Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Mowill

Started by mcallistercd , Dec 08 2005 06:47 PM

  • This topic is locked This topic is locked
21 replies to this topic

#1 mcallistercd

mcallistercd

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 08 December 2005 - 06:47 PM

Please give me some specific advice about what to do...My google bar has been hijacked by morwill. Other things may need fixing too. Thanks in advance for any advice/help. Craig McAllister. Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:30:26 PM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Elrpmmk\Sxty.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\adsldpbe.dll
O2 - BHO: (no name) - {a3873963-b5a1-4a4d-bb18-ba3a5e39f12b} - C:\WINDOWS\system32\svenvxny.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Glytb] C:\Program Files\Elrpmmk\Sxty.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ENEA966P\WAS5Scan[1].exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13....es/MsnPUpld.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: vtsqq - vtsqq.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Advertisements

Register to Remove

#2 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 29 December 2005 - 08:59 AM

Hello and welcome at TomCoyoteforum, Sorry for the delay in responding, it's been pretty busy here and not all logs get answered as quickly as we'd like. If you still need help with your problem, please reply to this message with a new HijackThis log. I will be notified automatically when you reply.
Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

#3 mcallistercd

mcallistercd

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 January 2006 - 10:46 AM

I have gone back to using mozilla firefox for my primary browser as it tends to be less likely to be hacked into by worms, etc. BUT, there is some loss of functionality when visiting certain sights and certain things that firefox can't do that I like about IE. Anyway, here is my log file (just created a minute or 2 ago). Thanks for your help. Please email me at emailadress deleted by Toscane when you reply to this post so that I don't foget to check back and get the benefit of your advice. Thanks,

Craig



Logfile of HijackThis v1.99.1
Scan saved at 9:42:18 AM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Elrpmmk\Sxty.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {a3873963-b5a1-4a4d-bb18-ba3a5e39f12b} - C:\WINDOWS\system32\svenvxny.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Glytb] C:\Program Files\Elrpmmk\Sxty.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ENEA966P\WAS5Scan[1].exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13....es/MsnPUpld.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtsqq - vtsqq.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe[color=#CC66CC]

Edited by toscane, 08 January 2006 - 03:20 PM.

#4 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 08 January 2006 - 03:26 PM

I removed your emailadres. Scavenger bots, or spam bots can pick it up and overwhelm you with their e-mails or even worse. You can use the "track this topic"button under “options” and subscribe to this topic. That way you will be notified automatically when someone replies.
Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

#5 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 08 January 2006 - 03:34 PM

To clean temporary files:
Go > start > run and type cleanmgr and click OK
Scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
Click OK to remove those files.
Click Yes to confirm deletion.



Download the trial version of SpySweeper
*Scroll down and click "Spy Sweeper 4.5 - Free Trial"
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next
From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, scan again and post back with a fresh HijackThis log.

Edited by toscane, 08 January 2006 - 03:39 PM.

Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

#6 mcallistercd

mcallistercd

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 09 January 2006 - 10:50 AM

Thanks for helping me with this....Spysweeper seems to have problems with "internetoptimizer"...below is a new HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 9:46:35 AM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Elrpmmk\Sxty.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {a3873963-b5a1-4a4d-bb18-ba3a5e39f12b} - C:\WINDOWS\system32\svenvxny.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Glytb] C:\Program Files\Elrpmmk\Sxty.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ENEA966P\WAS5Scan[1].exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13....es/MsnPUpld.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtsqq - vtsqq.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#7 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 09 January 2006 - 02:50 PM

We need to disable SpySweeper as it may interfere with the fix:

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck 'automaticly restore default without notifiction".

Run Hijackthis, click on 'Do a system scan only
check only the items listed below:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {a3873963-b5a1-4a4d-bb18-ba3a5e39f12b} - C:\WINDOWS\system32\svenvxny.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Glytb] C:\Program Files\Elrpmmk\Sxty.exe
O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ENEA966P\WAS5Scan[1].exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: vtsqq - vtsqq.dll (file missing)

Close all other windows except Hijackthis
Click on 'Fix checked

Do you know this folder:
C:\Program Files\Elrpmmk
If not, and there not other files in that folder please delete it.

Download the trial version of Ewido Security Suite.
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

To clean temporary files:
Go > start > run and type cleanmgr and click OK
Scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
Click OK to remove those files.
Click Yes to confirm deletion.

Safe mode for XP
Next, reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (or F5).
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Now scan with Ewido. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Reboot the computer in normal mode and post back here with a fresh log using HijackThis and Ewido scan log.


After the fix is complete it is very important that you enable Real-time Protection again.
Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

#8 mcallistercd

mcallistercd

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 09 January 2006 - 04:23 PM

Here is my new HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:13:19 PM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ENEA966P\WAS5Scan[1].exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13....es/MsnPUpld.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


And here is my Ewindo Scan Log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:08:21 PM, 1/9/2006
+ Report-Checksum: CD73F311

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf3 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf5 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Cleaned with backup
:mozilla.12:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.24:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.35:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.50:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.51:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.52:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.54:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.66:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.67:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.68:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.71:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.75:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.81:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.82:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.84:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.85:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.86:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.87:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.88:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.89:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.90:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.91:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.92:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.93:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.94:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.95:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.96:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.97:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.100:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.101:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.102:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.112:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.113:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.119:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.131:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.134:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.135:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.136:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.139:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.140:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.141:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.144:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.145:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.149:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.154:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.155:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.156:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.159:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.160:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.161:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.165:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.166:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.173:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.174:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.175:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.176:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.218:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.234:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.269:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.270:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.293:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.295:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.348:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.355:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.379:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.398:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.411:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.416:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.417:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.418:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.419:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.431:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.460:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.461:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.462:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.475:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.483:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.486:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.497:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.498:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.499:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.510:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.517:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.522:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.529:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.545:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.584:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.621:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.645:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.646:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.647:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.648:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.649:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.650:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.651:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.652:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.654:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.664:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.665:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.684:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.685:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.693:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.705:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.726:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.728:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.732:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.733:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.734:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.735:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.736:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.737:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.753:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.757:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.766:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.767:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.768:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.769:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.770:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.787:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.813:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.839:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.845:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.868:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.874:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.893:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.900:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.955:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.956:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ddhezxww.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-2a0c82a4-675f2582.class -> Downloader.OpenStream.y : Cleaned with backup
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-486c9904-45fdd771.class -> Downloader.OpenStream.y : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\bijnnpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@commission-junction[1].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@ehg-bizjournals.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\dbjhopmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\fnlinpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\fpmmopmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\gahippmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\gndlpgfd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\gpcjdpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\iemgppmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\igdmfpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\lbgfppmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\mgocppmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\nflgapmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\nibbopmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\odbdppmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\oklgepmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\pachppmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\pegmmpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\prflbmsgp32.dll -> Downloader.Delf.yb : Cleaned with backup
C:\WINDOWS\system32\ddabc.dll -> Downloader.ConHook.k : Cleaned with backup


::Report End

Thanks again for the help...Please post what to do next.

#9 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 10 January 2006 - 04:38 PM

Open HijackThis > click "Do a system scan only"
Place a checkmark next to the entries below.
After you have done that close all browsers and windows except HijackThis, and have HijackThis fix them by clicking Fix Checked:

O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ENEA966P\WAS5Scan[1].exe"

Download Ccleaner Install it to your desktop, but do NOT run it yet.
Next run CCleaner
1. Open CCleaner.
2. Place a check by everything in the Applications tab.
3. Place a check by Internet Explorer, Windows explorer, and System in the Windows tab (take care that Windows logfiles is unchecked).
4. Hit the button that says Run CCleaner
5. Reboot to remove index.dat files.


Please go to:
start-->run

and type this in:
notepad
click OK

Open notepad
Copy and past below bold text in the window

regedit /e running.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"


Then click on the FILE menu and select save as
Save the file as regfix.bat. Save the file to the desktop.
IMPORTANT: make sure to save the file as "all types" and NOT as a text file


Now double click on regfix.bat and
A file named “running.txt” now appears on your desktop
Dubbelclick this file ‘running.txt”
Notepad will open.

Select all (ctr+A), copy and past it in your next post together with a new HJT log.
Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

#10 mcallistercd

mcallistercd

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 11 January 2006 - 10:51 AM

Ran into a snag.....I could not fix what you wanted me to with HJT because an Error #52 popped up...I sent an email to the person the error pop-up told me to, and am waiting to find out what to do...Here's a screen capture of that pop-up for your reference....

Posted Image

    Advertisements

Register to Remove

#11 mcallistercd

mcallistercd

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 11 January 2006 - 11:21 AM

OK, so the email bounced back as "delivery failed" to the email address on the pop up window...what do I do now??? I'm going to make sure I have latest version of HJT....other than that, I am frustrated...please advise! I found new contact info for the HJT author and emailed there... Waiting for a reply. Thanks again for your help and patience.

Edited by mcallistercd, 11 January 2006 - 11:29 AM.

#12 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 11 January 2006 - 12:53 PM

Perhaps HJT can not fix that line because it is too long.
Did you use Ccleaner?

Can you post back with this txtfile:

running.txt
Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

#13 mcallistercd

mcallistercd

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 11 January 2006 - 01:29 PM

I hadn't done the rest of the steps in your previous post because I thought I needed to rectify that line from the HJT log first. I will now go get the CCleaner and post the runing.txt file Thanks

#14 mcallistercd

mcallistercd

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 11 January 2006 - 01:48 PM

OK, here is what I copied from the running.txt file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="zHotkey.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SunKistEM"="C:\\Program Files\\eMachines Bay Reader\\shwiconem.exe"
@=""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"NI.UWAS5LP_0001_0811"="\"C:\\Documents and Settings\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\ENEA966P\\WAS5Scan[1].exe\""
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


AND, here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:48:55 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ENEA966P\WAS5Scan[1].exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13....es/MsnPUpld.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by mcallistercd, 11 January 2006 - 01:49 PM.

#15 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 12 January 2006 - 01:14 AM

Okay, I have made a regfix to delete the key that can not be fixed by HJT. Just have to wait for an approval :)
Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·