 |  |  |  |  |  |  |  |
Help me - Here's my log
Thread Solved |
okay - did the reboot on delete - here it is
Logfile of HijackThis v1.99.1
Scan saved at 5:35:10 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - https://192.168.1.25/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107046215734
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://207.101.240.245/Remote/msrdp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O17 - HKLM\Software\..\Telephony: DomainName = IDeanYoungmanCPA.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Logfile of HijackThis v1.99.1
Scan saved at 5:35:10 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - https://192.168.1.25/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107046215734
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://207.101.240.245/Remote/msrdp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O17 - HKLM\Software\..\Telephony: DomainName = IDeanYoungmanCPA.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation: 
Solved Threads: 98
Good! it is gone 
. Your log looks clean. Does everything seem to be fine?
. Your log looks clean. Does everything seem to be fine? Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
well I couldnt tell I had the virus until two times where I left AIM on for a long, long time and I came back to a hundred or so IMs, but that hasn't happened recently.....my anti-virus is warning me anymore, so that's a good sign......i'll re-post here if it should happen again
Thanks a lot! I don't know who you are or why you can sit here and help people like me, but I really appreciate it
Thanks again!
Thanks a lot! I don't know who you are or why you can sit here and help people like me, but I really appreciate it
Thanks again!
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
You are very welcome. I do it to fight the battle, The battle against malware.... And to help others .
. Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
EDIT: Haha forget it, you're clean enough lol
Alrite, let's fix the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/gam...aploader_v6.cab
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
Alrite, after doing this, reboot into safe mode. While in safe mode, delete the following file if it's there (I jus wanna double check it's not still there):
C:\WINDOWS\svchost.exe
After fixing these, download Ewido (link in my sig. below). Download it, update its definitions, and run a scan. Be sure to save the scan log.
Post back here with a new HJT log and the Ewido log.
Thanks.
Alrite, let's fix the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/gam...aploader_v6.cab
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
Alrite, after doing this, reboot into safe mode. While in safe mode, delete the following file if it's there (I jus wanna double check it's not still there):
C:\WINDOWS\svchost.exe
After fixing these, download Ewido (link in my sig. below). Download it, update its definitions, and run a scan. Be sure to save the scan log.
Post back here with a new HJT log and the Ewido log.
Thanks.
Now if ya like the help ya could always raise our reputation...
Wow I appreciate this - I ran ewido and it said it could not delete some of the files after the scan, and asked me if i wanted to remove the whole archive, i said yes to all of them, but a few stood out as picture29 - which is the link I clicked on for the virus....I don't know if this is a temporary internet residual anything, but I thought I'd let you know. I did delete the three things from the HijackThis that you pointed out.
This is my grandfather's computer and he hardly knows how to use the machine....he is stressing out when things go wrong I think it'd be great to clean it up for him - here's my ewido and hjt log
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:21:48 AM, 4/20/2006
+ Report-Checksum: 2C7C58B1
+ Scan result:
C:\Documents and Settings\dean\Cookies\dean@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@allstarhealth.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@hswmedia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\dean\Local Settings\Temporary Internet Files\Content.IE5\S9MZ0P2F\picture29[1].zip/picture29.scr -> Backdoor.SdBot.aad : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@e-2dj6wfmiqlcjogo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@e-2dj6wjkyqmcpwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@e-2dj6wjkyujcjocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Local Settings\Temp\Cookies\dean youngman@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Local Settings\Temporary Internet Files\Content.IE5\OFRR24TH\photo[1].jpg -> Backdoor.Haxdoor.dw : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@shopathomeselect[2].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Program Files\HJT\backups\backup-20060419-231322-557.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\RECYCLER\S-1-5-21-2102674959-2206222879-2866230195-1137\Dc74.zip/picture29.scr -> Backdoor.SdBot.aad : Cleaned with backup
C:\RECYCLER\S-1-5-21-2102674959-2206222879-2866230195-1137\Dc75.bak -> Backdoor.SdBot.aad : Cleaned with backup
E:\System Volume Information\_restore{3FCFFC23-265F-49DC-9002-4650AE7CAFF1}\RP464\A0017532.exe -> Backdoor.Ncx.a : Cleaned with backup
E:\System Volume Information\_restore{3FCFFC23-265F-49DC-9002-4650AE7CAFF1}\RP465\A0017585.exe/gg.bat -> Backdoor.Wup : Cleaned with backup
E:\WINNT\system32\ncp.exe -> Backdoor.Ncx.a : Cleaned with backup
E:\WINNT\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@com[1].txt -> TrackingCookie.Com : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@stats3.porntrack[2].txt -> TrackingCookie.Porntrack : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@aphrodite.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@artemis.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@com[3].txt -> TrackingCookie.Com : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz3.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
E:\Documents and Settings\Dean.IDEANYOUNGMAN\Local Settings\Temporary Internet Files\Content.IE5\KXO9E3SF\popcaploader_v6[1].spl/PopCapLoader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
E:\Documents and Settings\Dean.IDEANYOUNGMAN\Cookies\dean@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 1:22:30 AM, on 4/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRAM FILES\EWIDO\EWIDOGUARD.EXE
C:\Program Files\ewido\ewidoctrl.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - https://192.168.1.25/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107046215734
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://207.101.240.245/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O17 - HKLM\Software\..\Telephony: DomainName = IDeanYoungmanCPA.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\ewidoguard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
thanks!
This is my grandfather's computer and he hardly knows how to use the machine....he is stressing out when things go wrong I think it'd be great to clean it up for him - here's my ewido and hjt log
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:21:48 AM, 4/20/2006
+ Report-Checksum: 2C7C58B1
+ Scan result:
C:\Documents and Settings\dean\Cookies\dean@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@allstarhealth.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@hswmedia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dean\Cookies\dean@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\dean\Local Settings\Temporary Internet Files\Content.IE5\S9MZ0P2F\picture29[1].zip/picture29.scr -> Backdoor.SdBot.aad : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@e-2dj6wfmiqlcjogo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@e-2dj6wjkyqmcpwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@e-2dj6wjkyujcjocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Cookies\dean youngman@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Local Settings\Temp\Cookies\dean youngman@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Dean Youngman\Local Settings\Temporary Internet Files\Content.IE5\OFRR24TH\photo[1].jpg -> Backdoor.Haxdoor.dw : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@shopathomeselect[2].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\HARRY BARNES\Cookies\harry barnes@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Program Files\HJT\backups\backup-20060419-231322-557.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\RECYCLER\S-1-5-21-2102674959-2206222879-2866230195-1137\Dc74.zip/picture29.scr -> Backdoor.SdBot.aad : Cleaned with backup
C:\RECYCLER\S-1-5-21-2102674959-2206222879-2866230195-1137\Dc75.bak -> Backdoor.SdBot.aad : Cleaned with backup
E:\System Volume Information\_restore{3FCFFC23-265F-49DC-9002-4650AE7CAFF1}\RP464\A0017532.exe -> Backdoor.Ncx.a : Cleaned with backup
E:\System Volume Information\_restore{3FCFFC23-265F-49DC-9002-4650AE7CAFF1}\RP465\A0017585.exe/gg.bat -> Backdoor.Wup : Cleaned with backup
E:\WINNT\system32\ncp.exe -> Backdoor.Ncx.a : Cleaned with backup
E:\WINNT\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@com[1].txt -> TrackingCookie.Com : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@stats3.porntrack[2].txt -> TrackingCookie.Porntrack : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@aphrodite.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@artemis.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@com[3].txt -> TrackingCookie.Com : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz3.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
E:\Documents and Settings\Dean\Cookies\dean@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
E:\Documents and Settings\Dean.IDEANYOUNGMAN\Local Settings\Temporary Internet Files\Content.IE5\KXO9E3SF\popcaploader_v6[1].spl/PopCapLoader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
E:\Documents and Settings\Dean.IDEANYOUNGMAN\Cookies\dean@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 1:22:30 AM, on 4/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRAM FILES\EWIDO\EWIDOGUARD.EXE
C:\Program Files\ewido\ewidoctrl.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - https://192.168.1.25/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107046215734
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://207.101.240.245/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O17 - HKLM\Software\..\Telephony: DomainName = IDeanYoungmanCPA.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = IDeanYoungmanCPA.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\ewidoguard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
thanks!
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Well, That is a clean log .
. Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Arg, I wouldn't be so certain you're clean jus yet. For 1, ewido found a Haxdoor variant in its scan. Haxdoor is a very bad form of malware. It steals financial passwords and sends them to hackers.
However, I'm not saying this is the case; it's just a possibility. And with luck, DMR'll step in soon
Until then, lets download Blacklight:
http://www.europe.f-secure.com/exclu...ght/blbeta.exe
Post back here with the blacklight log and a new HJT log.
Thanks.
However, I'm not saying this is the case; it's just a possibility. And with luck, DMR'll step in soon
Until then, lets download Blacklight:
http://www.europe.f-secure.com/exclu...ght/blbeta.exe
Post back here with the blacklight log and a new HJT log.
Thanks.
Now if ya like the help ya could always raise our reputation...
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
•
•
•
•
Files\Content.IE5\OFRR24TH\photo[1].jpg -> Backdoor.Haxdoor.dw : Cleaned with backup
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
 |
Similar Threads
- not able to log onto a machine on my network (Networking Hardware Configuration)
- Hijack this log - can't get rid of pop ups (Viruses, Spyware and other Nasties)
- HiJackThis-log for viewing - please help :-) (Viruses, Spyware and other Nasties)
- can't log in to windows 2000 after upgrade from win98 (Windows NT / 2000 / XP)
- Win 2K Pro Log in problem (Windows NT / 2000 / XP)
- Log Windows Messenger Service (Windows NT / 2000 / XP)
- HijackThis Log Help (Viruses, Spyware and other Nasties)
- VMWare Unrecoverable Error (*nix Software)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Hijackthis report, I just don't know
- Next Thread: Possible Trojan?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn news obama paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm zeroday
