the scan result log that ewido generated.
You will need to disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.
1. Open your ewido Security Suite program and use its online update feature to make sure you have the most current spyware database installed. Donot run a system scan yet, just close the program after the update completes.
2. Download and install Microsoft Antispyware beta. Open the program and do the online update as you did with ewido; again- do not run a scan yet.
3. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:
http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php
4. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)
- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):
Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!
1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files
- Delete the entire content of your C:\Windows\Temp folder.
- Delete the entire content of your C:\Windows\Prefetch folder.
Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.
- Empty your Recycle Bin.
5. While still in Safe Mode, run full system scans with ewido and MS Antispyware. Have them fix/remove all "nasties" that they find.
6. Reboot normally, run HJT again, and post the new log. Also post the scan result log that ewido generated.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Jun 2005
Posts: 88
Reputation:
Solved Threads: 0
Junior Poster in Training
Ewido scan:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:05:04 PM, 10/15/2005
+ Report-Checksum: 2ECF2500
+ Scan result:
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe -> Trojan.KillAV.ft : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Somebody\Local Settings\Temp\!update.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Somebody\Local Settings\Temp\kigru.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\Documents and Settings\Somebody\Local Settings\Temp\uninstall.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\Program Files\BitLord\Downloads\Nero 7 Premium with keygen.rar/Nero 7 Premium with keygen\setup.exe -> Trojan.KillAV.ft : Cleaned with backup
C:\Program Files\buer\toes.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\nеtdde.exe -> Spyware.PurityScan : Cleaned with backup
New HJT Log:
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...03/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Did the 3 scans as requested. Cleaned up what was found.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:05:04 PM, 10/15/2005
+ Report-Checksum: 2ECF2500
+ Scan result:
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe -> Trojan.KillAV.ft : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Somebody\Local Settings\Temp\!update.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Somebody\Local Settings\Temp\kigru.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\Documents and Settings\Somebody\Local Settings\Temp\uninstall.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\Program Files\BitLord\Downloads\Nero 7 Premium with keygen.rar/Nero 7 Premium with keygen\setup.exe -> Trojan.KillAV.ft : Cleaned with backup
C:\Program Files\buer\toes.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\nеtdde.exe -> Spyware.PurityScan : Cleaned with backup
New HJT Log:
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...03/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Did the 3 scans as requested. Cleaned up what was found.
OK- ewido found and cleaned some "unwanted guests". 
However, you are still posting incomplete HJT logs. It looks like you are cutting-n-pasting directly from the HJT report window, which doesn't display the full contents of the log file. Please use the following method to post the entire log:
Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.
However, you are still posting incomplete HJT logs. It looks like you are cutting-n-pasting directly from the HJT report window, which doesn't display the full contents of the log file. Please use the following method to post the entire log:
Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Jun 2005
Posts: 88
Reputation:
Solved Threads: 0
Junior Poster in Training
I don't know how I keep messing the simple part up.....
Hope this is the whole thing HJT new log....
Logfile of HijackThis v1.99.1
Scan saved at 4:48:05 PM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...03/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Hope this is the whole thing HJT new log....
Logfile of HijackThis v1.99.1
Scan saved at 4:48:05 PM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...03/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
•
•
Join Date: Oct 2005
Posts: 66
Reputation:
Solved Threads: 2
Junior Poster in Training
•
•
•
•
Originally Posted by sampson
I don't know how I keep messing the simple part up.....
Hope this is the whole thing HJT new log....
Logfile of HijackThis v1.99.1
Scan saved at 4:48:05 PM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...03/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
commputer genues works 24/7.Need furter help e-mail me at PeterRidgewood@aol.comAnd a weather tracer my blog for that is http://www.daniweb.com/blogs/blog51798.html
I don't take im's
I don't take im's
•
•
•
•
Originally Posted by sampson
Hope this is the whole thing HJT new log....
Is OIN still in your Add/Remove Programs control panel?
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
|
Similar Threads
- Problem with Windows Update and WinXP (Web Browsers)
- Installing Windows 98 On VMware. Floppy problem (Windows 95 / 98 / Me)
- Windows XP keeps restarting since a new video card (Windows NT / 2000 / XP)
- Redhat Linux 6.2 - ipop3d problem? (*nix Software)
- Problem with T720 (Cellphones, PDAs and Handheld Devices)
- Connection Problems (Networking Hardware Configuration)
- Encoding (Unicode) problem in IE 6.0 (Web Browsers)
- .htaccess mod_rewrite problem (Linux Servers and Apache)
- Javascript/HTML problem!!! (JavaScript / DHTML / AJAX)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Ie
- Next Thread: Error on startup and system locks
Views: 1812 | Replies: 14
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit fake fancheckvirus firefox gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch pc pdf phishing police policeprovirusmba-mblockedinternetaccess president pro redirect report research rogueantivirus rootkit samhain sans search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista volume vulnerability war warning windows worm yahoo zero-day zeroday
