Post by: hie on December 09, 2006, 10:12:39 PM
Theres my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 7:11:15 PM, on 12/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\AOL\1128897297\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1128897297\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1128897297\ee\aolsoftware.exe
C:\Program Files\America Online 9.0a\wEmail Removedexe
C:\Program Files\Microsoft Office97\Office\OSA.EXE
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\john.GENARDONE\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com\")
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128897297\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [Advanced Message Server] rundll32.exe usb496.dat,Execute
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [Win32] C:\Win32\dll\Win32k.exe -starthide C:\Win32\dll\Win32.exe -local
O4 - HKLM\..\Run: [0ce80c5c.dll] RUNDLL32.EXE 0ce80c5c.dll,b 38213156
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinSSHD Activation State Checker] "C:\Program Files\Bitvise WinSSHD\WinsshdActStateCheck.exe"
O4 - HKLM\..\Run: [{5E-E5-59-93-ZN}] c:\windows\system32\dwdsregt.exe CORN004
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [CU1]
O4 - HKCU\..\Run: [CU2]
O4 - HKCU\..\Run: [uzii] C:\PROGRA~1\COMMON~1\uzii\uziim.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\Email RemovedEXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program (http://\"http://file:///C:\Program\") Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0001.1119\en-us\msntabres.dll/229?cdebd562e107428da4af1da7a63b04a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0001.1119\en-us\msntabres.dll/230?cdebd562e107428da4af1da7a63b04a
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program (http://\"http://file:///C:\Program\") Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program (http://\"http://file:///C:\Program\") Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program (http://\"http://file:///C:\Program\") Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab (http://\"http://www.musicnotes.com/download/mnviewer.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.Email (http://\"http://by106fd.bay106.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128896977350 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128896977350\")
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab (http://\"http://cabs.elitemediagroup.net/cabs/mediaview.cab\")
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab (http://\"http://webcamnow.com/broadcast/ActiveXWebCam.cab\")
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab (http://\"http://www.sibelius.com/download/software/win/ActiveXPlugin.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab (http://\"http://www.tricksteronline.com/control/tricksterActiveX.cab\")
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab (http://\"http://www.tricksteronline.com/control/KALogoutComponent.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinSSHD - Bitvise - C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
Thanks again.
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on December 09, 2006, 10:23:02 PM
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post the log please
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from Combofix
+++Also, Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Post by: hie on December 10, 2006, 12:12:04 AM
ComboFix:
john - 06-12-09 21:01:32.28 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\john.GENARDONE\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-11-09 to 2006-12-09 ))))))))))))))))))))))))))))))))))
2006-11-25 19:02 <DIR> d-------- C:\Documents and Settings\john.GENARDONE\Application Data\Opera
2006-11-25 19:01 <DIR> d-------- C:\Program Files\Opera
2006-11-24 18:54 65,536 --a------ C:\WINDOWS\IFinst27.exe
2006-11-24 13:32 <DIR> d-------- C:\Documents and Settings\john.GENARDONE\Application Data\Yahoo!
2006-11-18 19:04 <DIR> d-------- C:\72252eeb23b86bcf9a2607
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-09 20:58 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-09 18:47 -------- d-------- C:\Documents and Settings\john.GENARDONE\Application Data\Free Download Manager
2006-11-29 11:47 -------- d-------- C:\Program Files\Viewpoint
2006-11-24 14:17 -------- d-------- C:\Program Files\WinRAR
2006-11-24 12:53 -------- d-------- C:\Program Files\Triggersoft
2006-11-18 19:02 -------- d-------- C:\Program Files\Internet Explorer
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-10-31 16:12 -------- d-------- C:\Program Files\AOD
2006-10-28 18:14 -------- d-------- C:\Documents and Settings\john.GENARDONE\Application Data\Winamp
2006-10-26 23:27 -------- d-------- C:\Program Files\Winamp
2006-10-18 06:09 230454 --a------ C:\Documents and Settings\john.GENARDONE\Application Data\2.bmp
2006-10-18 06:09 230454 --a------ C:\Documents and Settings\john.GENARDONE\Application Data\1.bmp
2006-10-13 04:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-09 18:17 -------- d-------- C:\Documents and Settings\john.GENARDONE\Application Data\Xfire
2006-09-24 01:33 8224 --a--c--- C:\Documents and Settings\john.GENARDONE\Application Data\GDIPFONTCACHEV1.DAT
2006-09-12 21:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AOLCC"="\"C:\\Program Files\\AOL Computer Check-Up\\ACCAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Aim6"=""
"uzii"="C:\\PROGRA~1\\COMMON~1\\uzii\\uziim.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"Nero PhotoShow Media Manager"="C:\\PROGRA~1\\Nero\\NEROPH~1\\data\\Xtras\\mssysmgr.exe"
"ProxyWay"="C:\\Program Files\\ProxyWay\\proxyway.exe"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0a\\Email RemovedEXE\" -b"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1128897297\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\McAfee.com\\Agent\\mcupdate.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortEmail Removedexe\" -Run"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Iomega Automatic Backup 1.0.1"="C:\\Program Files\\Iomega\\Iomega Automatic Backup\\ibackup.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iPodManager"="C:\\Program Files\\iPod\\bin\\iPodManager.exe"
"Advanced Message Server"="rundll32.exe usb496.dat,Execute"
"LaunchList"="C:\\Program Files\\Pinnacle\\Studio 8\\LaunchList.exe"
"Win32"="C:\\Win32\\dll\\Win32k.exe -starthide C:\\Win32\\dll\\Win32.exe -local"
"0ce80c5c.dll"="RUNDLL32.EXE 0ce80c5c.dll,b 38213156"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"WinSSHD Activation State Checker"="\"C:\\Program Files\\Bitvise WinSSHD\\WinsshdActStateCheck.exe\""
"{5E-E5-59-93-ZN}"="c:\\windows\\system32\\dwdsregt.exe CORN004"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000090
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (GENARDONE-john).job
C:\WINDOWS\tasks\McAfee.com Update Check (GENARDONE-dimitri).job
C:\WINDOWS\tasks\McAfee.com Update Check (GENARDONE-fabienne).job
C:\WINDOWS\tasks\McAfee.com Update Check (GENARDONE-john).job
C:\WINDOWS\tasks\McAfee.com Update Check (GENARDONE-michael).job
C:\WINDOWS\tasks\McAfee.com Update Check (GENARDONE-pierrick).job
Completion time: 06-12-09 21:06:20.62
C:\ComboFix.txt ... 06-12-09 21:06
And heres my uninstall manager:
(Main Game) Lightside - Legend Ragnarok Online
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.5
Adobe® Photoshop® Album Starter Edition 3.0
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Computer Check-Up
AOL Deskbar
AOL Instant Messenger
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AV Voice Changer Software DIAMOND 4.0
AVG Free Edition
Bitvise WinSSHD 4.12 (remove only)
BPM-Studio 4 Demo
CAM UnZip 4.0
CleanUp!
Collab
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Creative WebCam Instant Driver (1.01.02.0729)
Dell Support
Droppix Recorder
ewido anti-malware
FL Studio 5
Google Earth
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
ijji - Gunz
Iomega Automatic Backup
iPod for Windows
iPod for Windows User Guide 2.0
iPod Software Updater
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Ludiclub.com
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Office 97, Professional Edition
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Mozilla Firefox (2.0)
MP3 Folders
MSN Messenger 7.5
MSN Search Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Native Instruments Traktor DJ Studio 2 Demo
NVIDIA Display Driver
oggcodecs
Opera 9.02
Power Tab Editor 1.7
Pure Networks Port Magic
QuickTime
Ragnarok Sakray
Rand McNally Route Planner
RealPlayer Basic
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sibelius Scorch
Sony ACID Pro 5.0
Spybot - Search & Destroy 1.4
Studio 8
Ulead VideoStudio 8.0 Trial
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Win32
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Related
Windows XP Service Pack 2
WinRAR archiver
Xfire (remove only)
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar for Internet Explorer
YAMAHA Digital Music Notebook
YAMAHA Musicsoft Downloader 5
ZoneAlarm
Thanks again`~
Post by: guestolo on December 10, 2006, 10:14:26 AM
You Have McAfee's and AVG installed
Decide which you like best and uninstall the other
Reboot the computer afterwards
Back in Windows
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com\")
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [Advanced Message Server] rundll32.exe usb496.dat,Execute
O4 - HKLM\..\Run: [Win32] C:\Win32\dll\Win32k.exe -starthide C:\Win32\dll\Win32.exe -local
O4 - HKLM\..\Run: [0ce80c5c.dll] RUNDLL32.EXE 0ce80c5c.dll,b 38213156
O4 - HKLM\..\Run: [{5E-E5-59-93-ZN}] c:\windows\system32\dwdsregt.exe CORN004
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [CU1]
O4 - HKCU\..\Run: [CU2]
O4 - HKCU\..\Run: [uzii] C:\PROGRA~1\COMMON~1\uzii\uziim.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab (http://\"http://cabs.elitemediagroup.net/cabs/mediaview.cab\")
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Go back to Add/remove programs and remove the following
J2SE Runtime Environment 5.0 Update 6
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Win32
Finally, if your still running the free version of
ewido anti-malware
Remove it also, we're going to update this in a bit
REboot the computer again
Back in Windows
Update your version of Java, I had you uninstall it earlier, older versions allow malware to exploit holes that can infect your system
==Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10 (http://\"http://java.sun.com/javase/downloads/index.jsp\")
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation Multi-language
Double click on the installer and follow the prompts for installation
After it is installed, you can delete the installer from desktop
You have CleanUp! installed
Can you run it and let it clean your temp files, cookies please
Afterwards
Download>>Install [color=\"#000099\"]AVG Anti-Spyware 7.5[/color] (http://\"http://www.ewido.net/en/download/\") from Ewido networks
- Load AVG-antispyware and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
Select the "Scanner" tab
- Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected
- Click back to the "Scan" tab and then click on Complete System Scan.
- Let this scan complete, let it run uninterrupted
- AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
- An AVG icon will be placed in your system tray next to your clock, can you right on it and uncheck
"Resident Shield" , "Automatic updates" and "Start with Windows"
[/list]Reboot the computer
Come back here and post one more hijackthis log and the report from AVG antispyware please
Post by: hie on December 10, 2006, 03:23:55 PM
"
But instead i found :
"R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
This it the samething, and should i delete it?
Post by: guestolo on December 11, 2006, 12:04:12 AM
That entry is legit, just what I asked you to check if found please
If you can't complete a step, move forward
Let me know what you couldn't accomplish when you post back with the logs
Post by: hie on December 22, 2006, 06:27:40 PM
AVG Anti-Spyware report
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:55:46 PM 12/20/2006
+ Scan result:
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Netscape\Netscape\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kruko.dll -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qwinosag.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qwinosai.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rndsregn.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Common Files\uzii\uziid\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\adsetup.exe -> Dropper.Agent.abb : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\dimitri.GENARDONE\Application Data\Mozilla\Firefox\Profiles\jccv7aik.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\dimitri.GENARDONE\Application Data\Mozilla\Firefox\Profiles\jccv7aik.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.225:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.140:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.141:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.148:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.149:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.150:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.160:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.161:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.162:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.61:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.67:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.68:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.69:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.72:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.73:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\john.GENARDONE\Cookies\john@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.112:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.113:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.213:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.212:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.216:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.217:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.166:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.167:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.168:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.169:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\john.GENARDONE\Cookies\john@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.197:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.34:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.9:C:\Documents and Settings\dimitri.GENARDONE\Application Data\Mozilla\Firefox\Profiles\jccv7aik.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.255:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.256:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.257:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.258:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.44:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.48:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.49:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.50:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.51:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.238:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.10:C:\Documents and Settings\dimitri.GENARDONE\Application Data\Mozilla\Firefox\Profiles\jccv7aik.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.222:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.251:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.28:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.29:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.31:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.32:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.33:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\john.GENARDONE\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.163:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.164:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.165:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\john.GENARDONE\Cookies\john@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.342:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.121:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.124:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.127:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.128:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.129:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.130:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.297:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.144:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.145:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.147:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.152:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.89:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.90:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.91:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.92:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.93:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\john.GENARDONE\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.122:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.123:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.125:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.126:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.131:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.132:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.133:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\john.GENARDONE\Cookies\john@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.52:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.53:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.54:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.55:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.56:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\john.GENARDONE\Cookies\john@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.64:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.66:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.74:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\john.GENARDONE\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.252:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.253:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.254:C:\Documents and Settings\john.GENARDONE\Application Data\Mozilla\Firefox\Profiles\hvf8ao1m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\Z2VuYXJk\tZpRsrL4.vbs -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
New HJT report:
Logfile of HijackThis v1.99.1
Scan saved at 3:26:43 PM, on 12/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1128897297\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office97\Office\OSA.EXE
c:\program files\common files\aol\1128897297\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1128897297\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\john.GENARDONE\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128897297\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [WinSSHD Activation State Checker] "C:\Program Files\Bitvise WinSSHD\WinsshdActStateCheck.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0001.1119\en-us\msntabres.dll/229?cdebd562e107428da4af1da7a63b04a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0001.1119\en-us\msntabres.dll/230?cdebd562e107428da4af1da7a63b04a
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab (http://\"http://www.musicnotes.com/download/mnviewer.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.Email (http://\"http://by106fd.bay106.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128896977350 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128896977350\")
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab (http://\"http://webcamnow.com/broadcast/ActiveXWebCam.cab\")
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab (http://\"http://www.sibelius.com/download/software/win/ActiveXPlugin.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab (http://\"http://www.tricksteronline.com/control/tricksterActiveX.cab\")
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab (http://\"http://www.tricksteronline.com/control/KALogoutComponent.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinSSHD - Bitvise - C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
Anyway.. sorry again for the long wait and Thanks for helping me out.
Post by: guestolo on December 23, 2006, 11:50:05 AM
Post by: hie on December 23, 2006, 08:30:47 PM
Thanks alot for your help.
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />