Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected With Some Kind Of Trojan


  • This topic is locked This topic is locked
6 replies to this topic

#1 maggot

maggot

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 07 November 2006 - 02:43 AM

Hello again!. My computer has been acting funny lately. My virus watch has detected a trojan but it wont let me do anything about it. It says something like hacker trojan or hijack trojan. Can someone please look at my log and see if anything doesn't look right and possibly help me fix things I dont know about. My comp hasn't been doing too well, I just restored it ,I had some sort of spyware that made it to where a google search would pop up everytime I clicked on a link. Also, does anyone know where I can download a trojan guard type of program and a firewall? Thank you very much for your help.

Logfile of HijackThis v1.99.1
Scan saved at 12:31:06 AM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\service32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Works\MSWorks.exe
c:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\My Documents\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Compaq_Owner\Desktop\114231521.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://autoins2.progressivedirect.com/ptt/cv/CVALAX.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:19 AM

Posted 10 November 2006 - 10:44 PM

Hello maggot,

does anyone know where I can download a trojan guard type of program and a firewall?


No such thing as a "trojan guard" but a-squared Free 2.0 is a good trojan remover.

You can download a-squared Free 2.0

You run it like this:
Select the "Deep Scan" button and press the Scan button.
If malware is found, click the button "Remove Selected Malware"
and save the log file by clicking on "Save Report".
Let it delete whatever it finds.

Here are four free firewalls available for personal use. If one conflicts with your system, try another.

You Need a (Properly Configured) Firewall
Understanding and Using Firewalls

Kerio Personal Firewall

Outpost Firewall Free

Jetico Personal Firewall

ZoneAlarm
ZoneAlarm Manual - PDF format
http://download.zonelabs.com/bin/media/pdf/ZAP40_manual.pdf

If you want a registry protector, then I recommend Teatimer. It is include with Spybot 1.4


**************************


Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)

1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
5. Click on "Save Report" to view all completed scans.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware 7.5


Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan).
When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. :thumbsup:

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.


When done, submit the AVG Anti-Spyware 7.5 log, the BitDefender log and a  fresh Hijackthis log.

Edited by SifuMike, 10 November 2006 - 11:04 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 maggot

maggot
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 11 November 2006 - 08:39 PM

Thank you for takeing the time to help me :thumbsup:.


Here is my AVG Anti-Spyware 7.5 log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:02:29 PM 11/11/2006

+ Scan result:



C:\RECYCLER\S-1-5-21-2894947683-3184663319-3558598617-1008\Dc22.com\SSSInst\bin\SSSInst.dll -> Adware.Comet : Cleaned.
C:\Program Files\King Solomons\Install.exe -> Heuristic.Win32.Dialer : Cleaned.
:mozilla.357:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.544:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.554:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.573:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.668:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.722:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.730:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.732:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.141:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.142:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.448:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.518:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.519:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.809:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.223:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.224:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.88:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.365:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.414:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.731:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.740:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.50:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.631:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.632:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.633:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.183:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.184:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.185:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.186:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.187:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.238:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.239:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.240:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.241:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.244:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.245:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.246:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.247:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.820:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.821:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.822:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.823:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.824:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.825:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.31:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.32:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.33:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.34:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.35:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.36:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.248:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.249:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.250:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.251:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.446:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.830:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.831:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.832:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.833:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.834:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.838:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.839:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.840:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.841:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.849:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.850:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.195:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.233:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.234:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.235:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.236:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.122:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.123:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.125:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.134:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.175:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.176:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.177:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.178:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.179:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.180:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.819:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.835:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.836:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.837:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.443:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.444:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.445:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.812:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.818:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.101:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.102:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.103:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.104:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.105:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.106:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.107:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.108:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.109:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.110:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.111:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.112:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.113:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.366:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.367:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.371:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.373:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.167:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.143:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.144:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.154:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.155:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.156:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.157:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.158:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jjmz9d66.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


My new Hijack This Log -

Logfile of HijackThis v1.99.1
Scan saved at 6:23:34 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://autoins2.progressivedirect.com/ptt/cv/CVALAX.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


I tried doing the online scan but it said it failed to update, but it still scanned and didn't find anything.


Thanks again :flowers:

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:19 AM

Posted 11 November 2006 - 09:46 PM

Hi maggot,

I tried doing the online scan but it said it failed to update, but it still scanned and didn't find anything.




If it failed to update, then the scan is worthless. :thumbsup:

Restart in Normal Mode and run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
Follow the Instruction on the F-Secure page for proper installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy and Paste the entire report in your next reply.

Edited by SifuMike, 11 November 2006 - 09:59 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 maggot

maggot
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 12 November 2006 - 02:18 AM

Here is my F-secure online scanner report -


Scanning Report
Saturday, November 11, 2006 20:58:13 - 23:19:10

Computer name: YOUR-C44D19AF4E
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 12 malware found
Golden Palace Casino (spyware)

* System (Disinfected)

Packed.Win32.PolyCrypt.a (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\21A2306B.EXE (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System
* System

Trojan-Clicker.Win32.Agent.hz (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4423199F.DLL (Renamed & Submitted)

Trojan-Clicker.Win32.Costrat.l (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1929692B.SYS (Renamed & Submitted)

Trojan-Clicker.Win32.Small.kj (virus)

* C:\WINDOWS\103251116180.EXE (Renamed & Submitted)

Trojan-Spy.Win32.BZub.fh (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\44304191.DLL (Renamed & Submitted)

Statistics
Scanned:

* Files: 29234
* System: 4264
* Not scanned: 179

Actions:

* Disinfected: 2
* Renamed: 4
* Deleted: 0
* None: 6
* Submitted: 5

Files not scanned:

* x‡ψΊ‡89\ASSETS\CUSTOMERS\YOUNG_FEMALE\ANIM.XML C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CUSTOMERS\YOUNG_FEMALE\YELLOW\ANIM.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CUSTOMERS\YOUNG_FEMALE\RED\ANIM.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CUSTOMERS\YOUNG_FEMALE\PURPLE\ANIM.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CUSTOMERS\YOUNG_FEMALE\GREEN\ANIM.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CUSTOMERS\YOUNG_FEMALE\BLUE\ANIM.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CUSTOMERS\OLD_MALE\ANIM.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CUSTOMERS\OLD_MALE\YELLOW\ANIM.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CUSTOMERS\OLD_MALE\RED\ANIM.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CUSTOMERS\OLD_MALE\PURPLE\ANIM.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CUSTOMERS\OLD_MALE\GREEN\ANIM.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CUSTOMERS\OLD_MALE\BLUE\ANIM.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\COOK\COOK.XML
* C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\DINERDASH.1.0.0.89\ASSETS\CONFIG\CAREER.XML
* C:\USERDATA\NTUSER.INI
* C:\USERDATA\USERDATA\KX8LCZCJ\SN[1].XML
* C:\USERDATA\TEMPLATES\WINWORD8.DOC
* C:\USERDATA\START MENU\DESKTOP.INI
* C:\USERDATA\START MENU\PROGRAMS\DESKTOP.INI
* C:\USERDATA\START MENU\PROGRAMS\STARTUP\DESKTOP.INI
* C:\USERDATA\START MENU\PROGRAMS\SPYSUBTRACT SPYWARE MANAGER\INSTALL SPYSUBTRACT.LNK
* C:\USERDATA\START MENU\PROGRAMS\PC HELP & TOOLS\PC-DOCTOR.LNK
* C:\USERDATA\START MENU\PROGRAMS\ONLINE SERVICES\EASY INTERNET SIGN-UP.LNK
* C:\USERDATA\START MENU\PROGRAMS\MORPHEUS\DOWNLOADS.LNK
* C:\USERDATA\START MENU\PROGRAMS\GAMES\DYNASTY.LNK
* C:\USERDATA\START MENU\PROGRAMS\ACCESSORIES\ADDRESS BOOK.LNK
* C:\USERDATA\START MENU\PROGRAMS\ACCESSORIES\ENTERTAINMENT\DESKTOP.INI
* C:\USERDATA\START MENU\PROGRAMS\ACCESSORIES\ACCESSIBILITY\DESKTOP.INI
* C:\USERDATA\SENDTO\DESKTOP.INI
* C:\USERDATA\RECENT\BRIMALL3 (2).LNK
* C:\USERDATA\MY DOCUMENTS\DESKTOP.INI
* C:\USERDATA\MY DOCUMENTS\MY VIDEOS\DESKTOP.INI
* C:\USERDATA\MY DOCUMENTS\MY PICTURES\DESKTOP.INI
* C:\USERDATA\MY DOCUMENTS\MY MUSIC\DESKTOP.INI
* C:\USERDATA\MY DOCUMENTS\MY MUSIC\UNKNOWN ARTIST\DESKTOP.INI
* C:\USATA\FήL›

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2006-11-10
* F-Secure AVP: 7.0.171, 2006-11-10
* F-Secure Orion: 1.2.37, 2006-11-10
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0260-02-44
* F-Secure Pegasus: 1.19.0, 2006-08-29

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:19 AM

Posted 12 November 2006 - 11:10 AM

Hello maggot,

Let's clean up some malware and remenents of malware. :thumbsup:

Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/



Please boot into Safe Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


color=blue]*******************************************[/color]

Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'

Don't use the windows start\search feature
Using Windows Explorer, find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.

Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)

C:\WINDOWS\ALCXMNTR.EXE <==file


*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************

Finally, reboot to the Normal Mode and post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:19 AM

Posted 02 December 2006 - 12:35 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users