 |  |  |  |  |  |  |  |
Nasty-*** virus
 |
•
•
Join Date: Mar 2006
Posts: 50
Reputation: 
Solved Threads: 0
Junior Poster in Training
Yesterday and Sunday we kept getting messages on our computer, about every, oh, half a second, "There are too many identical emails in the appointed time" or something similar. There was also a message from Avast but I can't remember what that one said, something about the connection. My mom downloaded SpyDoctor (it might be called SpywareDoctor) and when I logged on to my desktop today, the "identical email" message just kept coming, boom boom boom, so I restarted the computer and the Spy(ware?)Doctor popped up a message that said something like "Deleted 4 corrupt programs" or something, and I haven't had any of those "identical email" pop-ups in about fifteen minutes. However, this of course does not necessarily mean that I don't have any viruses anymore, so I need to know what to change/delete/etc.
PS I have no freakin' clue what a "hijack this" log is. Do I need to download it? Or is it already, so to speak, on my computer?
(Personally I think the virus was in one of the games my mom keeps downloading.)
PS I have no freakin' clue what a "hijack this" log is. Do I need to download it? Or is it already, so to speak, on my computer?
(Personally I think the virus was in one of the games my mom keeps downloading.)
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Hi, and welcome. Lets start by downloading hijackthis!. Once downloaded unzip to its own folder to not run it while its still zipped up. Run it and click do system scan and save log. When its done a notepad document will pop up. Copy that log, and post it here.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
•
•
Join Date: Mar 2006
Posts: 50
Reputation:
Solved Threads: 0
Junior Poster in Training
Okay, here's the HijackThis log (can't they call it something else? I keep thinking it's a bad thing).
Um. It won't paste. I can copy it, but Paste is grayed out on both the right-click menu and under Edit, and Ctrl-V doesn't work either. I am NOT going through and typing all that by hand. I can't even paste it into MS Word, either.
Okay, for some reason now I can paste it... anyway, here it is:
Logfile of HijackThis v1.99.1
Scan saved at 9:55:48 AM, on 3/8/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\ProDsl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\kernels8.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\taskdir.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0409
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
F3 - REG:win.ini: run=,
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\MysticalChicken\My Documents\adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: IExplorerHelper Class - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\System32\IeHelperExVS.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [SZMsgSvc.exe] C:\Program Files\STOPzilla!\SZMsgSvc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ProDsl.exe] ProDsl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Acid trust] C:\DOCUME~1\MYSTIC~1\APPLIC~1\64MFCD~1\wave new hole.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] qsosrv.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: &search - http://bar.mywebsearch.com/menusearc...p=ZSXXXXXX41US
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1140587785733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140587770655
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Um. It won't paste. I can copy it, but Paste is grayed out on both the right-click menu and under Edit, and Ctrl-V doesn't work either. I am NOT going through and typing all that by hand. I can't even paste it into MS Word, either.
Okay, for some reason now I can paste it... anyway, here it is:
Logfile of HijackThis v1.99.1
Scan saved at 9:55:48 AM, on 3/8/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\ProDsl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\kernels8.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\taskdir.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0409
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
F3 - REG:win.ini: run=,
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\MysticalChicken\My Documents\adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: IExplorerHelper Class - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\System32\IeHelperExVS.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [SZMsgSvc.exe] C:\Program Files\STOPzilla!\SZMsgSvc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ProDsl.exe] ProDsl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Acid trust] C:\DOCUME~1\MYSTIC~1\APPLIC~1\64MFCD~1\wave new hole.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] qsosrv.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: &search - http://bar.mywebsearch.com/menusearc...p=ZSXXXXXX41US
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1140587785733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140587770655
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Well just thought I would start by letting you know that your internet explorer is out of date. Second, i would suggest switching to firefox. It provides many new features, as well as alot more security than you will ever get out of IE.
Now on to the HJT log. You will need to boot into safe mode for these fixes, and configure windows to show hidden folders. To do this do the following.
1 Click the Start Button
2 In the Start menu click Control Panel
3 In the Control panel Window click the Folder Options Icon
4 The folder Options Window will now Open
5 Click the View Tab
6 In the view tab window look down the list for a section marked Hidden Files and Folders
7 Enable the option Show Hidden Files and Folders by left clicking the radio button on the left of the option with your mouse. Then uncheck Hide protected operating system files. CLick yes to the dialog.
8 Press the Apply button
9 On the next screen press OK to exit
10 You should now be able to view the hidden files and folders.
------------------------
1. If the computer is running, shut down Windows, and then turn off the power
2. Wait 30 seconds, and then turn the computer on.
3. When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key. The Windows 2000 Advanced Options Menu appears.
4. Ensure that the Safe mode option is selected. In most cases, it is the first item in the list and is selected by default.
5. Press Enter. The computer then begins to start in Safe mode.
Lets start by having it fix these;
While you are still in safe mode, delete the following files (If there)
Empty recycle bin and reboot
Then download ewido scan with that in normal mode. Post the ewido log and a fresh HJT log.
Now on to the HJT log. You will need to boot into safe mode for these fixes, and configure windows to show hidden folders. To do this do the following.
1 Click the Start Button
2 In the Start menu click Control Panel
3 In the Control panel Window click the Folder Options Icon
4 The folder Options Window will now Open
5 Click the View Tab
6 In the view tab window look down the list for a section marked Hidden Files and Folders
7 Enable the option Show Hidden Files and Folders by left clicking the radio button on the left of the option with your mouse. Then uncheck Hide protected operating system files. CLick yes to the dialog.
8 Press the Apply button
9 On the next screen press OK to exit
10 You should now be able to view the hidden files and folders.
------------------------
1. If the computer is running, shut down Windows, and then turn off the power
2. Wait 30 seconds, and then turn the computer on.
3. When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key. The Windows 2000 Advanced Options Menu appears.
4. Ensure that the Safe mode option is selected. In most cases, it is the first item in the list and is selected by default.
5. Press Enter. The computer then begins to start in Safe mode.
Lets start by having it fix these;
•
•
•
•
C:\WINDOWS\System32\taskdir.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=,
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O8 - Extra context menu item: &search - http://bar.mywebsearch.com/menusear...?p=ZSXXXXXX41US Nasty
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yah...utocomplete.cab
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing)
While you are still in safe mode, delete the following files (If there)
•
•
•
•
C:\WINDOWS\SYSTEM32\winm32.dll
C:\WINDOWS\System\svchost.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
Then download ewido scan with that in normal mode. Post the ewido log and a fresh HJT log.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
•
•
Join Date: Mar 2006
Posts: 50
Reputation:
Solved Threads: 0
Junior Poster in Training
Okay, I'm not sure if I should delete palstart.exe because my mom uses PalTalk and I know she'll get p***ed off at me if I delete it.
EDIT: Also, I never use IE, only Netscape. I hate IE.
EDIT AGAIN: Okay, problem. There is no "Folder Options" icon in my Control Panel. There's an "Accessibility Options," and I clicked that, then View, but there was no "Hidden Files and Folders" section on the list. Also, I'm running Windows XP, not Windows 2000.
EDIT: Also, I never use IE, only Netscape. I hate IE.
EDIT AGAIN: Okay, problem. There is no "Folder Options" icon in my Control Panel. There's an "Accessibility Options," and I clicked that, then View, but there was no "Hidden Files and Folders" section on the list. Also, I'm running Windows XP, not Windows 2000.
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Have a look here.
http://www.greatis.com/appdata/d/p/palstart.exe.htm
You then decide. But when you have decided, post a new log.
http://www.greatis.com/appdata/d/p/palstart.exe.htm
You then decide. But when you have decided, post a new log.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
•
•
Join Date: Mar 2006
Posts: 50
Reputation:
Solved Threads: 0
Junior Poster in Training
Okay, I discovered I had to click "Classic View" to view Folder Options... off to try it again.
EDIT: I tapped F8 a bunch of times (really fast) while the black-and-white bar (really black and gray) was on the screen, and I didn't get the Advanced Options menu. I can't find any other way to restart the computer in Safe Mode, is there one? Is it absolutely imperative that I be in Safe Mode?
EDIT: I tapped F8 a bunch of times (really fast) while the black-and-white bar (really black and gray) was on the screen, and I didn't get the Advanced Options menu. I can't find any other way to restart the computer in Safe Mode, is there one? Is it absolutely imperative that I be in Safe Mode?
Last edited by MysticalChicken; Mar 8th, 2006 at 4:14 pm. Reason: can't get into safe mode!
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Ok, just restart your computer. And right away start hitting F8. That should do it. If not go head and do it out of safe mode.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
•
•
Join Date: Mar 2006
Posts: 50
Reputation:
Solved Threads: 0
Junior Poster in Training
Okay, here's the Ewido log (it says it's already "cleaned" the infected files, so I don't know if I need to do anything else):
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:35:22 PM, 3/8/2006
+ Report-Checksum: 84772570
+ Scan result:
HKLM\SOFTWARE\Classes\LaunchInIE.Launch -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\LaunchInIE.Launch\CLSID -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\LaunchInIE.Launch\CurVer -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\LaunchInIE.Launch.1 -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CLSID -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CurVer -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO.1 -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKU\S-1-5-21-842925246-884357618-682003330-1004\Software\Microsoft\Internet Explorer\Keywords -> Adware.CoolWebSearch : Cleaned with backup
:mozilla.11:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.26:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.27:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\GomerPyle\Cookies\gomerpyle@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\2716.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\2732.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\2892.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\2928.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\3036.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\3320.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\3376.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\3520.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\6.qtdfmp -> Downloader.Small.atl : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\qvxt3.game -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\vxt4.game -> Downloader.Tiny.ba : Cleaned with backup
:mozilla.9:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.19:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.23:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.30:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.31:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.32:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.33:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.34:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.35:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.36:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.41:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.42:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.43:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.44:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.53:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.56:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.57:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.58:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.59:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.92:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.93:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.94:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.95:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.96:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.97:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.98:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.99:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.100:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.101:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.110:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.113:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.115:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.116:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.117:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.119:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.120:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.121:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.147:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.148:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.149:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.150:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.152:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.153:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.196:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.202:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.215:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.219:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.220:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.221:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.222:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.223:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.224:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Cookies\mysticalchicken@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\1000.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\1988.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\2304.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\2472.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\2868.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\2940.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\304.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3132.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3216.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3260.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3288.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3312.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3320.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3432.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3468.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3504.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3536.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3624.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3668.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3700.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\4068.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\4080.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\516.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\5564.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\6.qtdfmp -> Downloader.Small.atl : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\vxt4.game -> Downloader.Tiny.ba : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\DAO\system32_\svchost.exe -> Not-A-Virus.Monitor.Win32.007SpySoft.307 : Cleaned with backup
C:\Program Files\SpySheriff -> Adware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff.exe -> Adware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\Uninstall.exe -> Adware.SpySheriff : Cleaned with backup
C:\WINDOWS\inet20001\3.02.00.dll -> Adware.Ihbo : Cleaned with backup
C:\WINDOWS\smss.exe -> Heuristic.Win32.HostFile : Cleaned with backup
C:\WINDOWS\system32\vxgamet4.exe -> Downloader.Tiny.ba : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.atl : Cleaned with backup
C:\WINDOWS\trebates.exe -> Adware.WebRebates : Cleaned with backup
::Report End
...and here's the new HijackThis log (EDIT: there were a few files that didn't get fixed for some reason the first time, so I fixed them. here's the new list):
Logfile of HijackThis v1.99.1
Scan saved at 1:49:11 PM, on 3/8/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\ProDsl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\kernels8.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\taskdir.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0409
F2 - REG:system.ini: Shell=explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\MysticalChicken\My Documents\adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: IExplorerHelper Class - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\System32\IeHelperExVS.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [SZMsgSvc.exe] C:\Program Files\STOPzilla!\SZMsgSvc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ProDsl.exe] ProDsl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Acid trust] C:\DOCUME~1\MYSTIC~1\APPLIC~1\64MFCD~1\wave new hole.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] qsosrv.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1140587785733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140587770655
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
EDIT: Dammit, I KNOW I fixed that "O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner -" at least three times and the damned thing won't stay fixed! :evil: There are probably a bunch of other ones that won't stay fixed, either.
EDIT AGAIN: And I know I fixed "O20: Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll" too. Also, winm32.dll is not in the System 32 folder, but it seems to keep popping up in the HJT log.
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:35:22 PM, 3/8/2006
+ Report-Checksum: 84772570
+ Scan result:
HKLM\SOFTWARE\Classes\LaunchInIE.Launch -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\LaunchInIE.Launch\CLSID -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\LaunchInIE.Launch\CurVer -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\LaunchInIE.Launch.1 -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CLSID -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CurVer -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO.1 -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKU\S-1-5-21-842925246-884357618-682003330-1004\Software\Microsoft\Internet Explorer\Keywords -> Adware.CoolWebSearch : Cleaned with backup
:mozilla.11:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.26:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.27:C:\Documents and Settings\GomerPyle\Application Data\Mozilla\Profiles\default\icrifx4n.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\GomerPyle\Cookies\gomerpyle@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\2716.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\2732.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\2892.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\2928.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\3036.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\3320.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\3376.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\01808300\3520.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\6.qtdfmp -> Downloader.Small.atl : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\qvxt3.game -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\GomerPyle\Local Settings\Temp\vxt4.game -> Downloader.Tiny.ba : Cleaned with backup
:mozilla.9:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.19:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.23:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.30:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.31:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.32:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.33:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.34:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.35:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.36:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.41:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.42:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.43:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.44:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.53:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.56:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.57:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.58:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.59:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.92:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.93:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.94:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.95:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.96:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.97:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.98:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.99:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.100:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.101:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.110:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.113:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.115:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.116:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.117:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.119:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.120:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.121:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.147:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.148:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.149:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.150:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.152:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.153:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.196:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.202:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.215:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.219:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.220:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.221:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.222:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.223:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.224:C:\Documents and Settings\MysticalChicken\Application Data\Mozilla\Profiles\default\b44zsjhn.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Cookies\mysticalchicken@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\1000.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\1988.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\2304.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\2472.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\2868.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\2940.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\304.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3132.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3216.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3260.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3288.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3312.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3320.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3432.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3468.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3504.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3536.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3624.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3668.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\3700.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\4068.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\4080.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\516.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\01808300\5564.tmp -> Hijacker.BHO.d : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\6.qtdfmp -> Downloader.Small.atl : Cleaned with backup
C:\Documents and Settings\MysticalChicken\Local Settings\Temp\vxt4.game -> Downloader.Tiny.ba : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\DAO\system32_\svchost.exe -> Not-A-Virus.Monitor.Win32.007SpySoft.307 : Cleaned with backup
C:\Program Files\SpySheriff -> Adware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff.exe -> Adware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\Uninstall.exe -> Adware.SpySheriff : Cleaned with backup
C:\WINDOWS\inet20001\3.02.00.dll -> Adware.Ihbo : Cleaned with backup
C:\WINDOWS\smss.exe -> Heuristic.Win32.HostFile : Cleaned with backup
C:\WINDOWS\system32\vxgamet4.exe -> Downloader.Tiny.ba : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.atl : Cleaned with backup
C:\WINDOWS\trebates.exe -> Adware.WebRebates : Cleaned with backup
::Report End
...and here's the new HijackThis log (EDIT: there were a few files that didn't get fixed for some reason the first time, so I fixed them. here's the new list):
Logfile of HijackThis v1.99.1
Scan saved at 1:49:11 PM, on 3/8/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\ProDsl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\kernels8.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\taskdir.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0409
F2 - REG:system.ini: Shell=explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\MysticalChicken\My Documents\adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: IExplorerHelper Class - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\System32\IeHelperExVS.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [SZMsgSvc.exe] C:\Program Files\STOPzilla!\SZMsgSvc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ProDsl.exe] ProDsl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Acid trust] C:\DOCUME~1\MYSTIC~1\APPLIC~1\64MFCD~1\wave new hole.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] qsosrv.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1140587785733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140587770655
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
EDIT: Dammit, I KNOW I fixed that "O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner -" at least three times and the damned thing won't stay fixed! :evil: There are probably a bunch of other ones that won't stay fixed, either.
EDIT AGAIN: And I know I fixed "O20: Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll" too. Also, winm32.dll is not in the System 32 folder, but it seems to keep popping up in the HJT log.
Last edited by MysticalChicken; Mar 8th, 2006 at 5:57 pm. Reason: re-post HJT log
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Malware is pretty much the same as viruses/spyware. Just another term.
Now for the log.
Have it clean --
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing) Unnecessarily
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
Im not sure about these. Might want to wait for a second opnion.
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [Acid trust] C:\DOCUME~1\MYSTIC~1\APPLIC~1\64MFCD~1\wave new hole.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
Is your copmuter running better?
Now for the log.
Have it clean --
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing) Unnecessarily
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
Im not sure about these. Might want to wait for a second opnion.
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [Acid trust] C:\DOCUME~1\MYSTIC~1\APPLIC~1\64MFCD~1\wave new hole.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
Is your copmuter running better?
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
|
Similar Threads
- Ad dropper virus and Spywarequake problem. (Viruses, Spyware and other Nasties)
- Nasty virus please help (Viruses, Spyware and other Nasties)
- Hotoffers.info virus (Viruses, Spyware and other Nasties)
- A virus I can't remove... (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: I've got popups!
- Next Thread: Can some1 check over this log for me
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
