Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

winfixer


  • This topic is locked This topic is locked
57 replies to this topic

#16 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 08 January 2006 - 01:47 AM

Hi!
I activated spyguard again, I put up every single spysweeper shield again, except the start-up program shields and the browser adds-on shields (is that ok?)
I ran a spybot search and destroy and found nothing!! :weee:

Great, looks like I'm clean!
If I do again run into trouble, should I continue posting in this thread?
thanks eagle. :)

    Advertisements

Register to Remove


#17 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 08 January 2006 - 03:06 AM

darn...I put up every single spysweeper shield again (except start-up shields and browser add-ons shield...is that right like that?), activated spyguard again..ran spybot, it found nothing...after a while winfixer popped up again, I can't believe it...it seems to pop up while visiting this page: www.myspace.com (as it did this time again) :scratch:
I also ran ewido, there is something strange about that, every time I run it, it finds oodles of things, up to 100. If I run it again, I mean like right afterwards, it again finds a huge amout of stuff. Weird.
hope you can help me and are not running out of patience..
by the way, after the winfixer reappeared again, I ran spybot again, and this time it found winfixer again..(I fixed the selected problems, three winfixer entries..)

best, Amar.

Here's my ewido log after which I rebooted and then my hijackthis log:

---------------------------------------------------------
ewido anti-malware - Scan Report
---------------------------------------------------------

+ Erstellt am: 09:59:05, 08.01.2006
+ Report-Checksumme: 79954834

+ Scanergebnis:

:mozilla.6:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Firefox\Profiles\default.14t\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.9:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.10:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.11:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.12:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.13:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.14:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.15:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.16:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.17:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.18:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.19:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.32:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Gesäubert mit Backup
:mozilla.33:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Gesäubert mit Backup
:mozilla.34:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Gesäubert mit Backup
:mozilla.35:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Gesäubert mit Backup
:mozilla.63:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.64:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.65:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.66:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.67:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.68:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.69:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.84:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Revenue : Gesäubert mit Backup
:mozilla.85:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Revenue : Gesäubert mit Backup
:mozilla.86:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Revenue : Gesäubert mit Backup
:mozilla.100:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Euroclick : Gesäubert mit Backup
:mozilla.120:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.121:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.122:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.123:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.134:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Burstnet : Gesäubert mit Backup
:mozilla.142:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.143:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.155:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.156:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.157:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.158:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.159:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.160:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.161:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.162:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.163:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.164:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.165:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.166:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.167:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.168:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.169:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.170:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.171:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Clickzs : Gesäubert mit Backup
:mozilla.172:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Clickzs : Gesäubert mit Backup
:mozilla.286:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.287:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.288:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.289:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.397:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Masterstats : Gesäubert mit Backup
:mozilla.415:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.444:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Etracker : Gesäubert mit Backup
:mozilla.445:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Etracker : Gesäubert mit Backup
:mozilla.453:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Gesäubert mit Backup
:mozilla.454:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Gesäubert mit Backup


::Report Ende







Logfile of HijackThis v1.99.1
Scan saved at 10:03:21, on 08.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Iomega\AutoDisk\ADUserMon.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\dvd43\dvd43_tray.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\SpywareGuard\sgmain.exe
C:\Programme\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\Programme\iPod\bin\iPodService.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programme\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [dvd43] C:\Programme\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasserv] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programme\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq....yssey_web11.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe

Edited by amar66, 08 January 2006 - 03:07 AM.


#18 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 11 January 2006 - 04:20 AM

Sorry been sick are you still having trouble? Post another log and let me knkow how it is running. :(

#19 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 11 January 2006 - 04:36 AM

Hi little eagle, sorry to hear you were sick, I hope you're better!
It's weird...when I go here: www.myspace.com the winfixer pops up.. I don't get it.., here's my newest log from right now:


Logfile of HijackThis v1.99.1
Scan saved at 11:36:13, on 11.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Iomega\AutoDisk\ADUserMon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\dvd43\dvd43_tray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\SpywareGuard\sgmain.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\mozilla.org\Mozilla\mozilla.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programme\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [dvd43] C:\Programme\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasserv] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programme\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq....yssey_web11.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe

#20 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 11 January 2006 - 08:42 AM

Log looks clean :D Flush any DNS caches you have control over. Two examples are routers that act as proxy nameservers, and versions of Windows that support DNS caching. The way to fix the router cache is to power cycle the router. The way to fix XP/Win2K's is to enter the command "ipconfig /flushdns" at a cmd.exe prompt. Click start > all programs >accessories >command prompt and type in "ipconfig /flushdns" <<<with out the quotes Let me know if that helps

Edited by little eagle, 11 January 2006 - 08:43 AM.


#21 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 11 January 2006 - 08:55 AM

ok, I did that, then I got this answer: the dns cache couldn't be emptied, there was a mistake when executing this function. (or similar...translated from german. ;) )

#22 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 11 January 2006 - 08:59 AM

ipconfig /flushdns there is as space between the g and / that must be there

#23 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 11 January 2006 - 09:04 AM

I did it again, with the space...but I got the same response... C:\documents and settings\amar>ipconfig /flushdns that's how it looks, and then the same message comes.. I really appreciate your help, little eagle.

#24 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 11 January 2006 - 09:12 AM

Are you logging in as the admin of the computer?

#25 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 11 January 2006 - 09:13 AM

emm...no...just normal log in...

    Advertisements

Register to Remove


#26 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 11 January 2006 - 09:16 AM

Try booting in safe mode and see if that works. :scratch:

#27 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 11 January 2006 - 09:17 AM

ok, will boot to safe mode and try the same.

#28 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 11 January 2006 - 09:36 AM

ok, i did it in safe mode and got a similar message, here's the translation...

Windows IP configuration

An internal mistake happened: the order/execution is not supported.
ask the windows software fellow blabla..
aditional information: the host name could not be asked.


#29 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 11 January 2006 - 09:44 AM

If there is more than one user can you post a log from ever user on the computer. Clearly indicate which log belongs to which user, the type of rights the account has (Admin or limited), and for clarity post each log into a new post.

#30 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 11 January 2006 - 09:47 AM

little eagle, I am the only user that has access to this computer, when go to safe mode there is only administrator and amar to chose from, when I log on the normal way, there is nothing to chose, it opens automatically.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users