PC acting very weird

Question

Danielle 1 Junior Poster in Training

18 Years Ago

Hi there and thanks for your great service.
My computer has been a bit slower than usual and sluggish on line, plus the PC clock has jumped forward an hour about 3 times in the past couple of weeks.
This all seems to coincide with an online MSN toolbar update that I was prompted for (which I have considered removing from my PC)
I ran stinger, CWS shredder, Trojan Hunter, Spy Doctor(it's bit of an old version though) and I have Avast antivirus which found : Win32:Kuang2 : 3 entries and 1 entry for: Win32:NGVCK-E and I moved to the chest for the time being.

Today I was online and the PC just went kind of crazy, lots of programs startd up and the screen flashed from one thing to another I had no control of the cursor and other functions and turned off and rebooted from my hard drive.
Also when I turn on my PC the past few times a dialogue box appears on start up saying something like services for Win32 (or something like that) has encountered a problem and needed to close with the time and the time is when my Pc has been off ??

Please see my Hijack this file and advise me of the best possible action....
With Massive thanks x Danielle ;)

windows-virus

4 Contributors
12 Replies
154 Views
5 Days Discussion Span
Latest Post 18 Years Ago Latest Post by DMR

All 12 Replies

tayspen 28 <Insert title here>

18 Years Ago

Hi, I hate to say this, but your HJT version is out of date. Please download and scan with the newest version (1.99.1).

Download hijackThis (1.99.1) . Extract it to its own folder. Then run it and select. Do system scan and save log. Post the contents of the log that pops up.

tayspen 28 <Insert title here>

18 Years Ago

Hi, you have a few infections, but lets see if we can get the scanners to knock them out before we begin to do things maunually.

Please download the following.

Ewido (Trial) – http://www.download.com/Ewido-Secur...tml?tag=lst-0-1

SpySweeper: http://www.webroot.com/consumer/products/spysweeper?acode=af1&rc=3599

Install both. Update Definitions. Run Both.

When done scanning, post a new HJT log, along with the ewido log, and the spysweeper log

'Stein 150 Lapsed Skeptic

18 Years Ago

Good good,, that's a good sign that all Ewido/SpySweeper caught were tracking cookies..
Now to the log. Check the following boxes in HJT:

O4 - HKCU\..\Run: [RealPlayer] "F:\Program Files\realplay.exe" /RunUPGToolCommandReBoot
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

After this, post back with a new log.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Danielle 1 Junior Poster in Training · Answer 1 · 2006-03-30T16:05:30+00:00

Ooops I forgot to post the Hijack this log........here you go:
Logfile of HijackThis v1.99.0
Scan saved at 1:29:18 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Ares\Ares.exe
F:\WinZip\WZQKPICK.EXE
C:\unzipped\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "E:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [RealPlayer] "F:\Program Files\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Windows Desktop Search.lnk = D:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?41b776f050c1426783ef222cefe285a7
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?41b776f050c1426783ef222cefe285a7
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0291079A-F8D2-40DA-A088-98083584AFF5} (PC080Web Control) - http://www.pc080.net/pc080sp/PC080Web.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service - Unknown - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe

Danielle 1 Junior Poster in Training · Answer 2 · 2006-03-31T14:08:23+00:00

Hi there.here you go .............. thanks again

Logfile of HijackThis v1.99.1
Scan saved at 12:32:02 PM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
C:\unzipped\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "E:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [RealPlayer] "F:\Program Files\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Windows Desktop Search.lnk = D:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?41b776f050c1426783ef222cefe285a7
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?41b776f050c1426783ef222cefe285a7
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0291079A-F8D2-40DA-A088-98083584AFF5} (PC080Web Control) - http://www.pc080.net/pc080sp/PC080Web.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Danielle 1 Junior Poster in Training · Answer 3 · 2006-04-01T15:48:30+00:00

Hi there.
Here's the Ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           6:50:30 PM, 3/31/2006
+ Report-Checksum:      BFC1A459


+ Scan result:


D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Local Settings\Temp\Cookies\alan.kala@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@e-2dj6wjk4wnczgco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@e-2dj6wjkyemazmhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@com[1].txt -> TrackingCookie.Com : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@e-2dj6wjkoupdpeap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@adopt.euroclick[3].txt -> TrackingCookie.Euroclick : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@ads.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@e-2dj6wjliqpcjsap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@rotator.adjuggler[3].txt -> TrackingCookie.Adjuggler : Cleaned with backup
D:\Documents and Settings\Alan.Kala\Cookies\alan.kala@as1.falkag[3].txt -> TrackingCookie.Falkag : Cleaned with backup



::Report End


and as for the Spysweeper i downloaded the trial version and ran a sweep but the trial version doesn't allow to do much more than that ie. save the log, remove the objects etc and I'm not in a position to suscribe to the paid version:
Any way I couldn't save the loig but the scan said it found 10 low risk objects all of them cookies:
about cookie
ask cookie
ads.adsag cookie
belnk cookie
nextag cookie
qsrch cookie
reunion cookiescreensavers.com cookie
touchclarity cookie
tripod cookie


I hope that that's useful.
And here's the new Hijack this log :
Logfile of HijackThis v1.99.1
Scan saved at 1:21:36 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\ZIPPED\security suite\ewidoctrl.exe
E:\ZIPPED\security suite\ewidoguard.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
C:\unzipped\hijackthis\HijackThis.exe


F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "E:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [RealPlayer] "F:\Program Files\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Windows Desktop Search.lnk = D:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?41b776f050c1426783ef222cefe285a7
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?41b776f050c1426783ef222cefe285a7
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0291079A-F8D2-40DA-A088-98083584AFF5} (PC080Web Control) - http://www.pc080.net/pc080sp/PC080Web.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\ZIPPED\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\ZIPPED\security suite\ewidoguard.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

:lol: thanks again

Danielle 1 Junior Poster in Training · Answer 4 · 2006-04-02T17:05:54+00:00

Here you go :
Logfile of HijackThis v1.99.1
Scan saved at 2:34:04 PM, on 4/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\ZIPPED\security suite\ewidoctrl.exe
E:\ZIPPED\security suite\ewidoguard.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
C:\unzipped\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "E:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Windows Desktop Search.lnk = D:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://D:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?41b776f050c1426783ef222cefe285a7
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?41b776f050c1426783ef222cefe285a7
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0291079A-F8D2-40DA-A088-98083584AFF5} (PC080Web Control) - http://www.pc080.net/pc080sp/PC080Web.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\ZIPPED\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\ZIPPED\security suite\ewidoguard.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Hope it's looking good now :) Thanks again.

DMR 152 Wombat At Large Team Colleague · Answer 5 · 2006-04-04T02:44:57+00:00

Your latest log is clean. Is the computer still exhibiting problems? If so, please try to give us as many specifics regading the problems as possible.

tayspen 28 <Insert title here> Team Colleague · Answer 6 · 2006-04-04T02:46:08+00:00

Thanks for picking that one up DMR, I must have missed it ;).

DMR 152 Wombat At Large Team Colleague · Answer 7 · 2006-04-04T02:55:54+00:00

DMR 152 Wombat At Large

18 Years Ago

You're welcome. :)

Danielle 1 Junior Poster in Training · Answer 8 · 2006-04-04T14:26:29+00:00

Hi there,
Everything seems to be fine now.I think....... :rolleyes:
Thanks so much for your time and great service....you rock !!!!!!!!!!

DMR 152 Wombat At Large Team Colleague · Answer 9 · 2006-04-05T05:28:25+00:00

Thanks; we're glad we could help you get it sorted out. :)

PC acting very weird

Recommended Answers Collapse Answers

All 12 Replies

Recommended Answers