Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Diagnose


  • Please log in to reply
10 replies to this topic

#1 JackH

JackH

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 14 February 2006 - 06:27 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:22:54, on 14/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe
C:\Program Files\Belkin Mouse 1.0\mouse32a.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\54 Mbps WLAN\WLANMON.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0809/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [FLMBELKINMOUSE] C:\Program Files\Belkin Mouse 1.0\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCguard] C:\Program Files\blueyonder\PCguard\Rps.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: 54 Mbps Wireless Configuration Utility.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14f3a6d99a4669...ip/RdxIE601.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe


And apologies if I've posted it in the wrong place, I was a little unsure.

Thank you,
Jack

BC AdBot (Login to Remove)

 


#2 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 16 February 2006 - 11:20 PM

Hello JackH and welcome to Bleeping Computer :thumbsup:

We need to move that hijack application into a better loacation, this is what i want you to do please.

Double-click on the zip file containing the HijackThis.exe file. Select the HijackThis.exe, and hit the combination “Ctrl + C”.
Minimize the zipfolder, and go to My Computer. Double-click on C:/, then double-click on Program Files.

In the menu bar you’ll find “File”. Click it, then choose “New”, and then “Folder”.

Call this folder HijackThis. Double-click to open this - new - folder.
Now use the combination “Ctrl + V” to paste the HijackThis.exe into this folder. Now close all other windows, and double-click on the HijackThis.exe in the folder you’ve just created.

Once that is completed show me a new hijack log please. :flowers:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#3 JackH

JackH
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 17 February 2006 - 12:26 PM

Logfile of HijackThis v1.99.1
Scan saved at 17:26:13, on 17/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Windows\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Windows\System32\wuauclt.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe
C:\Program Files\Belkin Mouse 1.0\mouse32a.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\54 Mbps WLAN\WLANMON.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0809/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {29DDF7E4-71DD-58CF-7815-A63BB0053C8B} - C:\DOCUME~1\ADMINI~1\APPLIC~1\ONEFRA~1\bytebike.exe
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [FLMBELKINMOUSE] C:\Program Files\Belkin Mouse 1.0\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCguard] C:\Program Files\blueyonder\PCguard\Rps.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [pure clock wave cool] C:\Documents and Settings\All Users\Application Data\Real Pop Pure Clock\rule deaf.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [greatmedia] C:\DOCUME~1\ADMINI~1\APPLIC~1\REFBIR~1\Hole Noun.exe
O4 - Global Startup: 54 Mbps Wireless Configuration Utility.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14f3a6d99a4669...ip/RdxIE601.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe




Thank you for spending your time helping me, I appreciate it.
Jack

#4 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 17 February 2006 - 02:50 PM

Hello Again :thumbsup:

This is what i want you to do first please.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Then a online scan.

Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.
When these are complete, show me the logs they generate and a new hijack log as well please. :flowers:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#5 JackH

JackH
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 18 February 2006 - 03:51 PM

This is active scan-
:thumbsup:

Incident Status Location

Adware:Adware/Lop Not disinfected c:\docume~1\admini~1\applic~1\refbir~1\holeno~1.exe
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Mp3search Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.mp3search.ru/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Inet-Traffic Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.inet-traffic.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.com.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.overture.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[server.iad.liveperson.net/hc/90594700]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[server.iad.liveperson.net/hc/90594700]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.adtech.de/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.go.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.versiontracker.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[hc2.humanclick.com/hc/28781733]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[sel.as-eu.falkag.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[90594700]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[90594700]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[28781733]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt[]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Administrator\Application Data\Ref bird dart\Hole Noun.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Administrator\Application Data\Ref bird dart\iuzhbrba.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Administrator\Application Data\Ref bird dart\SettingsTrayCdrom.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\Real Pop Pure Clock\rule deaf.exe





Ewido -
:flowers:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:26:53, 18/02/2006
+ Report-Checksum: 354B0DE2

+ Scan result:

:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cg3na0f8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP148\A0042404.exe -> Adware.Lop : Cleaned with backup


::Report End

#6 JackH

JackH
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 18 February 2006 - 03:52 PM

Here is HiJackThis latest log -

Logfile of HijackThis v1.99.1
Scan saved at 20:51:48, on 18/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe
C:\Program Files\Belkin Mouse 1.0\mouse32a.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\54 Mbps WLAN\WLANMON.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0809/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {29DDF7E4-71DD-58CF-7815-A63BB0053C8B} - C:\DOCUME~1\ADMINI~1\APPLIC~1\ONEFRA~1\bytebike.exe (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [FLMBELKINMOUSE] C:\Program Files\Belkin Mouse 1.0\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCguard] C:\Program Files\blueyonder\PCguard\Rps.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [pure clock wave cool] C:\Documents and Settings\All Users\Application Data\Real Pop Pure Clock\rule deaf.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [greatmedia] C:\DOCUME~1\ADMINI~1\APPLIC~1\REFBIR~1\Hole Noun.exe
O4 - Global Startup: 54 Mbps Wireless Configuration Utility.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14f3a6d99a4669...ip/RdxIE601.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

#7 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 19 February 2006 - 02:49 PM

Hi Jack :thumbsup:

Can you please do this for me.

Please go HERE (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)
  • Click on Windows Validation Assistant
  • Click on the Validate Now button.
  • Be patient while the ActiveX loads, do not click on any links.
  • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  • Enter your product key then click continue
  • When it says "Validation Complete" please click Continue to return to your previous activity
  • Copy what it says and paste it here.

Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#8 JackH

JackH
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 23 February 2006 - 04:00 PM

This is crap, I can't verify my windows for some reason and the OEM name HPQ can't be found, I have a licensed windows too, It has the authentic sticker.

#9 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 25 February 2006 - 06:25 PM

Hi Jack :thumbsup:

After some clarification we can continue.

Please show me a new hijack log and we will get to cracking on this. :flowers:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#10 JackH

JackH
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 03 March 2006 - 01:01 PM

Thank you for your time and assistance..

Logfile of HijackThis v1.99.1
Scan saved at 17:59:45, on 03/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Windows\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\54 Mbps WLAN\WLANMON.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0809/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {29DDF7E4-71DD-58CF-7815-A63BB0053C8B} - C:\DOCUME~1\ADMINI~1\APPLIC~1\ONEFRA~1\bytebike.exe (file missing)
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\280KSK~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\280KSK~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCguard] C:\Program Files\blueyonder\PCguard\Rps.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [pure clock wave cool] C:\Documents and Settings\All Users\Application Data\Real Pop Pure Clock\rule deaf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [greatmedia] C:\DOCUME~1\ADMINI~1\APPLIC~1\REFBIR~1\Hole Noun.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: 54 Mbps Wireless Configuration Utility.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14f3a6d99a4669...ip/RdxIE601.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

#11 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 05 March 2006 - 04:04 PM

Hello again Jack :thumbsup:

I see we need to do some more work on this system. I'm going to recommend 2 fairly high power tools to have you run. The scan take a bit to run so be patient.

Please download WebRoot SpySweeper from here (It's a 2 week trial): http://www.webroot.com/consumer/products/s...ode=af1&rc=3597
  • Click on "Download the trial"
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
And this as well.

Step 1:
Download the eScan Antivirus Toolkit Here. Save it to the Desktop, it is roughly 10MB in size.
Before running the program we need to update the signature files first in Step 2.

Step 2:
Updating the eScan Antivirus Toolkit with the latest files:

1.) Double-click on the mwav.exe file saved to the Desktop; it will extract the program files to a new folder called Kaspersky at the root of the C:\drive. (C:\Kaspersky.)

2.) Double-click on My Computer, double-click on the Hard Drive (usually the C:\drive), find and double-click on the Kaspersky folder; inside the Kaspersky folder, find and double-click on the kavupd.exe file. Double-clicking on the kavupd.exe file opens the Windows command prompt (DOS screen) and updates the program with all the latest signature files.

3.) After the update is complete, the bottom of the command prompt will read "Press any key to continue", press any key to close the screen.

Please do not run a scan with the eScan Antivirus Toolkit utility yet.

Step 3:
Please reboot into Safe Mode. Detailed instructions on how to boot into Safe Mode Here.

Step 4:
From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:

1.) To run the eScan Antivirus Toolkit program, look for a file called mwavscan.com inside the C:\Kaspersky folder.

2.) Double-click on the mwavscan.com file; this will open the eScan program.

3.) With the eScan interface on your Desktop, make sure that these boxes under Scan Option are checked : Memory, Registry, Startup Folders, System Folders, Services.

4.) Check the Drive box, this will give you access to the other Drive box (radio button) below it, check this second Drive box as well, now a large window across from the second Drive box appears. In this window use the drop-down arrow and choose the drive letter of your hard drive, usually C:\.

5.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.

6.) Click the Scan Clean button and let the utility run until it completes a thorough scan of your hard drive. When the scan has finished it will read Scan Completed. Do not Exit the tool just yet.

7.) Open a new NotePad file (click on "Start" >> "All Programs" >>"Accessories" >> "NotePad"), then Copy/Paste the content of the Virus Log Information window into that file, and save it. eScan also creates a full log inside the C:\Kaspersky folder (named mwav.log), but it is huge and cannot be posted on a forum. Please post the content of the log you have saved (into NotePad) in your next reply, once all steps are completed.

Reboot your computer into normal Windows.

While your out and about running tools i also see you have no anti virus on board, so lets get you a good free one.

AVG Free Edition

Set it up how you like it, but make sure it runs full time.

When all these scans are complete show me the logs from all please and a new hijack log as well. :flowers:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users