0

Logfile of HijackThis v1.99.1
Scan saved at 6:29:45 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Netscape Internet Service\dialer_org.exe
C:\Program Files\Netscape Internet Service\css.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinAce\WinAce.exe
C:\Documents and Settings\Gary Hagerman\Desktop\hi2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F736EFCA-786C-7C51-6EE0-0CFF9B1F763E} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [Startup Guru] "C:\Documents and Settings\Gary Hagerman\Desktop\Spyware &Virus Control\startupguru.exe" /B
O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 15 17
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138348766281
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1014D7BD-5CCA-455F-8185-1B39C432A932}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1014D7BD-5CCA-455F-8185-1B39C432A932}: NameServer = 205.188.146.145
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Unknown owner - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

ok i think that i got it

4
Contributors
6
Replies
7
Views
11 Years
Discussion Span
Last Post by 'Stein
0

You did, but oculdnt you have just added on to the other threads you made. Now you have 3 threads with the same title ;).

Any ways, scan with HJT again, and check the following.


O2 - BHO: (no name) - {F736EFCA-786C-7C51-6EE0-0CFF9B1F763E} - (no file)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

And if you reconize the IP's of these leave em'. If you dont check them.


O17 - HKLM\System\CCS\Services\Tcpip\..\{1014D7BD-5CCA-455F-8185-1B39C432A932}: NameServer = 205.188.146.145

O17 - HKLM\System\CS1\Services\Tcpip\..\{1014D7BD-5CCA-455F-8185-1B39C432A932}: NameServer = 205.188.146.145

Then download ewido - http://www.ewido.net/en/ - Install it. Update it. Scan. Let iit remove what it finds.

Post a new log, and the ewido log.

0
Logfile of HijackThis v1.99.1
Scan saved at 6:29:45 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Netscape Internet Service\dialer_org.exe
C:\Program Files\Netscape Internet Service\css.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinAce\WinAce.exe
C:\Documents and Settings\Gary Hagerman\Desktop\hi2\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F736EFCA-786C-7C51-6EE0-0CFF9B1F763E} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [Startup Guru] "C:\Documents and Settings\Gary Hagerman\Desktop\Spyware &Virus Control\startupguru.exe" /B
O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe   15 17
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138348766281
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1014D7BD-5CCA-455F-8185-1B39C432A932}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1014D7BD-5CCA-455F-8185-1B39C432A932}: NameServer = 205.188.146.145
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Unknown owner - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
+ Created on:           10:39:24 AM, 3/18/2006
+ Report-Checksum:      24CD8982


+ Scan result:


:mozilla.6:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Dbbsrv : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Gary Hagerman\Cookies\gary [email]hagerman@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Gary Hagerman\Cookies\gary [email]hagerman@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Gary Hagerman\Cookies\gary [email]hagerman@mediaplex[1].txt[/email] -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Gary Hagerman\Cookies\gary [email]hagerman@microsofteup.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Gary Hagerman\Cookies\gary [email]hagerman@questionmarket[1].txt[/email] -> TrackingCookie.Questionmarket : Cleaned with backup


+ Created on:           10:39:24 AM, 3/18/2006
+ Report-Checksum:      24CD8982


+ Scan result:


:mozilla.6:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Dbbsrv : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Gary Hagerman\Application Data\Mozilla\Firefox\Profiles\1iy5hv44.default\cookies.txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Gary Hagerman\Cookies\gary [email]hagerman@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Gary Hagerman\Cookies\gary [email]hagerman@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Gary Hagerman\Cookies\gary [email]hagerman@mediaplex[1].txt[/email] -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Gary Hagerman\Cookies\gary [email]hagerman@microsofteup.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Gary Hagerman\Cookies\gary [email]hagerman@questionmarket[1].txt[/email] -> TrackingCookie.Questionmarket : Cleaned with backup



::Report End
::Report End

here is the new scans i tried to rid the system of the last registry entry,zonelabs because i got rid of that firewall but it will not leave

Edited by happygeek: fixed formatting

0

Ok, Scan again with HJT, and put a ceck next to the following.


O2 - BHO: (no name) - {F736EFCA-786C-7C51-6EE0-0CFF9B1F763E} - (no file)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O23 - Service: Netscape Update Service (NCUpdateSvc) - Unknown owner - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (file missing)

Did you decide that the 017 entries were related to your ISP, if so and you did not remove them, thats fine. If you did remove them there back. and we need to take action against them.

0

Do you use Netscape? If so - may not hurt to verify that file is indeed missing
O23 - Service: Netscape Update Service (NCUpdateSvc) - Unknown owner - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (file missing)

If not, I would leave it be. :)

Also - you will need to update your Java, and uninstall the old version thru Add/Remove Programs...

0

Logfile of HijackThis v1.99.1
Scan saved at 11:35:54 AM, on 3/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gary Hagerman\Desktop\hi2\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138348766281
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Unknown owner - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe (file missing)

i keep on being timed out but firefox is back

0

Fix the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

After fixing that, do ya have any more problems?

Thanks.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.