« previous next »
Pages: [1]

Author Topic: All kinds of problems :(  (Read 400 times)

Offline utlawag

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
All kinds of problems :(
« on: March 05, 2006, 12:17:30 AM »
Well my fiance has recently joined myspace.com and I think she has been downloading crap because my computer has been having major problems with pop-ups and browser hijackers lately. Particularly winfixer and one from amaena.com.

Here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:14:39 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Matt Carter\Desktop\Anti-Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\system32\ddccb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.yahoo.com/java/y/mlbst8296_x.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://bcs.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/315695f521de34de3705/...ip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://bcs.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://bcs.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1us.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f2.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


I can have downloaded VundoFix if I need to run that as well...

Any help is greatly appreciated
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
All kinds of problems :(
« Reply #1 on: March 05, 2006, 12:20:55 AM »
Please download [color=\"red\"]VundoFix.exe[/color][/url] to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline utlawag

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
All kinds of problems :(
« Reply #2 on: March 05, 2006, 12:42:05 AM »
VundoFix.txt:

VundoFix V4.2.28
Scan started at 11:37:02 PM 3/4/2006

Listing files found while scanning....

C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.bak1

C:\WINDOWS\SYSTEM32\bccdd.bak1
C:\WINDOWS\SYSTEM32\bccdd.ini
C:\WINDOWS\SYSTEM32\ddccb.dll
 Attempting to delete C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\ddccb.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\bccdd.bak1 Has been deleted!

Performing Repairs to the registry.
Done!


New HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:40:57 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt Carter\Desktop\Anti-Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.yahoo.com/java/y/mlbst8296_x.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://bcs.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/315695f521de34de3705/...ip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://bcs.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://bcs.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1us.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f2.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
All kinds of problems :(
« Reply #3 on: March 05, 2006, 12:54:26 AM »
Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/315695f521de34de3705/...ip/RdxIE601.cab
You can tick any other 016 entry you don't recognize
They will be reinstalled if needed

Additionally, I would tick the next ones too, there not needed on startup
Programs work fine without them

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in Windows, too double check to ensure you are clean
==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" Uncheck
 "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
    Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Post back here a fresh Hijackthis log and the Ewido report
Let me know how things are running
Do you use either Spybot 1.4 or Ad-aware Se personal 1.06???
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline utlawag

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
All kinds of problems :(
« Reply #4 on: March 05, 2006, 04:24:35 AM »
Computer is running much better now. Thank you so much!

I use both adaware and spybot, will start use ewido as well as it caught some the others did not.

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         3:22:00 AM, 3/5/2006
 + Report-Checksum:      6421A360

 + Scan result:

   C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\Cache\3D103E1Ed01 -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.64:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.65:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.66:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.81:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.85:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.86:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.87:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.100:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.101:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.102:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.103:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.104:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.105:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.121:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.122:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.123:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.139:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.140:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.141:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.142:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.145:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.146:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.147:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.148:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.149:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.150:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.169:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.170:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.171:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.176:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.177:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.178:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.179:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.181:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.182:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.185:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.198:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.199:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.201:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
   :mozilla.206:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.218:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.219:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.220:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.221:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup
   C:\WINDOWS\SYSTEM32\pmkjj.dll -> Adware.Virtumonde : Cleaned with backup


::Report End


HIJACK THIS

Logfile of HijackThis v1.99.1
Scan saved at 3:23:36 AM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Matt Carter\Desktop\Anti-Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://bcs.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://bcs.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://bcs.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1us.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f2.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
All kinds of problems :(
« Reply #5 on: March 05, 2006, 12:10:10 PM »
That looks better
One NOTE: Ewido removed an entry related to DigStream (Either Disney or ESPN Motion)
Would you like to keep this entry?
If not, I recommend that you enter add/remove programs and remove either
ESPN Motion or Disney motion
You can still watch videos without it, it's not needed!
Let me know please, did you intentionally install it??

*If everything is running better
Final Cleanup
We should clear all your restore points to ensure you don't restore any nasties that may be sitting idle
    Go to START>>RUN>>In the open field
    Type in
msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]                          
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

                  [indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install  SpywareBlaster 3.5.1 by JavaCool[/url]  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
                   
*Make sure your Anti-Virus software is always kept up to date and actively running in the background

*Check for updates with your anti-spyware programs and run a scan on a regular basis
In addition: Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Please Immunize after every update

I would hold onto Ewido also:
Ewido will become a Limited version in a couple weeks
It's still a very good scanner to update and run once a month

*Keep up to date on Windows updates
This is the most important step in keeping your system secure
If you don't set to AutoUpdate, make sure you visit Windows Updates on a regular basis
Access in Internet Explorer--TOOLS>>Windows Updates
In addition: Make sure you keep up on Microsoft Office updates
You will find a link at Windows Updates named "Office Family"

*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission

Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
« Last Edit: March 05, 2006, 12:10:50 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »