 |  |  |  |  |  |  |  |
HJT Log file
 |
Need to know what to delete, my browsers are soooo slow for a cable modem. Thanks!
Logfile of HijackThis v1.99.1
Scan saved at 6:52:18 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
F:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
F:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
F:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\WgaTray.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
F:\Program Files\Yahoo!\Messenger\ypager.exe
F:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
F:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Administrator\Desktop\hijackthis(2)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe,npqkfjx.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [XPRepairPro2006] F:\Program Files\XPRepairPro2006\XPRepairPro.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = F:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: F-Secure 2006.lnk = F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - F:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...YYUS_undefined
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NetCache - F:\WINDOWS\system32\wRvemsp.dll (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - F:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Logfile of HijackThis v1.99.1
Scan saved at 6:52:18 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
F:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
F:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
F:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\WgaTray.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
F:\Program Files\Yahoo!\Messenger\ypager.exe
F:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
F:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Administrator\Desktop\hijackthis(2)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe,npqkfjx.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [XPRepairPro2006] F:\Program Files\XPRepairPro2006\XPRepairPro.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = F:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: F-Secure 2006.lnk = F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - F:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...YYUS_undefined
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NetCache - F:\WINDOWS\system32\wRvemsp.dll (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - F:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Your log shows signs of a couple of infections; let's see what else may be lurking around in your system:
Please do the following:
You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.
* Download and install the following utilities:
Windows Defender - http://www.microsoft.com/downloads/d...displaylang=en
CCleaner - www.ccleaner.com
ewido Anti-malware - http://www.ewido.net/en/download/
* When installing ewido, under "Additional Options" uncheck..
ewido manual updates
Don't run a scan with ewido yet; just close the program once the updates are installed.
* Open your antivirus program and check for/install the most current updates. Again- don't run a scan with it; just close the program once the updates are installed.
* Open the Services utility in your Administrative Tools control panel.
- In the list of services, locate the service named "Network Monitor" or "netmon" and double-click on it.
- In the General tab of the Properties window that opens, click the Stop button if the service is not already stopped.
- Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.
* Close all open programs, especially Internet Explorer.
* Run HijackThis.
- Click on the "Config" button in the lower right corner of HijackThis' main window.
- In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button.
-Type the following in the box and click OK:
Network Monitor
(if the name Network Monitor gives you an error, try netmon instead)
- Once the deletion completes, click the "Back" button to return to HijackThis' main scan window.
* Run a scan with HJT, put a check mark in the box to the left of the following entries, and then click the "Fix checked" button.
Close HJT after the fixes have completed:
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe,npqkfjx.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O20 - Winlogon Notify: NetCache - F:\WINDOWS\system32\wRvemsp.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - F:\Program Files\Network Monitor\netmon.exe (file missing)
* Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and:
* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
* Run CCleaner.
- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp
* C:\Documents and Settings\<Your Profile>\Cookies
* C:\Documents and Settings\<Any other users Profile>\Cookies
Hit OK
- In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders
- Click on Run Cleaner. It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.
* Run full system scans with your antivirus program, Windows Defender, and ewido; have the programs fix all malicious items they find.
When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.
* Open Windows Explorer again. Locate and delete the following files if they still exist:F:\WINDOWS\system32\npqkfjx.exe
F:\WINDOWS\system32\dmonwv.dll
F:\WINDOWS\system32\wRvemsp.dll
* Delete the following folder entirely:
F:\Program Files\Network Monitor
* Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.
-
Please do the following:
You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.
* Download and install the following utilities:
Windows Defender - http://www.microsoft.com/downloads/d...displaylang=en
CCleaner - www.ccleaner.com
ewido Anti-malware - http://www.ewido.net/en/download/
* When installing ewido, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Launch ewido, there should be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful" )
ewido manual updates
Don't run a scan with ewido yet; just close the program once the updates are installed.
* Open your antivirus program and check for/install the most current updates. Again- don't run a scan with it; just close the program once the updates are installed.
* Open the Services utility in your Administrative Tools control panel.
- In the list of services, locate the service named "Network Monitor" or "netmon" and double-click on it.
- In the General tab of the Properties window that opens, click the Stop button if the service is not already stopped.
- Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.
* Close all open programs, especially Internet Explorer.
* Run HijackThis.
- Click on the "Config" button in the lower right corner of HijackThis' main window.
- In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button.
-Type the following in the box and click OK:
Network Monitor
(if the name Network Monitor gives you an error, try netmon instead)
- Once the deletion completes, click the "Back" button to return to HijackThis' main scan window.
* Run a scan with HJT, put a check mark in the box to the left of the following entries, and then click the "Fix checked" button.
Close HJT after the fixes have completed:
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe,npqkfjx.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O20 - Winlogon Notify: NetCache - F:\WINDOWS\system32\wRvemsp.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - F:\Program Files\Network Monitor\netmon.exe (file missing)
* Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and:
* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
* Run CCleaner.
- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp
* C:\Documents and Settings\<Your Profile>\Cookies
* C:\Documents and Settings\<Any other users Profile>\Cookies
Hit OK
- In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders
- Click on Run Cleaner. It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.
* Run full system scans with your antivirus program, Windows Defender, and ewido; have the programs fix all malicious items they find.
When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.
* Open Windows Explorer again. Locate and delete the following files if they still exist:F:\WINDOWS\system32\npqkfjx.exe
F:\WINDOWS\system32\dmonwv.dll
F:\WINDOWS\system32\wRvemsp.dll
* Delete the following folder entirely:
F:\Program Files\Network Monitor
* Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.
-
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 4:51:48 PM, 5/26/2006
+ Report-Checksum: C73919FF
+ Scan result:
HKU\S-1-5-21-117609710-299502267-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
HKU\S-1-5-21-117609710-299502267-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup
HKU\S-1-5-21-117609710-299502267-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\drsmartload1.0xe -> Downloader.Adload.ba : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\RSInstaller.dll -> Adware.RedSwoosh : Cleaned with backup
C:\WINDOWS\keyboard16.0xe -> Downloader.VB.zg : Cleaned with backup
C:\WINDOWS\mousepad16.0xe -> Trojan.VB.ali : Cleaned with backup
C:\WINDOWS\newname16.0xe -> Downloader.VB.vr : Cleaned with backup
F:\Program Files\Common Files\wkfz\wkfzd\wkfzc.dll -> Adware.TargetServer : Cleaned with backup
F:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
F:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
F:\WINDOWS\system32\repairs303169578.dll -> Adware.Surfside : Cleaned with backup
F:\WINDOWS\VXNlcg\asappsrv.dll -> Adware.CommAd : Cleaned with backup
::Report End
Hijack This Log
Logfile of HijackThis v1.99.1
Scan saved at 4:54:33 PM, on 5/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
F:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
F:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
F:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE
F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
F:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
F:\Program Files\Yahoo!\Messenger\ypager.exe
F:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
F:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Administrator\Desktop\hijackthis(2)\HijackThis.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [XPRepairPro2006] F:\Program Files\XPRepairPro2006\XPRepairPro.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = F:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: F-Secure 2006.lnk = F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - F:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...YYUS_undefined
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 4:51:48 PM, 5/26/2006
+ Report-Checksum: C73919FF
+ Scan result:
HKU\S-1-5-21-117609710-299502267-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
HKU\S-1-5-21-117609710-299502267-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup
HKU\S-1-5-21-117609710-299502267-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\drsmartload1.0xe -> Downloader.Adload.ba : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\RSInstaller.dll -> Adware.RedSwoosh : Cleaned with backup
C:\WINDOWS\keyboard16.0xe -> Downloader.VB.zg : Cleaned with backup
C:\WINDOWS\mousepad16.0xe -> Trojan.VB.ali : Cleaned with backup
C:\WINDOWS\newname16.0xe -> Downloader.VB.vr : Cleaned with backup
F:\Program Files\Common Files\wkfz\wkfzd\wkfzc.dll -> Adware.TargetServer : Cleaned with backup
F:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
F:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
F:\WINDOWS\system32\repairs303169578.dll -> Adware.Surfside : Cleaned with backup
F:\WINDOWS\VXNlcg\asappsrv.dll -> Adware.CommAd : Cleaned with backup
::Report End
Hijack This Log
Logfile of HijackThis v1.99.1
Scan saved at 4:54:33 PM, on 5/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
F:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
F:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
F:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE
F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
F:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
F:\Program Files\Yahoo!\Messenger\ypager.exe
F:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
F:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Administrator\Desktop\hijackthis(2)\HijackThis.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "F:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [XPRepairPro2006] F:\Program Files\XPRepairPro2006\XPRepairPro.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = F:\Program Files\Scrapbook Designer\scrapremind.exe
O4 - Global Startup: F-Secure 2006.lnk = F:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - F:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...YYUS_undefined
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Your latest HJT log is clean, and it looks like ewido detected and removed a handful of other hidden "nasties". Are you seeing an improvement in browser performance, or do things still seem as sluggish as they were before removing the maware?
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
It does seem a little fast with just text, but certain pages are still slow that used to show up instantly on my computer..half the time they dont even load. 
In your first post you said "browsers" (plural); which other browser(s) aside from IE are you using?
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Sorry for the delayed response; I've been pretty busy for the last few days.
Try running the free "Cleanup!" utility. A description of the program, and links to the download and FAQs, can be found here.
Try running the free "Cleanup!" utility. A description of the program, and links to the download and FAQs, can be found here.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
|
Similar Threads
- My HJT log file (Viruses, Spyware and other Nasties)
- hijack this log after running it succesfully, also getting unknown log files and icon (Viruses, Spyware and other Nasties)
- HJT Log File, I dont know what to fix. (Viruses, Spyware and other Nasties)
- IE and Explorer slow to load- HJT log file inc (Viruses, Spyware and other Nasties)
- HJT log file (Viruses, Spyware and other Nasties)
- HJT Log File For Laptop: Need Help! (Viruses, Spyware and other Nasties)
- HJT log file for your scrutiny please... (Concerning Bridge.dll) (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: need help please
- Next Thread: it's an emergency
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
