0

Been getting some new pop ups. Did a HJ this log. Please advise. Thanks


C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\YourSiteBar\ysb.dll"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: office.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOW

4
Contributors
14
Replies
15
Views
11 Years
Discussion Span
Last Post by DMR
0

The top portion of your HJT log, which contains some important summary data, is missing from your post. Can you please run HJT again and post a full and complete log?

0

The top portion of your HJT log, which contains some important summary data, is missing from your post. Can you please run HJT again and post a full and complete log?

Sorry about that. Here is the new one. Pop ups seem to have stopped but I would still like your advice........thanks.

Logfile of HijackThis v1.99.1
Scan saved at 5:14:09 AM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: office.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

0

I have just noticed I got something in add/remove programs called OIN. When I go to unistall it brings me to a web pag type form. I have no idea what this is. No pop ups but the darn thing is spyware as I googled it. HELP............

0

OIN is definitely an unwanted guest, but I don't see any malicious components listed in your HJT log, so we'll have to try another route.

You will need to disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.


1. Open your ewido Security Suite program and use its online update feature to make sure you have the most current spyware database installed. Donot run a system scan yet, just close the program after the update completes.


2. Download and install Microsoft Antispyware beta. Open the program and do the online update as you did with ewido; again- do not run a scan yet.


3. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php


4. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!

1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files

- Delete the entire content of your C:\Windows\Temp folder.

- Delete the entire content of your C:\Windows\Prefetch folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.


5. While still in Safe Mode, run full system scans with ewido and MS Antispyware. Have them fix/remove all "nasties" that they find.

6. Reboot normally, run HJT again, and post the new log. Also post the scan result log that ewido generated.

0
Ewido scan:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------


+ Created on:           1:05:04 PM, 10/15/2005
+ Report-Checksum:      2ECF2500


+ Scan result:


HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-117609710-746137067-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe -> Trojan.KillAV.ft : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Somebody\Application Data\Mozilla\Firefox\Profiles\55b5olrs.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Somebody\Local Settings\Temp\!update.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Somebody\Local Settings\Temp\kigru.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\Documents and Settings\Somebody\Local Settings\Temp\uninstall.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\Program Files\BitLord\Downloads\Nero 7 Premium with keygen.rar/Nero 7 Premium with keygen\setup.exe -> Trojan.KillAV.ft : Cleaned with backup
C:\Program Files\buer\toes.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\nеtdde.exe -> Spyware.PurityScan : Cleaned with backup


New HJT Log:


C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4603/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Did the 3 scans as requested. Cleaned up what was found.

Edited by happygeek: fixed formatting

0

OK- ewido found and cleaned some "unwanted guests". :)

However, you are still posting incomplete HJT logs. It looks like you are cutting-n-pasting directly from the HJT report window, which doesn't display the full contents of the log file. Please use the following method to post the entire log:

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

0

I don't know how I keep messing the simple part up.....

Hope this is the whole thing HJT new log....

Logfile of HijackThis v1.99.1
Scan saved at 4:48:05 PM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4603/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

0

I don't know how I keep messing the simple part up.....

Hope this is the whole thing HJT new log....

Logfile of HijackThis v1.99.1
Scan saved at 4:48:05 PM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Somebody\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124364880320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124364838630
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4603/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Do you have a firewall or passwordor any type of preticion :?:

0

Hope this is the whole thing HJT new log....

Yes, you got it this time. Also- the log is clean. :)

Is OIN still in your Add/Remove Programs control panel?

0

Yes, the OIN is still in the add/remove control panel. But it is good that the log is now clean. Now how can I get rid of that OIN???

To answer the other posters question. I use AVG free for anitvirus. I also run the Microsoft beata AV software. In addition I do regular checks with adaware and spybot and make sure they are updated. where do I keep getting the stuff is my question........or the better question is how do I avoid these problems. Again thanks for all the assistance....:)

0

Hi,
To remove OIN from theAdd/Remove Programs list, you can use RegCleaner. Install and run it. Click the Uninstall Menu tab and then select the OIN entry from the list. Next, click "Remove Selected" button.

Reboot the PC and then check whether the OIN still exist in Add/Remove Programs in Control Panel.

0

Hi,
To remove OIN from theAdd/Remove Programs list, you can use RegCleaner. Install and run it. Click the Uninstall Menu tab and then select the OIN entry from the list. Next, click "Remove Selected" button.

Reboot the PC and then check whether the OIN still exist in Add/Remove Programs in Control Panel.

That seems to have worked. thanks for the assistance. Hopefully that will be the end of it..... :o

0

Hopefully, yes.

Let us know if any "unwanted guests" creep back in to your system...

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.