Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Info


  • This topic is locked This topic is locked
22 replies to this topic

#1 yethPC

yethPC

  • Members
  • 365 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 10 March 2007 - 08:22 AM

I have this hijackthis log file but i dont have idea how to analyze every bit of this :flowers: .Can somebody advise me which should be removed and how will i know through this file that my cmputer is infected with worms?
Below is the log file frm hijackthis.Thanks in advance. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 6:11:17 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:01 PM

Posted 20 March 2007 - 11:30 PM

Hello yethPC,

Before we start, you need to realize that you are missing one important program on that computer: An antivirus. :thumbsup:

This is somewhat suicidal in today's digital world.

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the one of these (all free)

Avast or
AntiVir or
AVG antivirus


Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!


******************
Download ATF (Atribune Temp File) Cleanerę by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

AVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc
.

1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

When done, submit the [b]AVG Anti-Spyware 7.5
log and a fresh Hijackthis log.

Edited by SifuMike, 20 March 2007 - 11:31 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 yethPC

yethPC
  • Topic Starter

  • Members
  • 365 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 22 March 2007 - 03:35 PM

thanx.
ive already installed avast but i did nt run avg anti spyware in safe mode.i couldnt see the options under "how to scan" that was why i ran it normally.
is it okey if i remove avg anti spyware because i now started getting message that my computer has very low virtual memory.
also,avast detected 2 corrupt files but the action i did to the first file was to delete.was it right?repair icon was enabled or grayed out

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:01 PM

Posted 22 March 2007 - 04:41 PM

is it okey if i remove avg anti spyware because i now started getting message that my computer has very low virtual memory

.

I need to see the AVG antispyware log, along with a fresh Hijackthis log, so please post them.

After you post the AVG antispyware log, then I will let you know if you can uninstall it. We may need to run it again, so just leave it there for now.

AVG antispyware should not be using any memory, as it is an "on demand" scanner; however the Guard feature (registry protector) will use some memory.
I you want ot disable it (so it uses no memory):
Open AVG Antispyware and in the main window click "Resident Shield", then toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.



AVG antispyware will remove more malware in the Safe Mode than the Normal Mode, that was the reason I asked you to run it in the Safe Mode.


avast detected 2 corrupt files but the action i did to the first file was to delete.was it right?repair icon was enabled or grayed out


Yes, that sounds right.

Edited by SifuMike, 22 March 2007 - 04:44 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 yethPC

yethPC
  • Topic Starter

  • Members
  • 365 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 23 March 2007 - 01:06 AM

thank you very much for all your advises.
But when will I know that a certain corrupt file can be deleted.I only had no option then but to delete it because the repair icon was disabled or grayed out.What if that file ive deleted is being used by another program to run properly?
below is the avg antispyware scan report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:47:25 AM 3/23/2007

+ Scan result:



:mozilla.213:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.631:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.742:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.744:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.208:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.864:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.797:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.798:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.255:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.256:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.258:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.260:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.150:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.151:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.115:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.117:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.118:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.120:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.760:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.863:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.865:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.610:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.611:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.265:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.467:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.834:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.124:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.125:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.126:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.127:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.128:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.816:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.842:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.689:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.105:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.133:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.829:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.849:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.148:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.149:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.266:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.267:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.268:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.507:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.591:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.785:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.786:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.165:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.166:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.167:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.168:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.291:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.292:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.293:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.294:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.344:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.419:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.479:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.514:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.515:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.526:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.661:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.662:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.663:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.671:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.672:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.709:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.729:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.533:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.614:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.615:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.616:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.617:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.104:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.276:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.277:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.278:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.468:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.469:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.470:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.471:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.472:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.779:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.780:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.306:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.307:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.308:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.857:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.697:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.698:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.506:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.508:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.509:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.521:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.523:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.778:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.485:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.423:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.424:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.425:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.426:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.427:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.428:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.113:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.114:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.848:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.853:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.254:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.257:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.259:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.160:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.261:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.262:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.450:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.451:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.239:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.240:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.241:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.242:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.243:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.245:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.246:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.247:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.248:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.249:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.673:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.674:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.675:C:\Documents and Settings\Dolan Rodrigues\Application Data\Mozilla\Firefox\Profiles\0hogixor.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

#6 yethPC

yethPC
  • Topic Starter

  • Members
  • 365 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 23 March 2007 - 01:08 AM

I really appreciate this.Here is the hijackthis log file.

Logfile of HijackThis v1.99.1
Scan saved at 11:05:37 AM, on 3/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:01 PM

Posted 23 March 2007 - 10:13 AM

Hi yethPC,


Let's run one more scanner to make sure all the malware is gone.

Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". This scan may take a few hours. It all depends on the number of files on your computer.

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 yethPC

yethPC
  • Topic Starter

  • Members
  • 365 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 24 March 2007 - 03:11 AM

do you mean click "stop access protection" to disable avast?

But it was saying "Could not load online scanner!"what to do?...

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:01 PM

Posted 24 March 2007 - 12:28 PM

This site will show Disabling avast!'s antivirus and e-mail scanning protection:AVAST
http://www.netfaqs.com/windows/AntiVirus/a...email/index.asp

Edited by SifuMike, 24 March 2007 - 12:30 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 yethPC

yethPC
  • Topic Starter

  • Members
  • 365 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 25 March 2007 - 02:15 AM

hi sifumike!
thanx for all the replies.
im sorry if i may sound to annoying in here but I only want to know why you wanted me to disable avast.is it the cause of the problem why bitdefender online scanner active x control does not load?because i opened the site with avast enabled.are they somehow related?

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:01 PM

Posted 25 March 2007 - 12:30 PM

but I only want to know why you wanted me to disable avast.is it the cause of the problem why bitdefender online scanner active x control does not load?


No, it is because it Avast may produce false postivies while BitDefender is scanning. Better to be safe and disable it while BitDefender runs.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 yethPC

yethPC
  • Topic Starter

  • Members
  • 365 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 26 March 2007 - 06:28 AM

Thank you very very much, SifuMike! I really really take my hat off to you.
here is the bitdefender report

BitDefender Online Scanner - Real Time Virus Report



Generated at: Mon, Mar 26, 2007 - 16:23:20


--------------------------------------------------------------------------------





Scan Info



Scanned Files
187065

Infected Files
0








Virus Detected



No virus found.











--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:01 PM

Posted 26 March 2007 - 12:51 PM

Hi yethPC,

BitDefender came back clean, and your Hijackthis log is clean. :thumbsup:

Let's clean your System Restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows.
The files in System Restore are protected to prevent any programs from changing those files.
This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK

2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
NOTE: only do this ONCE, NOT on a regular basis

System Restore will now be active again.




Please read and follow How did I get infected?, With steps so it does not happen again!

Edited by SifuMike, 27 March 2007 - 01:34 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 yethPC

yethPC
  • Topic Starter

  • Members
  • 365 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 27 March 2007 - 07:09 AM

thanks a lot.

#15 yethPC

yethPC
  • Topic Starter

  • Members
  • 365 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 29 March 2007 - 10:35 AM

is there a need now to install firewall in my pc after all clean-ups.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users