Post by: The Napster on August 06, 2006, 06:52:07 PM
My computer is doing some real funky things and I have AVG SoHo 7.1 running with the email scanner going non-stop!
Here is the hijack log if someone can help, much appreciated!
Logfile of HijackThis v1.99.1
Scan saved at 7:35:36 PM, on 8/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B1D44D16-9A3C-91AD-FDA2-6E6162464426} - C:\DOCUME~1\Al\APPLIC~1\Eqreadme\Warn bore.exe (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Al\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab (http://\"http://www.bitdefender.com/scan8/oscan8.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - Unknown owner - (no file)
O23 - Service: MCVSRte - Unknown owner - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on August 06, 2006, 07:31:25 PM
You may be controlling entries on startup with msconfig
I need to see the whole log without interference
Can you go to START>>RUN>>type in
msconfig
Under the Startup tab>>Enable All>>Apply it
Under the General tab ensure Normal startup is selected
Apply it and Close
Reboot the computer
Back in Windows post back with a fresh hijackthis log please
Post by: The Napster on August 06, 2006, 07:55:50 PM
Another note I'd like to make is I get this annonying message when I start my computer up about not having a legit copy of microsoft xp and it not being geniune with an icon on the task bar that looks like a star or snowflake about being a victim of counterfeting etc...How in the world do I get rid of this? I accidently ran updates and that message appeared.
Anway here is the hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 8:45:39 PM, on 8/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Hide IP Platinum\hideippla.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jfzfeepoinbuwpkrbgqkdgk.com/WaGnKuT...TMg_8MCGuY.html (http://\"http://jfzfeepoinbuwpkrbgqkdgk.com/WaGnKuTwF3zhWDlgiJnn/ML_dKHiae5fT72vw2TPlUhfYhD/f7mQxnTMg_8MCGuY.html\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.76.97.230:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B1D44D16-9A3C-91AD-FDA2-6E6162464426} - C:\DOCUME~1\Al\APPLIC~1\Eqreadme\Warn bore.exe (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Al\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [global admin] C:\DOCUME~1\Al\APPLIC~1\WEBRDR~1\dartgluescr.exe
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab (http://\"http://www.bitdefender.com/scan8/oscan8.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - Unknown owner - (no file)
O23 - Service: MCVSRte - Unknown owner - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
THANKS!
Post by: guestolo on August 06, 2006, 08:15:16 PM
Download and unzip to a folder of it's own on desktop
http://metallica.geekstogo.com/findlop.zip (http://\"http://metallica.geekstogo.com/findlop.zip\")
Inside the folder find findlop.bat
Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the contents into your next post.
Post by: The Napster on August 06, 2006, 08:33:59 PM
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'C309ADC1852F6341.job'
[TRACE] Printing all job properties
ApplicationName: 'c:\docume~1\al\applic~1\webrdr~1\Platform lies acid.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Al'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/11/2006 13:00:00
NextRun: 08/06/2006 22:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/04/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[TRACE] Activating job 'McAfee.com Update Check (VAIO-Al).job'
[TRACE] Printing all job properties
ApplicationName: 'C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe'
Parameters: '/Schedule'
WorkingDirectory: 'C:\PROGRA~1\McAfee.com\Agent'
Comment: 'McAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.'
Creator: 'Al'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/06/2006 22:32:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 1
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 08/06/2006
EndDate: 00/00/0000
StartTime: 22:32
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
Post by: guestolo on August 06, 2006, 08:41:44 PM
Called LOP
One more log please then we will do some fixes on this computer
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy all the contents of the QUOTE below, not including the word "quote"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as direxie.bat
Save this file in the same folder you have findlop.bat
Double click on direxie.bat
A text file will open, Copy>>Paste back here the Whole contents please
Quote
@echo off
jt /sd C309ADC1852F6341.job
if exist c:\tasks.txt del c:\tasks.txt
jt /se >>c:\tasks.txt
cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt
Post by: The Napster on August 06, 2006, 08:46:55 PM
Volume in drive C has no label.
Volume Serial Number is 5801-B205
Directory of C:\Documents and Settings\Al\Application Data
02/20/2005 04:28 PM <DIR> BITTOR~1 .BitTornado
03/22/2005 03:42 PM <DIR> Adobe
08/03/2005 10:43 PM <DIR> AdobeUM
03/22/2005 01:49 PM <DIR> Adorons
02/08/2006 06:08 PM <DIR> Ahead
04/09/2005 03:23 PM <DIR> Aim
02/03/2006 12:28 AM <DIR> APPLEC~1 Apple Computer
08/06/2006 08:41 PM <DIR> AVG7
07/27/2006 02:37 PM <DIR> BITTOR~2 BitTorrent
07/12/2005 04:31 PM <DIR> DEEPNE~1 Deepnet Explorer
06/16/2006 09:43 AM <DIR> Eqreadme
11/20/2005 03:06 PM <DIR> GLOBAL~1 GlobalSCAPE
01/22/2006 06:12 PM <DIR> Google
12/06/2005 12:51 PM <DIR> Help
03/14/2005 01:56 PM <DIR> IDENTI~1 Identities
02/23/2005 02:01 PM <DIR> KAZAAL~1 Kazaa Lite
02/17/2005 09:28 PM <DIR> Lavasoft
02/18/2005 01:47 AM <DIR> MACROM~1 Macromedia
08/04/2006 09:39 PM <DIR> MAILWA~1 MailWasherPro
02/17/2005 09:34 PM <DIR> McAfee
03/30/2005 03:02 PM <DIR> MEDIAP~1 Media Player Classic
03/04/2005 03:07 PM <DIR> Mozilla
07/07/2005 12:11 PM <DIR> Netscape
10/25/2005 12:25 AM <DIR> Opera
05/14/2006 11:15 PM <DIR> PCTOOL~1 PC Tools
08/31/2005 07:38 PM <DIR> Real
10/17/2005 03:35 PM <DIR> Shareaza
02/17/2005 09:44 PM <DIR> Sun
05/06/2005 11:17 PM <DIR> Talkback
04/11/2005 01:09 AM <DIR> Tenebril
10/14/2006 02:42 PM <DIR> Tor
04/30/2005 11:52 AM <DIR> ULEADS~1 Ulead Systems
05/03/2006 03:09 PM <DIR> vlc
03/21/2005 06:03 PM <DIR> WEATHE~1 WeatherBug
07/12/2006 11:06 AM <DIR> WEBRDR~1 web rdr new
03/04/2006 11:51 PM <DIR> Yahoo!
07/16/2005 01:33 PM <DIR> YAHOO!~1 Yahoo! Messenger
0 File(s) 0 bytes
37 Dir(s) 17,137,446,912 bytes free
Volume in drive C has no label.
Volume Serial Number is 5801-B205
Directory of C:\Documents and Settings\All Users\Application Data
02/17/2005 09:30 PM <DIR> Adobe
02/03/2006 12:26 AM <DIR> APPLEC~1 Apple Computer
08/06/2006 12:38 AM <DIR> avg7
02/17/2005 09:48 PM <DIR> CYBERL~1 CyberLink
08/06/2006 09:18 PM <DIR> DVDSHR~1 DVD Shrink
05/09/2006 01:45 AM <DIR> Grisoft
06/27/2006 10:30 PM <DIR> Kodak
08/05/2006 10:05 AM <DIR> McAfee
08/05/2006 11:03 PM <DIR> McAfee.com
10/10/2005 02:46 AM <DIR> MESSEN~1 Messenger Plus!
07/22/2006 10:26 AM 1,751 QTSBAN~1 QTSBandwidthCache
05/23/2005 03:13 PM <DIR> QUICKT~1 QuickTime
08/31/2005 07:38 PM <DIR> Real
04/13/2006 10:33 AM <DIR> SAFEDU~1 safedupelogodent
06/16/2006 09:44 AM <DIR> SPYBOT~1 Spybot - Search & Destroy
04/30/2005 11:51 AM <DIR> ULEADS~1 Ulead Systems
08/06/2006 12:30 AM <DIR> WINDOW~1 Windows Genuine Advantage
11/08/2005 08:56 PM <DIR> YAHOO!~1 Yahoo! Companion
1 File(s) 1,751 bytes
17 Dir(s) 17,137,446,912 bytes free
Volume in drive C has no label.
Volume Serial Number is 5801-B205
Directory of C:\Program Files
08/06/2006 07:09 PM <DIR> .
08/06/2006 07:09 PM <DIR> ..
02/19/2005 12:33 AM <DIR> ABFSOF~1 ABF software
12/06/2005 01:11 PM <DIR> ABSOLU~1 Absolute GIF Optimizer
03/08/2005 10:33 PM <DIR> ADDRES~1 Address Book Recovery
03/21/2005 05:45 PM <DIR> Adobe
03/22/2005 01:46 PM <DIR> Adorons
07/11/2006 03:06 PM <DIR> Adverts
04/09/2005 03:25 PM <DIR> Agent
02/17/2005 09:38 PM <DIR> Ahead
04/09/2005 03:21 PM <DIR> AIMTOO~1 AIM Toolbar
04/09/2006 05:07 PM <DIR> ALCOHO~1 Alcohol Soft
02/19/2005 12:38 AM <DIR> AMICGA~1 Amic Games
03/09/2005 01:47 PM <DIR> AOD
02/17/2005 09:47 PM <DIR> APPLIC~1 Application X
06/16/2006 02:04 AM <DIR> ATMEGA~1 Atmega Load At Home
10/14/2006 01:40 PM <DIR> AUDIOC~1 Audio Converter
10/17/2005 02:46 PM <DIR> AUDIO-~1 audio-mp3-converter
03/09/2005 01:47 PM <DIR> AWS
07/26/2006 03:47 PM <DIR> BEARSH~1 BearShare
07/21/2006 10:45 PM <DIR> BITTOR~1 BitTorrent
03/06/2006 09:37 PM <DIR> C-Media
12/25/2005 02:36 AM <DIR> Canon
07/30/2006 10:53 PM <DIR> CARDRE~1 CardRecovery
04/24/2006 11:38 AM <DIR> CCleaner
06/27/2006 10:33 PM <DIR> COMMON~1 Common Files
02/17/2005 09:05 PM <DIR> COMPLU~1 ComPlus Applications
02/17/2005 09:48 PM <DIR> CYBERL~1 CyberLink
11/21/2005 09:37 PM <DIR> D-Tools
08/06/2005 09:26 PM <DIR> DEEPNE~1 Deepnet Explorer
11/13/2005 02:23 PM <DIR> DISNEY~1 Disney Interactive
07/26/2006 11:44 AM <DIR> DivX
04/09/2006 01:08 AM <DIR> DVDDEC~1 DVD Decrypter
04/25/2006 12:21 AM <DIR> DVDSHR~1 DVD Shrink
04/07/2006 12:22 PM <DIR> DVDFAB~1 DVDFab Decrypter
04/07/2006 08:33 PM <DIR> ELABOR~1 Elaborate Bytes
10/14/2006 01:40 PM <DIR> Encoder
07/26/2006 11:20 AM <DIR> EWIDOA~1.0 ewido anti-spyware 4.0
11/20/2005 03:05 PM <DIR> GLOBAL~1 GlobalSCAPE
05/03/2006 03:14 PM <DIR> Google
05/09/2006 01:45 AM <DIR> Grisoft
03/25/2006 01:42 AM <DIR> HIDEIP~1 Hide IP Platinum
04/10/2006 07:11 PM <DIR> INCOMP~1 Incomplete
03/02/2005 09:38 PM 298 INSTALL.LOG
04/10/2006 10:29 PM <DIR> INTERA~1 InterActual
06/17/2006 12:06 PM <DIR> INTERN~1 Internet Explorer
06/28/2006 09:39 PM <DIR> iPod
12/06/2005 01:13 PM <DIR> IRFANV~1 IrfanView
06/28/2006 09:40 PM <DIR> iTunes
08/11/2005 06:34 PM <DIR> Java
05/03/2006 01:53 PM <DIR> K-LITE~1 K-Lite Codec Pack
06/24/2006 03:25 PM <DIR> KAZAAL~1 Kazaa Lite Resurrection
06/27/2006 10:32 PM <DIR> Kodak
02/17/2005 09:28 PM <DIR> Lavasoft
05/03/2006 10:10 PM <DIR> LimeWire
08/04/2006 09:10 PM <DIR> MAILWA~1 MailWasher
08/05/2006 11:03 PM <DIR> McAfee.com
10/14/2006 01:41 PM <DIR> MEDIAB~1 Media Box
08/31/2005 07:38 PM <DIR> MEDIAP~1 Media Player Classic
05/24/2005 12:05 PM <DIR> Mercury
02/17/2005 10:05 PM <DIR> MESSEN~1 Messenger
03/22/2006 02:36 AM <DIR> MESSEN~2 MessengerDiscovery
04/28/2006 11:24 AM <DIR> MESSEN~3 MessengerPlus! 3
02/17/2005 09:24 PM <DIR> MICROS~3 Microsoft ActiveSync
02/17/2005 09:11 PM <DIR> MICROS~1 microsoft frontpage
12/20/2005 07:49 PM <DIR> MICROS~4 Microsoft IntelliPoint
03/30/2005 07:22 PM <DIR> MICROS~2 Microsoft Office
02/17/2005 09:07 PM <DIR> MOVIEM~1 Movie Maker
08/06/2006 08:49 PM <DIR> MOZILL~1 Mozilla Firefox
02/17/2005 09:04 PM <DIR> MSN
02/17/2005 09:05 PM <DIR> MSNGAM~1 MSN Gaming Zone
04/24/2006 11:14 AM <DIR> MSNMES~1 MSN Messenger
02/17/2005 09:55 PM <DIR> MUSICM~1 Musicmatch
03/02/2005 09:20 PM <DIR> NETASS~1 NetAssistant
02/17/2005 09:07 PM <DIR> NETMEE~1 NetMeeting
05/25/2006 09:17 PM <DIR> Netscape
03/08/2005 10:43 PM <DIR> OE-MAI~1 OE-Mail Recovery
02/17/2005 09:08 PM <DIR> ONLINE~1 Online Services
05/12/2006 11:41 AM <DIR> Opera
04/17/2006 09:51 AM <DIR> OUTLOO~1 Outlook Express
04/20/2006 01:24 PM <DIR> PALSPY~1 PAL SPYREM
04/29/2006 05:59 PM <DIR> PCFRIE~1 PCFriendly
03/06/2006 09:37 PM <DIR> PCIAUD~1 PCI Audio Applications
12/13/2005 12:15 AM <DIR> Picasa2
06/28/2006 09:50 PM <DIR> QUICKT~1 QuickTime
03/04/2005 01:12 PM <DIR> Real
08/31/2005 08:21 PM <DIR> REALAL~1 Real Alternative
05/20/2006 10:24 AM <DIR> REGIST~1 Registry Mechanic
07/26/2006 05:52 PM <DIR> REGIST~2 RegistryFix
04/07/2006 08:34 PM <DIR> SlySoft
08/05/2006 10:11 AM <DIR> SPAMBU~1 SpamButcher
04/14/2005 02:01 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
05/15/2006 05:23 PM <DIR> SPYWAR~1 Spyware Doctor
04/30/2005 02:31 PM <DIR> SUPERD~1.5 Super DVD Creator 8.5
05/26/2005 12:53 PM <DIR> thriXXX
11/20/2005 03:07 PM <DIR> TimeSink
05/09/2006 10:40 PM <DIR> TopMail
10/17/2005 02:48 PM <DIR> UCmore
04/30/2005 11:51 AM <DIR> ULEADS~1 Ulead Systems
05/03/2006 03:07 PM <DIR> VideoLAN
01/11/2006 04:38 AM <DIR> WEBRDR~1 web rdr new
05/03/2006 03:00 PM <DIR> WINDOW~2 Windows Media Player
02/17/2005 09:05 PM <DIR> WINDOW~1 Windows NT
10/17/2005 02:48 PM <DIR> WinMX
03/27/2006 11:18 AM <DIR> WINQFX~1 winqfx16bit
05/11/2006 04:07 AM <DIR> WinRAR
10/01/2005 01:59 AM <DIR> Xehii
02/17/2005 09:11 PM <DIR> xerox
06/14/2005 12:23 PM <DIR> Yahoo!
07/21/2005 02:52 PM <DIR> ZONELA~1 Zone Labs
1 File(s) 298 bytes
109 Dir(s) 17,137,434,624 bytes free
Post by: guestolo on August 06, 2006, 08:56:46 PM
We've identified the bad guys and some other problems in your log
We should have no problem fixing this
Unfortunately dinner is ready so I have to leave for about half an hour
/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' /> I'll post back within the hour
Please don't download any more removal tools until I advise it please
I won't be long
Post by: The Napster on August 06, 2006, 08:59:04 PM
I really appreciate the help and look forward to your response when you're ready.
Cheers.
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on August 06, 2006, 10:15:10 PM
== Download Hoster.zip (http://\"http://www.funkytoad.com/download/hoster.zip\") and unzip it too a folder of it's own
We will need it later
Download and install Windows CleanUp! 4.5.2 (http://\"http://www.stevengould.org/downloads/cleanup/CleanUp452.exe\")
We will need it later
CleanUp! attempts to delete files from various temporary directories (including download directories/caches),
as well as emptying the Recycle Bins.
If you make a habit of saving files that you wish to keep in any of these places, they will be deleted when CleanUp! is run.
Please move them too a different location before we run this tool if the above is true
Note: It is generally considered poor practice to use temporary folders or the Recycle Bin to store files you intend to keep.
==Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close Ewido. Do not run it yet.
Save the rest of these instructions to a text file saved to desktop or somewhere you will remember
We will need them for use in safe mode>>Without Internet connection
Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer
NOTE: The first time you run CleanUp! it may prompt to run in Demonstration mode
Deny this, we want to run the actual cleanup!!
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Find and send the next folders to the recycle bin
C:\Documents and Settings\Al\Application Data\Eqreadme <-folder
C:\Documents and Settings\Al\Application Data\web rdr new <-folder
C:\Program Files\web rdr new <-folder
==Open Hoster
Then select the "Restore Original Hosts" button and ok the prompt
Ewido Scan
- Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
- Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jfzfeepoinbuwpkrbgqkdgk.com/WaGnKuT...TMg_8MCGuY.html (http://\"http://jfzfeepoinbuwpkrbgqkdgk.com/WaGnKuT...TMg_8MCGuY.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {B1D44D16-9A3C-91AD-FDA2-6E6162464426} - C:\DOCUME~1\Al\APPLIC~1\Eqreadme\Warn bore.exe (file missing)
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Al\LOCALS~1\Temp\svchost.exe 1
O4 - HKCU\..\Run: [global admin] C:\DOCUME~1\Al\APPLIC~1\WEBRDR~1\dartgluescr.exe
After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot back to Normal mode
Back in Windows
Post back the following please
1. Run Hijackthis again and post back a fresh log
2. Post the whole report from Ewido's
Could you also let me know what files you find in this folder please
C:\Documents and Settings\All Users\Application Data\safedupelogodent <-this folder, do you know what it's related too?
Post by: The Napster on August 06, 2006, 10:40:46 PM
I've read the instructions but I'm lost and have a dumb question when you say "Load Ewido"? What is this exactly? Is there a link?
I just have to step out for about 10 minutes but once I go through all the instructions I will post here ASAP!
Thanks!
Post by: guestolo on August 06, 2006, 10:48:09 PM
Go to START>>All programs
Look for Ewido Networks and open Ewido Anti-Spyware and follow the instructions to make sure it is updated
Post by: The Napster on August 06, 2006, 11:37:42 PM
I'm going through the steps now I'll be back with the next report in a few minutes.
Post by: The Napster on August 07, 2006, 02:07:51 AM
Here is everything I came up with that you requested be done:
The Ewido report:
wido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:41:42 AM 8/7/2006
+ Scan result:
:mozilla.197:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.247realmedia : Cleaned.
:mozilla.198:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.247realmedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.415:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.466:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.625:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Al\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.145:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.470:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.109:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Al\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.268:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.269:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Al\Cookies\al@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Al\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.113:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adserver : Cleaned.
:mozilla.114:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adserver : Cleaned.
:mozilla.338:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.339:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.340:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.341:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.342:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.343:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Atdmt : Cleaned.
:mozilla.322:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Bfast : Cleaned.
:mozilla.393:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.178:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Burstnet : Cleaned.
:mozilla.179:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Burstnet : Cleaned.
:mozilla.181:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Burstnet : Cleaned.
:mozilla.387:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.388:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.389:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.390:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.391:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.392:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.580:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Clickbank : Cleaned.
:mozilla.378:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Clickzs : Cleaned.
:mozilla.379:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Clickzs : Cleaned.
:mozilla.211:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Com : Cleaned.
:mozilla.498:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.234:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Euroclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Euroclick : Cleaned.
:mozilla.125:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Euroclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Euroclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Al\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned.
:mozilla.112:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned.
:mozilla.530:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.532:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.579:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.599:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.252:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.504:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.511:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.565:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.566:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.89:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.90:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.91:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.92:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.93:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.94:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.95:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.96:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.97:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.188:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hotlog : Cleaned.
:mozilla.248:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.249:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.250:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.285:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.286:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.287:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.428:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.429:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.430:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.37:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.38:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.523:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.100:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Overture : Cleaned.
:mozilla.101:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Overture : Cleaned.
:mozilla.613:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Paycounter : Cleaned.
:mozilla.128:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.129:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.130:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.131:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.317:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Qksrv : Cleaned.
:mozilla.318:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Qksrv : Cleaned.
:mozilla.102:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.103:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.104:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.593:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.594:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.595:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.596:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.265:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned.
:mozilla.266:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned.
:mozilla.397:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.398:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.399:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.400:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.401:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.402:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.403:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.404:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.405:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.406:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.407:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.408:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.409:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.410:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.411:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tacoda : Cleaned.
:mozilla.239:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tacoda : Cleaned.
:mozilla.240:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tacoda : Cleaned.
:mozilla.261:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.177:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Trafic : Cleaned.
:mozilla.132:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.133:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.134:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.323:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Web-stat : Cleaned.
:mozilla.324:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Web-stat : Cleaned.
:mozilla.325:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Web-stat : Cleaned.
:mozilla.206:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.556:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.182:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.183:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.184:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.135:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned.
:mozilla.136:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned.
:mozilla.137:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Al\Cookies\al@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
The New Hijackthis report:
Logfile of HijackThis v1.99.1
Scan saved at 2:59:43 AM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab (http://\"http://www.bitdefender.com/scan8/oscan8.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - Unknown owner - (no file)
O23 - Service: MCVSRte - Unknown owner - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
And the "C:\Documents and Settings\All Users\Application Data\safedupelogodent <-this folder, do you know what it's related too?"
Is a system file called "mess thunk less" I'm not sure what this is!!!!
That's about it, I'll wait for further instructions and thanks again!
( I still get that message about not having a genuine operating system etc....)
Post by: guestolo on August 07, 2006, 09:14:18 AM
C:\Documents and Settings\All Users\Application Data\safedupelogodent <-this folder
Can we update your version of Java please
Open the Windows Control panel and double click to open the Java Icon
Under the General tab>>Delete Files
Leave all selections checked and click OK
Exit
Access add/remove programs and remove all older versions and updates of Java
This includes
J2SE Runtime Environment 5.0 Update 4
You will know which ones they are, they will have a coffee cup icon in front of them
Can you run CleanUp! one more time please
Ensure you are not running it in demo mode
Ewido cleaned a bunch of cookies that should of been removed by CleanUp! the first time
Reboot the computer afterwards
Back in Windows, let's update your version of Java
Go to the following link
http://www.java.com/en/download/manual.jsp (http://\"http://www.java.com/en/download/manual.jsp\")
Download the Windows (Offline) installer to desktop
Double click to install and follow the prompts
Once install you can delete the installer from desktop
I see a couple services that are legit but look orphaned
Did you uninstall McAfee Antivirus at one time?
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Does Spamkiller and SpamButcher both work properly
Quote
I still get that message about not having a genuine operating system etc....Is this a legit version of XP?
That is when you will usually see that prompt at login or logout, if it is an illegal version
We will deal with this last when I'm sure you are all clean
Post by: The Napster on August 07, 2006, 02:41:13 PM
All steps complete so far and just to follow-up on a few questions; I did uninstall McAfee Antivirus at one time.
Both Spamkiller and SpamButcher seem to be working ok. However AVG Email Scanner is going non-stop especially when I boot up but it NEVER goes off and I never had that problem with AVG before.
(Another minor problem I'm having lately is scrolling up with my mouse and noitce that the scrolling is almost delayed or slow motion when the page scrolls up)
Here is the Hijackthis log you requested:
ABF Outlook Express Backup
Ad-Aware SE Professional
Address Book Recovery 1.1.1
Adobe Acrobat 6.0 Professional - English, Français, Deutsch
Adobe Photoshop 7.0
Alcohol Soft - Alcohol 120% Toolbar
Alcohol Toolbar
aspi
AVG Anti-Virus 7.1
BitTorrent 4.20.4
Canon CanoCraft CS-P 3.7
Canon ScanGear Toolbox CS
CardRecovery
CCHelp
CCleaner (remove only)
CCScore
CleanUp!
CR2
CuteFTP
DAEMON Tools
DivX
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Decrypter 2.9.7.5
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
ewido anti-spyware 4.0
ffdshow
Google Desktop Search
Google Toolbar for Firefox
Hide IP Platinum 2.5
HijackThis 1.99.1
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 6
Kazaa Lite Resurrection 0.0.8
K-Lite Codec Pack 2.72 Full
Kodak EasyShare software
KSU
LimeWire 4.9.28
MailWasher Free
McAfee.com SecurityCenter
McAfee.com SpamKiller
Mercury
Messenger Plus! 3 & Sponsor
MessengerDiscovery 3.0.0
Microsoft DirectX Transform optional components
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5.0.6)
MSN Messenger 7.5
Musicmatch® Jukebox
Nero 6 Demo
Notifier
NVIDIA Windows 2000/XP Display Drivers
OE-Mail Recovery 1.7.6
Opera
OTtBP
Outlook Express Backup Genie v1.8
PCDLNCH
PCFriendly
PCI Audio Applications
PCI Audio Driver
Picasa 2
PowerDVD
QuickTime
Real Alternative 1.43
Registry Mechanic 5.0
RegistryFix v5.5
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SFR
SFR2
SpamButcher
Spybot - Search & Destroy 1.3
Spyware Doctor 3.8
TopMail
Ulead DVD MovieFactory 2
Ulead Photo Express 2.0 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
VideoLAN VLC media player 0.8.4a
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
winqfx16bit
WinRAR archiver
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
ZoneAlarm Pro
And I'm not using a legit copy of XP and because I did an update I get this awful annoying icon the same place I type in my password to log in to xp! It says "As for genuine microsoft software" and it times out after to request software and I just click notify me later button this all before I can log in my password to xp
Thanks again and I'll be stepping away for a bit but checking back periodically!
Post by: guestolo on August 07, 2006, 06:10:43 PM
I want you to disable your spywareprotection with SpywareDoctor and keep it disabled until I inform you otherwise
To deactivate Spyware Doctor's OnGuard Tools
1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".
I would like to disable your filesharing programs from running on startup and see if it has anything to do with conflicting with AVG email scanner
Could be a port conflict
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Access your add/remove programs and remove
Spybot - Search & Destroy 1.3
Reboot your computer
Back in Windows
Download and Install Spybot 1.4 from
HERE (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
Reboot the computer if any Red entries were fixed
Back in Windows
Download GMER from here:
http://www.gmer.net/gmer.zip (http://\"http://www.gmer.net/gmer.zip\")
Unzip it to the desktop and start GMER.exe
Click the Rootkit tab and click the Scan button.
Warning! Please DO NOT select the "Show all" checkbox during the scan.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.
If you're having problems with running GMER.exe, try it in safe mode. This tool works in safe mode. Most other rootkit revealers don't.
Download and save too desktop
F-Secure Blacklight(blbeta.exe) (http://\"https://europe.f-secure.com/exclude/blacklight/blbeta.exe\")
Double click to run blbeta.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log
BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log". Please post that log .
Is AVG's email scanner actually scanning a download?
Does it give any indication what it's doing?
Quote
And I'm not using a legit copy of XP and because I did an update I get this awful annoying iconOf course, the best course of action to resolve this is too purchase a legit license online
Or buy a legit copy of Windows and do a clean installation
Post by: The Napster on August 08, 2006, 03:06:03 AM
I couldn't post the entire reply in one message so I have to break it up into different parts:
Here is Part 1
Hello...
First, I simply deleted Spyware Doctor and that was the end of that!
New spybot installed etc...
I followed all the instructions however, I could not locate O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
when I performed hijack this and a "System scan only" here is that log:
Logfile of HijackThis v1.99.1
Scan saved at 3:11:36 AM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Al\Desktop\gmer.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab (http://\"http://www.bitdefender.com/scan8/oscan8.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Part 2 and the GMER split up in parts because it won't all fit in one post....
Post by: The Napster on August 08, 2006, 03:45:07 AM
I couldn't post the entire reply in one message so I have to break it up into different parts:
Here is Part 1
Hello...
First, I simply deleted Spyware Doctor and that was the end of that!
New spybot installed etc...
I followed all the instructions however, I could not locate O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
when I performed hijack this and a "System scan only" here is that log:
Logfile of HijackThis v1.99.1
Scan saved at 3:11:36 AM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Al\Desktop\gmer.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab (http://\"http://www.bitdefender.com/scan8/oscan8.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Part 2 and the GMER split up in parts because it won't all fit in one post....[/quote]
Well having nothing but problems posting the entire GMER log so maybe tomorrow you can help me with this or I can send you the txt in an email...
Thanks.
Post by: guestolo on August 08, 2006, 04:16:58 AM
Unzip it to the desktop and start GMER.exe
Click the Rootkit tab and click the Scan button.
Warning! Please DO NOT select the "Show all" checkbox during the scan.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.
Also, I need you to post the log from F-Secure Blacklight
Don't quote anything you already posted
Use the space to post the logs!
Post by: The Napster on August 08, 2006, 09:46:16 AM
I did follow the instructions like you said regarding GMER and I didn't select "show all" during the scan.
The txt is so long it wouldn't let me paste the entire log here and I had problems continuing to paste the rest of it here, I can't figure out why?
Can I send you the file of the log to you in an email? You can pm me your email that would be great!
Here is the log from Backlight:
08/08/06 03:13:01 [Info]: BlackLight Engine 1.0.42 initialized
08/08/06 03:13:01 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/08/06 03:13:01 [Note]: 7019 4
08/08/06 03:13:01 [Note]: 7005 0
08/08/06 03:13:03 [Note]: 7006 0
08/08/06 03:13:03 [Note]: 7011 924
08/08/06 03:13:04 [Note]: 7026 0
08/08/06 03:13:04 [Note]: 7026 0
08/08/06 03:13:13 [Note]: FSRAW library version 1.7.1019
08/08/06 03:18:23 [Note]: 7007 0
Post by: The Napster on August 08, 2006, 10:17:32 AM
Post by: guestolo on August 08, 2006, 10:47:48 AM
Beside file attachments>>Use the browse button and navigate to the file
Right click on it and Select it
Then click the Add this Attachment button
Or don't try and copy>>Paste the whole log at once
Use multiple replies to post the log
Post by: The Napster on August 08, 2006, 11:16:50 AM
Beside file attachments>>Use the browse button and navigate to the file
Right click on it and Select it
Then click the Add this Attachment button
Or don't try and copy>>Paste the whole log at once
Use multiple replies to post the log[/quote]
I tried posting it multiple times and it won't allow me to so here is the attachment, thanks again.
Post by: guestolo on August 08, 2006, 11:33:17 AM
I'm concerned maybe it's a problem with ZoneAlarm Pro email security and AVG's email scanner
Can you check and see if ZA has email security operable, if so, shut it down and see what happens
Is the email scanner for AVG still going?
What does it appear to be scanning?
Post by: The Napster on August 08, 2006, 11:59:29 AM
I'm concerned maybe it's a problem with ZoneAlarm Pro email security and AVG's email scanner
Can you check and see if ZA has email security operable, if so, shut it down and see what happens
Is the email scanner for AVG still going?
What does it appear to be scanning?[/quote]
I've disabled email security inbound and outbound in Zone Alarm.
I've come to the conclusion that AVG email scanner ONLY seems to run continuously when I start McAfee Spamkiller because its connected to my pop email server and therefore once Spamkiller starts up it takes a while to go through emails and AVG runs and scans at the same time.
Other than that, do you see any viruses or problems in the log?
Thanks
Post by: guestolo on August 08, 2006, 12:22:12 PM
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)
May indicate that the programs were uninstalled and leftovers or not working quite right
Did you have McAfee anti-virus installed at one time or another
If so what version?
I see McAfee Security center still in your add/remove programs
What version of Spamkiller do you have installed?
Post by: The Napster on August 08, 2006, 12:33:27 PM
Did you have McAfee anti-virus installed at one time or another
If so what version?
I see McAfee Security center still in your add/remove programs
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)[/quote]
I did have McAfee AV installed by someone a while ago and I believe it was 2005 version? I could be wrong.
That McAfee Security center is part of the McAfee spamkiller I have now.
Post by: guestolo on August 08, 2006, 12:46:59 PM
Would you like to try the following to see if it helps
Go to this link
http://tools.mcafeehelp.com/doc.php?siteid...&support=ts (http://\"http://tools.mcafeehelp.com/doc.php?siteid=1&docid=71541&support=ts\")
and look under
Manual Uninstall of VirusScan
Run the manual uninstaller with directions given
Next, I would proceed with removal of Spamkiller and Security Center in Add/Remove and
Reboot again
Post a fresh hijackthis log
Don't reinstall Spamkiller yet, lets make sure your log looks good
I would try the above, as mentioned, parts of the log indicates issues that need resolved
Post by: The Napster on August 08, 2006, 02:48:37 PM
Would you like to try the following to see if it helps
Go to this link
http://tools.mcafeehelp.com/doc.php?siteid...&support=ts (http://\"http://tools.mcafeehelp.com/doc.php?siteid=1&docid=71541&support=ts\")
and look under
Manual Uninstall of VirusScan
Run the manual uninstaller with directions given
Next, I would proceed with removal of Spamkiller and Security Center in Add/Remove and
Reboot again
Post a fresh hijackthis log
Don't reinstall Spamkiller yet, lets make sure your log looks good
I would try the above, as mentioned, parts of the log indicates issues that need resolved[/quote]
In my Add or Remove programs I only have McAfee Security Center and McAfee Spamkiller... I do not have McAfee VirusScan on its own if that is what you're refering to, I assure you of this unless it's hidden somewhere.
I have removed Spamkiller and the Security Center
I also removed spambutcher it seems like it's nothing more than spyware...
Here's the latest Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:46:56 PM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Al\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab (http://\"http://www.bitdefender.com/scan8/oscan8.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on August 08, 2006, 02:50:45 PM
Was Security Center the last thing you uninstalled?
Post by: The Napster on August 08, 2006, 05:34:38 PM
Was Security Center the last thing you uninstalled?[/quote]
I removed the program from add/remove programs
The spambutcher was the last thing I removed
Post by: guestolo on August 08, 2006, 06:03:23 PM
It was important you follow them
Please do the following
Go to START>>All Programs>>accessories>>system tools>>system restore
Create a new restore point
Name it and then click Create
Exit out of there after
Download and save this file to your desktop
VSCleanupTool.exe (http://\"http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe\")
Double click on the tool
# The removal tool will schedule and display a time when the removal process will begin.
Note: The displayed time should be within one mintute of the current system time shown in the bottom right side of the screen.
# Removal will begin at the displayed time.
# During this process, several icons will be created on your desktop. All of these new icons, except one, will be removed when the uninstall is complete and the computer has been restarted. The file mccleanup.log will remain on the desktop. Once you have verified the removal was successful, you can delete this file.
# When finished, the following message will be displayed: The machine must reboot to complete the uninstallation. Reboot now?
# Press "Y" on your keyboard to restart your computer and complete the removal process.
Back in Windows
Go to START>>Run>>type in
regedit
Hit OK
Manually navigate to the following
1)Click (+) next to HKEY_CURRENT_USER.
2)Click (+) next to Software.
3)Under Software look for any entries like McAfee, McAfee.com and Network Associates if found delete them.
4)Click (+) next to HKEY_LOCAL_MACHINE.
5)Click (+) next to Software.
6)Under Software look for any entries like McAfee, McAfee.com and Network Associates if found delete them.
Exit the Registry editor
Navigate to the following folder and delete if found
C:\Documents and Settings\All Users\Application Data\McAfee.com <-this folder if found
also remove these ones if found
C:\Program Files\McAfee <-folder
C:\Program Files\McAfee.com <-folder
Reboot the computer one more time
come back here and post a fresh hijackthis log
It's important that you follow ALL the instructions I posted above
Post by: The Napster on August 08, 2006, 09:35:00 PM
It was important you follow them
Please do the following
Go to START>>All Programs>>accessories>>system tools>>system restore
Create a new restore point
Name it and then click Create
Exit out of there after
Download and save this file to your desktop
VSCleanupTool.exe (http://\"http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe\")
Double click on the tool
# The removal tool will schedule and display a time when the removal process will begin.
Note: The displayed time should be within one mintute of the current system time shown in the bottom right side of the screen.
# Removal will begin at the displayed time.
# During this process, several icons will be created on your desktop. All of these new icons, except one, will be removed when the uninstall is complete and the computer has been restarted. The file mccleanup.log will remain on the desktop. Once you have verified the removal was successful, you can delete this file.
# When finished, the following message will be displayed: The machine must reboot to complete the uninstallation. Reboot now?
# Press "Y" on your keyboard to restart your computer and complete the removal process.
Back in Windows
Go to START>>Run>>type in
regedit
Hit OK
Manually navigate to the following
1)Click (+) next to HKEY_CURRENT_USER.
2)Click (+) next to Software.
3)Under Software look for any entries like McAfee, McAfee.com and Network Associates if found delete them.
4)Click (+) next to HKEY_LOCAL_MACHINE.
5)Click (+) next to Software.
6)Under Software look for any entries like McAfee, McAfee.com and Network Associates if found delete them.
Exit the Registry editor
Navigate to the following folder and delete if found
C:\Documents and Settings\All Users\Application Data\McAfee.com <-this folder if found
also remove these ones if found
C:\Program Files\McAfee <-folder
C:\Program Files\McAfee.com <-folder
Reboot the computer one more time
come back here and post a fresh hijackthis log
It's important that you follow ALL the instructions I posted above[/quote]
I'm not sure what happened before but I did follow all your instructions and I always check it over twice to make sure.
Here is the new Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:33:27 PM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Al\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab (http://\"http://www.bitdefender.com/scan8/oscan8.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on August 08, 2006, 09:38:05 PM
Download: Registry Search Tool from this link, it's a very small download
http://billsway.com/vbspage/ (http://\"http://billsway.com/vbspage/\")
You will have to scroll down to see it
Unzip and double-click "RegSrch.vbs"
Note: if your Antivirus or another program prompts about running a ".vbs" file, allow the script to run
In the open field copy and paste the below in bold then hit OK
mcupdmgr.exe
Wait for the results and post them back here
Do the same for this entry please
MCVSRte
Post by: The Napster on August 08, 2006, 10:27:32 PM
Download: Registry Search Tool from this link, it's a very small download
http://billsway.com/vbspage/ (http://\"http://billsway.com/vbspage/\")
You will have to scroll down to see it
Unzip and double-click "RegSrch.vbs"
Note: if your Antivirus or another program prompts about running a ".vbs" file, allow the script to run
In the open field copy and paste the below in bold then hit OK
mcupdmgr.exe
Wait for the results and post them back here
Do the same for this entry please
MCVSRte[/quote]
Here is the 1st result for mcupdmgr.exe
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "mcupdmgr.exe" 8/8/2006 11:21:50 PM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MCUPDMGR.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FA23F184-7C0B-44f1-87DD-6784697C8EFD}]
@="McUpdMgr.Exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FA23F184-7C0B-44f1-87DD-6784697C8EFD}]
"LocalService"="McUpdMgr.Exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3A036FA-DA7D-45e2-AE16-6CADAAE5D75E}]
@="McUpdMgr.Exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCUPDMGR.EXE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]
"Service"="mcupdmgr.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcupdmgr.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcupdmgr.exe\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcupdmgr.exe\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcupdmgr.exe\Enum]
"0"="Root\\LEGACY_MCUPDMGR.EXE\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCUPDMGR.EXE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]
"Service"="mcupdmgr.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mcupdmgr.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mcupdmgr.exe\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCUPDMGR.EXE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCUPDMGR.EXE\0000]
"Service"="mcupdmgr.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe\Enum]
"0"="Root\\LEGACY_MCUPDMGR.EXE\\0000"
And now for MCVSRte
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "MCVSRte" 8/8/2006 11:25:39 PM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCVSRTE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCVSRTE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCVSRTE\0000]
"Service"="MCVSRte"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCVSRte]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCVSRte\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCVSRte\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCVSRte\Enum]
"0"="Root\\LEGACY_MCVSRTE\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCVSRTE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCVSRTE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCVSRTE\0000]
"Service"="MCVSRte"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MCVSRte]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MCVSRte\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCVSRTE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCVSRTE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCVSRTE\0000]
"Service"="MCVSRte"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCVSRte]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCVSRte\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCVSRte\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCVSRte\Enum]
"0"="Root\\LEGACY_MCVSRTE\\0000"
Post by: guestolo on August 08, 2006, 11:12:24 PM
From the bottom of this reply box, download>>Save and then unzip to desktop
remove.zip so you now have remove.reg extracted to your desktop
Do a "System scan only" with Hijackthis and put a check next to these entries:
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot into safe mode
In safe mode
Double click on remove.reg and allow to add/merge to the registry at the prompt
Reboot back to Normal mode
Post a fresh hijackthis log
If everything goes alright we just have some final steps then we can deal with you last problem
Post by: The Napster on August 09, 2006, 12:49:39 AM
From the bottom of this reply box, download>>Save and then unzip to desktop
remove.zip so you now have remove.reg extracted to your desktop
Do a "System scan only" with Hijackthis and put a check next to these entries:
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot into safe mode
In safe mode
Double click on remove.reg and allow to add/merge to the registry at the prompt
Reboot back to Normal mode
Post a fresh hijackthis log
If everything goes alright we just have some final steps then we can deal with you last problem[/quote]
Everything is completed and here is the latest hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:48:35 AM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab (http://\"http://www.bitdefender.com/scan8/oscan8.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on August 09, 2006, 12:53:48 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Now let's see what happens when you reinstall Spamkiller
I assume you want to reinstall it
Go back ahead and reinstall Spamkiller if you want it
After installation reboot the computer then come back here and post one last hijackthis log please
Napster, I'm off to bed for the evening then work tomorrow
I'll be back on to see your new hijackthis log tomorrow then we'll deal with that other problem
How's everything running on your end, besides the popup on login or logoff
Post by: The Napster on August 09, 2006, 07:41:30 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Now let's see what happens when you reinstall Spamkiller
I assume you want to reinstall it
Go back ahead and reinstall Spamkiller if you want it
After installation reboot the computer then come back here and post one last hijackthis log please
Napster, I'm off to bed for the evening then work tomorrow
I'll be back on to see your new hijackthis log tomorrow then we'll deal with that other problem
How's everything running on your end, besides the popup on login or logoff[/quote]
Great!
I'm going to leave spamkiller off my computer because it seems the more programs I install like this the more problems I have. So, I assume you won't need another hijackthis log since I'm not installing it?
Everything is running a lot better and it couldn't happen without your help, thank you so much!
Yes, that annoying pop up during startup is starting to bug me now!
/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />
Post by: guestolo on August 09, 2006, 10:58:53 PM
If everything is running better
We should flush all your restore points
- Go to START>>RUN
Type in
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point
[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
Setting your AV to Autoupdate is a very smart move
*Keep your Firewall protection enabled
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission
Update and do scan's with your Anti-Spyware programs on a regular basis
I will PM you in a bit
/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
Post by: The Napster on August 10, 2006, 11:21:06 PM
Logfile of HijackThis v1.99.1
Scan saved at 12:19:02 AM, on 8/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (http://\"http://housecall60.trendmicro.com/housecall/xscan60.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab (http://\"http://www.bitdefender.com/scan8/oscan8.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on August 10, 2006, 11:47:57 PM
Post by: The Napster on August 11, 2006, 12:02:40 AM
That was quite the journey!
/ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' /> Thanks for all your help!
Post by: guestolo on August 11, 2006, 12:05:46 AM
I take it there are no further problems
I'll lock this topic then
Take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />