Here's My Hijack Log....sysprotect etc... can anyone provide me some guidance. =) [page 3/3]

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Sunday 2.2.2025 / 00:09

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > here's my hijack log....sysprotect etc... can anyone provide me some guidance. =)

Browse by topic

Forums

Start a new thread

Here's My Hijack Log....sysprotect etc... can anyone provide me some guidance. =)

Jump to:

Posted

Message

Page:	< Previous	1	2	3

JaPK

Senior Member

4. May 2006 @ 04:59

Link to this message

Hi ALATONY.

Ok, looking good.

Fix this entry with HijackThis:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Then you're good to go =)

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

ALATONY

Member

4. May 2006 @ 05:49

Link to this message

thank you so much. you are the man. any more ways on how to free up more memory

[ + quote]

JaPK

Senior Member

4. May 2006 @ 09:45

Link to this message

Well we took the unnecessary ones off, but you could clean your registry and temporary files with CCleaner -> http://www.filehippo.com/download_ccleaner/

And you're welcome :)

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

ALATONY

Member

4. May 2006 @ 11:29

Link to this message

thanks

[ + quote]

ryan8787

Newbie

29. June 2006 @ 15:50

Link to this message

PLease help me!!!!!!!

her's my HijackThis...

Logfile of HijackThis v1.99.1
Scan saved at 6:45:04 PM, on 6/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\Dad\MYDOCU~1\aDOBE\ntvdm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Carbon Copy Support\FXKER.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe
C:\WINDOWS\System32\Fast.exe
C:\Documents and Settings\Dad\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\?ystem\w?nword.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{9B986C62-A389-8D2C-FC38-F1EA1FB073B6} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\iygwg.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,stnbqfl.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\System32\irsmriqb.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: (no name) - {9B986C62-A389-8D2C-FC38-F1EA1FB073B6} - C:\WINDOWS\System32\vmor.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\System32\adrotate.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus C82 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P32 "EPSON Stylus C82 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C82"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Sroc] "C:\DOCUME~1\Dad\MYDOCU~1\aDOBE\ntvdm.exe" -vt mt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\plugins\Npcdn32.dll
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.snipernet.us
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple...
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Dad\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3084
O20 - AppInit_DLLs: inicfg32.dll ping.dll C:\WINDOWS\System32\ping.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[ + quote]

JaPK

Senior Member

30. June 2006 @ 07:10

Link to this message

@ryan8787

You got a massive malware collection there, it is a shame to destroy such a beautiful collection.. :P

Cleaning instructions:

Move HijackThis into its own folder C:\HJT

Download and install Ewido Anti-Spyware 4.0 -> http://www.ewido.net/en/download/

-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.

Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.

Donwload LSPFix -> http://www.cexx.org/lspfix.htm to yuor desktop.
DON'T run this program yet. This program is used only if you lost your internet connection during the cleaning.

Go to Control Panel -> Add/Remove programs -> Remove SafeSurfing, InternetOptimizer, DyFuCa, WebHancer, PuritySCAN By OIN, OuterInfo, OIN if found

If PuritySCAN By OIN, OuterInfo, OIN were not listed, download and run this uninstaller -> http://www.outerinfo.com/OiUninstaller.exe
Tutorial for the uninstaller if needed -> http://www.outerinfo.com/howto.html

Please download Brute Force Uninstaller to your desktop.
http://www.merijn.org/files/bfu.zip

-> Right-click the BFU folder on your desktop, and choose Extract All
-> Click Next
-> In the box to choose where to extract the files to,
-> Click Browse
-> Click on the + sign next to My Computer
-> Click on Local Disk ( C: ) or whatever your primary drive is
-> Click Make New Folder
-> Type in BFU
-> Click Next, and Uncheck the Show Extracted Files box and then click Finish.

RIGHT-CLICK the following link and choose "Save As" (in IE it's "Save Target As") in order to download QooFix.bat by LonnyRJones -> http://downloads.subratam.org/Lon/qooFix.bat
Save it in the same folder you made earlier (c:\BFU).

Please close ALL other open windows & explorer folder's, then double-click on QooFix.bat
Choose option #1 (Qoolfix autofix) and follow the prompts.
Please be patient, it will take about five minutes.

Download E2TakeOut.exe and unzip it to your desktop -> http://www.malwarebytes.org/E2TakeOut.zip
-> Doubleclick E2TakeOut.exe
-> Click Begin Removal
-> Wait for the scan to end
-> Restart your computer
-> A logfile should open, copy its contents to your next reply

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo...
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{9B986C62-A389-8D2C-FC38-F1EA1FB073B6} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\iygwg.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,stnbqfl.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\System32\irsmriqb.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: (no name) - {9B986C62-A389-8D2C-FC38-F1EA1FB073B6} - C:\WINDOWS\System32\vmor.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\System32\adrotate.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKCU\..\Run: [Sroc] "C:\DOCUME~1\Dad\MYDOCU~1\aDOBE\ntvdm.exe" -vt mt
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.snipernet.us
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Dad\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3084
O20 - AppInit_DLLs: inicfg32.dll ping.dll C:\WINDOWS\System32\ping.dll

Fix this too if you haven't blocked acces to IE settings:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\WebHancer
C:\Program Files\PurityScan
C:\Program Files\SafeSurfing
C:\Program Files\InternetOptimizer
C:\Program Files\DyFuCa

Delete these files (if found):
C:\WINDOWS\nem220.dll
C:\WINDOWS\System32\irsmriqb.dll
C:\WINDOWS\wsem303.dll
C:\WINDOWS\System32\WinNB57.dll
C:\WINDOWS\System32\vmor.dll
C:\WINDOWS\System32\adrotate.dll
C:\WINDOWS\System32\WinNB57.dll

Run ATF Cleaner -> Check select all -> Press Empty selected

-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.
-> When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post

Clean the Recycle bin and make your hidden files visible again.

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> E2TakeOut log

(IF you lost your internet connection during the new.net removal, doubleclik LSPFix.exe. Check "I know what I'm doing" option.You see two panels; If something is listed in "Remove" panel on the right side, leave it there and press "Finish>>". Then restart your computer and the connection should work. If nothing is listed in "Remove" panel, DO NOTHING, close LSPFix. Go to some different machine to get help. (This is just a precaution. Usually the internet connection stays ok ;) )

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

ryan8787

Newbie

1. July 2006 @ 22:30

Link to this message

I think that my laptop might have a minor infection. It seems to be lagging more than it used to.......would you mind taking a look at my log???

Logfile of HijackThis v1.99.1
Scan saved at 1:29:29 AM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RAM Idle\RAM_XP.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Joshua\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\Airlink101\PVR-PLUS\TVR\Scheduled.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

THANKS!!

[ + quote]

JaPK

Senior Member

1. July 2006 @ 23:39

Link to this message

Hi ryan8787, your laptop seems to be clean but you should install a firewall and an antivirus into it.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

These are good (free) antiviruses:
AVG Antivirus --> http://www.grisoft.com
Avast --> http://www.avast.com

You can fix these with HijackThis if you want to free your memory:

O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?

Could you please post the logs from the first computer when you have completed the steps in my last message.

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 1. July 2006 @ 23:41

ryan8787

Newbie

3. July 2006 @ 15:42

Link to this message

Here are all of my log files.... some of the entries that you said i needed to fix were gone when i tried..... I hope it is a little better......

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:37:24 PM 7/3/2006

+ Scan result:

C:\Recycled\NPROTECT\00252479.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Recycled\NPROTECT\00252484.DLL -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Recycled\NPROTECT\00252489.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1015\A0124742.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0125577.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0125773.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP942\A0111797.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP952\A0112818.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP952\A0112819.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP958\A0112848.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP958\A0112849.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP969\A0112964.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP970\A0112994.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP970\A0112998.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP970\A0112999.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP970\A0113000.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113894.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Pocket Hosts\Hosts.MIPSH.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Recycled\NPROTECT\00252965.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127536.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128528.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128539.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128556.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0129557.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1017\A0130556.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131556.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131566.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131621.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131632.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131665.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131666.EXE -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0132643.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0133644.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0134644.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0135646.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0136643.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0137643.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0138660.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0139660.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140664.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140692.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\Points Manager -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\Points Manager\Points Manager.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/adm25.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/adm4.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/adm4005.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/admdloader.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/admfdi.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/admprog.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/altnetuninstall.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/Setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/adm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/adm25.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/adm4.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/admdloader.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/admfdi.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/admprog.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/dmfiles.cab/AltnetUninstall.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/pmexe.cab/Points Manager.exe -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM.ADM.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SigningModule.SigningModule.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140676.DLL -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/points manager/sysdetect.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20041031162248182.zip/WINDOWS/system32/cd_clint.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140669.dll -> Adware.E2Give : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140694.dll -> Adware.E2give : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0135640.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0135641.dll -> Adware.Ezula : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Netstat -> Adware.Ezula : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Software Installer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf3 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf5 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-1606980848-1957994488-1005\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-1606980848-1957994488-1005\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-1606980848-1957994488-1005\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20060703-175235-717.dll -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Recycled\NPROTECT\00253146.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127539.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0129560.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\up9.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128568.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140675.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\WinATS.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\WinDmy.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
C:\WINDOWS\mirar.exe -> Adware.NetNucleus : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe -> Adware.P2PNetworking : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Adware.P2PNetworking : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Adware.P2PNetworking : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Adware.P2PNetworking : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Adware.P2PNetworking : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> Adware.PeerNet : Cleaned with backup (quarantined).
C:\Recycled\NPROTECT\00252312.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0133640.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0134640.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140680.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140695.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert -> Adware.SafeSurfing : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Software Installer -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127532.dll -> Adware.SideFind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131647.dll -> Adware.SideFind : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20060703-175234-471.dll -> Adware.Trafgen : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140704.dll -> Adware.Trafgen : Cleaned with backup (quarantined).
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\WhSurvey.exe -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127527.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127528.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127529.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127530.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127543.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127544.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131648.EXE/whAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140666.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140671.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140713.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140714.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140715.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webHancer\ESO -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1015\A0124791.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1015\A0124792.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0125580.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0125581.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0135642.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP969\A0112964.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP970\A0112997.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113892.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113895.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113896.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113912.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113913.DLL -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP993\A0116858.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP994\A0116950.DLL -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP994\A0116951.DLL -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP997\A0119479.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP997\A0119480.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP999\A0121601.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP999\A0121602.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140673.DLL -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140672.DLL -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140670.DLL -> Downloader.Dyfuca.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140705.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20041031162248182.zip/WINDOWS/browserxtras/pn/remove.exe -> Downloader.Keenval.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128567.exe -> Downloader.PurityScan.cp : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\oins.exe -> Downloader.PurityScan.cp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127525.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Recycled\NPROTECT\00253086.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Recycled\NPROTECT\00253087.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140667.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140668.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140674.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140681.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\pi1_36.exe -> Downloader.Small.cqy : Cleaned with backup (quarantined).
C:\WINDOWS\xload.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
C:\Recycled\NPROTECT\00253066.OCX -> Dropper.PurityScan.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128566.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\a.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined).
C:\Recycled\NPROTECT\00253127.exe -> Logger.VB.eh : Cleaned with backup (quarantined).
C:\Recycled\NPROTECT\00253128.exe -> Logger.VB.eh : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140682.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\Program Files\Bano\Ylet.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140710.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).

::Report end

E2TakeOut v1.01 [http://www.malwarebytes.org]

Removed! C:\WINDOWS\System32\inicfg32.dll
Removed directory and files! C:\Program Files\E2G
Removed orphaned leftovers
AppInit key reset

Logfile of HijackThis v1.99.1
Scan saved at 6:40:40 PM, on 7/3/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus C82 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P32 "EPSON Stylus C82 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C82"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir... (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\plugins\Npcdn32.dll
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple...
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[ + quote]

JaPK

Senior Member

4. July 2006 @ 08:00

Link to this message

Ok, looks quite good :)

Download F-Secure Blacklight and save it to your desktop -> http://www.f-secure.com/blacklight/try.shtml

Doubleclick blbeta.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)

Post a fresh HijackThis log to here too.

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

ryan8787

Newbie

10. July 2006 @ 16:33

Link to this message

Do you see anything else that could be wrong with my laptop? I haven't made it back to my other computer.....

Logfile of HijackThis v1.99.1
Scan saved at 7:32:35 PM, on 7/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joshua\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\Airlink101\PVR-PLUS\TVR\Scheduled.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[ + quote]

JaPK

Senior Member

10. July 2006 @ 19:47

Link to this message

Your laptop looks clean, although you should install a firewall and an antivirus into it.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

These are good (free) antiviruses:
AVG Antivirus --> http://www.grisoft.com
Avast --> http://www.avast.com

If you used windows firewall, disable it after installing new firewall.

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

ryan8787

Newbie

25. July 2006 @ 16:56

Link to this message

Hey, you've been so helpful. I really appreciate everything that you do for us. Could I bother you to look at my friends computer's HijackThis log. Here it is....

Logfile of HijackThis v1.99.1
Scan saved at 7:55:47 PM, on 7/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AS01_Netgear] C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{651FA245-75EE-4304-8696-D8D5987CFF7D}: NameServer = 24.93.41.125,24.93.41.126
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

Thanks!!

[ + quote]

JaPK

Senior Member

26. July 2006 @ 10:08

Link to this message

Hi again ryan8787 :)

Yes I can have a look ;)

Are you having any problems ?

You don't seem to have have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

If you used windows firewall, disable it after installing new firewall.

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Delete these files (if found):
C:\WINDOWS\web\related.htm

Otherwise it is looking clean :)

Your Windows and Internet Explorer are outdated.

So go to Windows Update -> http://windowsupdate.microsoft.com
-> Install Service Pack 2.
-> Reboot your computer and get back to the Windows Update.
-> Install all remaining important updates that are availabe.

It is important to update your system because it is extremely vulnerable without updates.

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

ryan8787

Newbie

26. July 2006 @ 20:07

Link to this message

OK, Great! just one quick question....I know that it looks like she doesn't have SP2, I saw that it doesn't show under "system". I did notice that she has some hotfix that are for SP2. Windows update doesn't see that she doesn't have SP2. What do I do?!?! I hope that wasn't worded too weird...

[ + quote]

JaPK

Senior Member

27. July 2006 @ 07:50

Link to this message

When you enter the windows update, is there any updates available?

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

ryan8787

Newbie

28. July 2006 @ 19:25

Link to this message

i figured it out. I had some SP2 hotfixes installed that must have tricked windowsupdate into thinking that i already had SP2.
Thanks

[ + quote]

Page:	< Previous	1	2	3

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > here's my hijack log....sysprotect etc... can anyone provide me some guidance. =)


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.