Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Is Sluggish, Slow


  • This topic is locked This topic is locked
3 replies to this topic

#1 Ms_Mega

Ms_Mega

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 13 February 2006 - 12:12 AM

I followed your instructions at : http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ to the letter.

Thanks in advance for your much valued help.

Logfile of HijackThis v1.99.1
Scan saved at 4:12:03 PM, on 13/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\KeirNet\K9\K9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\LegrandCRM\LegrandPRO4.0.exe
C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Megabyte\My Documents\MS Megabyte\Business\technical\utilities\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://p22.my.mud.yahoo.com/p/1.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Trunk32App] Trunk32App.exe
O4 - HKLM\..\Run: [System32DOS] System32DOS.exe
O4 - HKLM\..\Run: [System32Check] System32Check.exe
O4 - HKLM\..\Run: [CDPreLoader] CDPreLoader.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ACT_APL] "C:\Program Files\ACT\ACT for Windows\ACT_APL.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office 2000\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html...AU_ZBzeb032YYAU
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133930947109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BE4C27AC-2F23-437E-95F7-7505DBC0937D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fujicolor.com.au/en/feeders/XUpload.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

BC AdBot (Login to Remove)

 


m

#2 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 14 February 2006 - 05:52 AM

G'Day and welcome to the forum, let's try this. I understand you may have run some of these programs, but please check the configuration and run through the complete fix for me in the posted order, thanks. For your benefit this looks like the trojan: http://www.sophos.com/virusinfo/analyses/trojchasta.html
You will want to read all of that information to see what you may have occured to your system and security to repair the damage.
You may want to print the instructions and do read through them a couple of times so you will know what is coming up as you proceed.

1) Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php
The newest version of Ad-aware is 1.06 and Spybot 1.04. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be removed.

2) ewido scan:
Please download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

3) Turn off Microsoft AntiSpyware until you finish with HJT, it will block the fix we need to make.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
(Next is not working properly with the missing file, install it again after the cleanup if you use it)
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKLM\..\Run: [Trunk32App] Trunk32App.exe
O4 - HKLM\..\Run: [System32DOS] System32DOS.exe
O4 - HKLM\..\Run: [System32Check] System32Check.exe
O4 - HKLM\..\Run: [CDPreLoader] CDPreLoader.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html...AU_ZBzeb032YYAU

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

RIGHT Click on Start then click on Explore. Locate and delete these items:

You will need to use search companion to locate these items, they need to be deleted:

Trunk32App.exe >>> file

System32DOS.exe >>> file

System32Check.exe >>> file

CDPreLoader.exe >>> file


C:\Windows\Prefetch\ >>> delete everything in this folder (NOT THE FOLDER)
Prefetch info: http://www.windowsnetworking.com/articles_...refetch-XP.html

If you don't have a good cleaner, use this one with these instuctions:
Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp
Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.

Restart the computer and post the ewido scan results, a new HJT log and your comments...how is the computer running now.

Cheers...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 Ms_Mega

Ms_Mega
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 19 February 2006 - 06:44 AM

HI there - thank you SO MUCH for your awesome help. Those utilities are great and I am going to pass the word around about them. My computer seems slow at startup still, but I'll upgrade my ram and see if that helps too. I wonder if you'd look at my Ewido and HJT logs now and let me know what you think?

EWIDO:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:16:06 PM, 19/02/2006
+ Report-Checksum: 3B9318BD

+ Scan result:

HKU\S-1-5-21-329068152-73586283-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.409:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.490:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.582:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.585:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.586:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.587:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.588:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.593:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.677:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.678:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.681:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.682:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.704:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.706:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.708:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.709:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.710:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.729:C:\Documents and Settings\Megabyte\Application Data\Mozilla\Firefox\Profiles\dmyewz4l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@bigpond.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@cnetaustralia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfk4glczslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfk4wiajggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfk4wlcpahq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfkiepdpccp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfkiohdpmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfkiwhcjcgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfkoqgdjggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfkyund5eep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfl4oidzmhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfl4oncpcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfl4ondjkdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfl4slazegp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfliamdzmap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wflianczedo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfliehdzcfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wflielcpclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wflikhazsfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfliohajkko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wflogkczsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wflookdpwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wfmyqhcpwbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wgkiajdpseo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wgkiomazcho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wgkoondzwlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wgkyeoajkfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wgkyepdpggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wgmichczscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjk4aidpseo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjk4elajggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjk4ghc5ehp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjk4wgdjalp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjk4wicjscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjkoahczoaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjkogpc5ccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjkoohdzgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjkoupdpwao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjkyqoc5sbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjkysndjwkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjkywndpmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjl4qjdjwbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjl4sidzebo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjl4slajcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjliwhczsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjloamcpcdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjloapazcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjlocjc5eco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjloclczago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjloejajmep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjloknd5sap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjloopazicq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjloslcpwho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjlyckcpcbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjlyqkcpgdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjmikmd5wdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjmygld5mfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjmyogc5aco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjmyoiazadp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjmyqicpweo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjmyqpcpolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@e-2dj6wjmyujczwep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@linkbuddies[2].txt -> TrackingCookie.Linkbuddies : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@marketworksinc.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@microsofteup.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@qantasairways.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@techrepublic.com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Megabyte\Cookies\megabyte@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup


::Report End


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 10:38:42 PM, on 19/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\KeirNet\K9\K9.exe
C:\Documents and Settings\Megabyte\My Documents\MS Megabyte\Business\technical\utilities\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/ind...=0&#entry237137
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ACT_APL] "C:\Program Files\ACT\ACT for Windows\ACT_APL.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office 2000\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133930947109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BE4C27AC-2F23-437E-95F7-7505DBC0937D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fujicolor.com.au/en/feeders/XUpload.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


thanks again.. you're amazing.

Yvonne

#4 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 19 February 2006 - 08:59 AM

Hi Yvonne, thanks for returning the information, looking at HJT first.

Logfile of HijackThis v1.99.1 Scan saved at 10:38:42 PM, on 19/02/2006
I missed this: R3 - Default URLSearchHook is missing Use HJT to remove it. It is clutter leftover from an old infection but it needs to be gone.

Whoa :thumbsup: great job! clean log! here is some great information from Tony Klein, Texruss, ChrisRLG !nd Grinler to help you stay clean and safe online:
http://boards.cexx.org/viewtopic.php?t=957
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
http://cybercoyote.org/security/not-admin.shtml

You did well and deserve a pat on the back :flowers: if you wish to learn more about the proceedure there are free schools available, just let me know.

ewido anti-malware - Scan report Created on: 10:16:06 PM, 19/02/
Why are you storing all of those Firefox cookies? Think they are chocolate chips :huh: Use this information to control them:
http://privacy.getnetwise.org/browsing/too...fdisablecookies
http://www.mozilla.org/projects/security/p..._priv_help.html
You and ewido got rid of everything you found, now a little information about ewido:
ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know good from bad, it backs up everything. In case some of the infection got into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, restart your computer and turn it back on.
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

See how you are running for 24 hours, then post to let me know all is well and I will close you up...Safe surfing...Phil

Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users