|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Grinding Halt and Brief Disconnects
Hi!
During the past few weeks I have been having some trouble with my comp. It began with just the internet being weird, slowing to a grinding halt, almost to the point of disconnecting me from the net (0.1b/s on Downloads). Then the internet connection would stay active but I would be disconnected from mIRC and my downloads would freeze after about 2 mins. Now my computer has just become sluggish. explorer.exe is suddenly taking up 99 CPU on the taskmanager and doing anything becomes extremely hard to do because of the slow-down. I have ran multiple virus scans with AVGuard, Avast!, and McAfee and found no viruses. I also ran eWido, and SpyBot and found some malware but nothing lethal. Here is my HijackThis log for anyone who may want to take a guess at what exactly seems to be going on with my rig. Thanks to all who take the time to read my post ---- Logfile of HijackThis v1.99.1 Scan saved at 4:28:09 AM, on 5/17/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Matt\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hrlphlrgjduuprnpovysmojpy...jY5nhrBRDR.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06AXLRD_247053875] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123063047443 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5D50531A-3AC5-4A0C-BBE8-E95D956D931B}: NameServer = 206.47.244.90 67.69.184.135 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe Thanks Again! |
#2
|
||||
|
||||
Howdy Iceman87,
Some portion of a Lop infection showing there, so let's make repairs. To avoid it interfering with infection removal, open Ewido and in the main window click "Realtime protection" (in green indicating "Active") to change to inactive. While you have it open update it (but don't scan just yet). Next run the below uninstallers (If your AV queries the download, allow it. It's not malicious). http://lop.com/new_uninstall.exe http://lop.com/toolbar_uninstall.exe Reboot info Safe Mode (tap F8 at startup and select Safe Mode). Run Ewido now. Click on scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido. Then reboot. Run a new scan with HijackThis, and post that and the Ewido log back here for review please. |
#3
|
|||
|
|||
Alright I did all you asked but forgot to save the eWido report.
Here is the current HijackThis log. I am still getting all my downloads interrupted and can't download a proper 50mb file from any site without it freezing.... Thanks Tom! HijackThis Log: Logfile of HijackThis v1.99.1 Scan saved at 12:09:21 AM, on 5/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\System32\NMSSvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\eMule\emule.exe C:\Program Files\Webteh\BSplayerPro\bsplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Matt\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06AXLRD_247053875] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123063047443 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5D50531A-3AC5-4A0C-BBE8-E95D956D931B}: NameServer = 206.47.244.90 67.69.184.135 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe |
#4
|
||||
|
||||
Run the Ewido Safe Mode process again, and post back the report this time please. It can now at least show what it may have trouble with. Also, do you have the free, adware bundled version of BS Player (which is a known infection source)?
|
#5
|
|||
|
|||
No I purchased the full version. Running the safe mode now, sorry for the delay, had a death in the family. Stay tuned...
Thanks Again EDIT: Also, this is the message I am recieving in mIRC, * [10053] Software caused connection abort* Last edited by Iceman87; May 22nd, 2006 at 08:35 AM. |
#6
|
|||
|
|||
Latest eWido Report
--------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 4:50:10 AM, 5/22/2006 + Report-Checksum: 1A6451C5 + Scan result: :mozilla.7:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.8:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.9:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.11:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.12:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.13:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.14:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.19:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.31:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.32:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.33:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.34:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.35:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.36:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.38:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.40:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.73:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.74:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.84:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.85:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.88:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.89:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.90:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.91:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.92:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.93:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.94:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.95:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.96:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.108:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.109:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.114:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.115:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.116:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.117:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.120:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.121:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.122:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.123:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.124:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.130:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.131:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.132:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.133:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.134:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.135:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.136:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.142:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.143:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.145:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.146:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.155:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.160:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.161:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.162:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.163:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.164:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.171:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.179:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.180:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.181:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.182:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.183:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.211:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.212:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.213:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.221:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.222:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.234:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.235:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.237:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.238:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.239:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.240:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.260:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.261:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.275:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.303:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.304:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.305:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.306:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.308:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.309:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.310:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.311:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.323:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.324:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.349:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.385:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.386:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.387:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.388:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.389:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.390:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.395:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.397:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.398:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Paycounter : Cleaned with backup :mozilla.429:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.482:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.483:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.484:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.485:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Matt\Cookies\matt@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup ::Report End |
#7
|
|||
|
|||
Latest HiJackThis Report
Logfile of HijackThis v1.99.1 Scan saved at 4:52:49 AM, on 5/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\System32\NMSSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Webteh\BSplayerPro\bsplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Matt\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06AXLRD_247053875] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123063047443 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5D50531A-3AC5-4A0C-BBE8-E95D956D931B}: NameServer = 206.47.244.90 67.69.184.135 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe Thanks Tom! PS: I turned off the Windows FireWall and have not been disconnected from mIRC and non of my downloads have been disconnected. |
#8
|
||||
|
||||
Could definitely be a firewall issue. Although Ewido had no finds on that second run, I am not too thrilled with the change in your search function there. Let's run some simple programs to make sure. Please do the following.
Download CWShredder from here and have it ready to use. Then run CWShredder and hit the "Fix" button. Then Download AboutBuster.zip from Here and unzip it to it's own folder. When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts) and make sure that you can view hidden files and folders. Close all open windows and run Hijack This again. Check the below entries and click on Fix Checked. R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank Close Hijack This and run AboutBuster (click on AboutBuster.exe). Select "Yes" to close Internet Explorer. When the program opens, click the "Begin Removal" button. When the scan finishes, click "Exit". Run AboutBuster a second time. When the second scan is completed, locate the Ab LogFile.txt in the AboutBuster folder, open this with NotePad and post that log back in this thread when you have rebooted, along with a new HijackThis please. |
#9
|
|||
|
|||
Thanks again for the reply Tom. Here are the logs you requested.
AboutBuster 6.0 Scan started on [5/23/2006] at [12:54:17 AM] ------------------------------------------------------------- Internet Explorer Instances Terminated! HomeSearch Service stopped if present ------------------------------------------------------------- No Ads Found! ------------------------------------------------------------- No Files Found! ------------------------------------------------------------- Scan was COMPLETED SUCCESSFULLY at 12:56:45 AM HiJackThis! Log File... Logfile of HijackThis v1.99.1 Scan saved at 1:00:12 AM, on 5/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Documents and Settings\Matt\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06AXLRD_247053875] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123063047443 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5D50531A-3AC5-4A0C-BBE8-E95D956D931B}: NameServer = 206.47.244.90 67.69.184.135 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe Thanks Tom! |
#10
|
||||
|
||||
Looking real good. How is your system running now? Let's check for remainders. Please do the following.
Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF). Run this for Firefox as well (click Firefox, top of ATF Cleaner window). Then Go here for an online AV scan. Scan "Local Disks" and when finished save the scan log and then post the log here. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Inconsistent Fan Grinding/Buzzing | Smokey | Hardware | 4 | December 5th, 2021 03:32 AM |
My PC has ground to a halt - please help | zortab | Malware Removal | 8 | July 2nd, 2005 01:14 PM |
slowing to a halt | dmckean | Malware Removal | 3 | April 23rd, 2005 05:35 AM |
Slight Grinding Noise | falcon1 | Hardware | 4 | May 12th, 2004 11:16 PM |
All times are GMT +1. The time now is 03:35 AM.