Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

winfixer


  • This topic is locked This topic is locked
57 replies to this topic

#31 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 11 January 2006 - 10:09 AM

Download Hoster by Toadbee at http://www.funkytoad.com/hoster.htm
extract it to your desktop and run it.

At the bottom click copy host file to clipboard and Paste it here.

    Advertisements

Register to Remove


#32 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 11 January 2006 - 10:33 AM

127.0.0.1 1.httpdads.com #SpySweeperCASS 127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS 127.0.0.1 a.mktw.net #SpySweeperCASS 127.0.0.1 a.tribalfusion.com #SpySweeperCASS 127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS 127.0.0.1 a3.suntimes.com #SpySweeperCASS 127.0.0.1 actionsplash.com #SpySweeperCASS 127.0.0.1 ad.abcnews.com #SpySweeperCASS 127.0.0.1 ad.adsmart.net #SpySweeperCASS 127.0.0.1 ad.adtraq.com #SpySweeperCASS 127.0.0.1 ad.atlas.cz #SpySweeperCASS 127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.blm.net #SpySweeperCASS 127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.dogpile.com #SpySweeperCASS 127.0.0.1 ad.doubleclick.com #SpySweeperCASS 127.0.0.1 ad.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.harmony-central.com #SpySweeperCASS 127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS 127.0.0.1 ad.howstuffworks.com #SpySweeperCASS 127.0.0.1 ad.img.yahoo.co.kr #SpySweeperCASS 127.0.0.1 ad.infoseek.com #SpySweeperCASS 127.0.0.1 ad.iwin.com #SpySweeperCASS 127.0.0.1 ad.jp.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.kimo.com.tw #SpySweeperCASS 127.0.0.1 ad.linkexchange.com #SpySweeperCASS 127.0.0.1 ad.linksynergy.com #SpySweeperCASS 127.0.0.1 ad.moscowtimes.ru #SpySweeperCASS 127.0.0.1 ad.net-service.de #SpySweeperCASS 127.0.0.1 ad.nl.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.no.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.openfind.com.tw #SpySweeperCASS 127.0.0.1 ad.preferances.com #SpySweeperCASS 127.0.0.1 ad.preferences.com #SpySweeperCASS 127.0.0.1 ad.sales.olympics.com #SpySweeperCASS 127.0.0.1 ad.se.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.sg.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.sma.punto.net #SpySweeperCASS 127.0.0.1 ad.tomshardware.com #SpySweeperCASS 127.0.0.1 ad.trafficmp.com #SpySweeperCASS 127.0.0.1 ad.uk.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.usatoday.com #SpySweeperCASS 127.0.0.1 ad.vol.at #SpySweeperCASS 127.0.0.1 ad.washingtonpost.com #SpySweeperCASS 127.0.0.1 ad.webprovider.com #SpySweeperCASS 127.0.0.1 ad01.mediacorpsingapore.com #SpySweeperCASS 127.0.0.1 ad08.focalink.com #SpySweeperCASS 127.0.0.1 ad1.aaddzz.com #SpySweeperCASS 127.0.0.1 ad1.peel.comwww.xbn.ru #SpySweeperCASS 127.0.0.1 ad10.doubleclick.net #SpySweeperCASS 127.0.0.1 ad11.doubleclick.net #SpySweeperCASS 127.0.0.1 ad12.doubleclick.net #SpySweeperCASS 127.0.0.1 ad13.doubleclick.net #SpySweeperCASS 127.0.0.1 ad14.doubleclick.net #SpySweeperCASS 127.0.0.1 ad15.doubleclick.net #SpySweeperCASS 127.0.0.1 ad16.doubleclick.net #SpySweeperCASS 127.0.0.1 ad17.doubleclick.net #SpySweeperCASS 127.0.0.1 ad18.doubleclick.net #SpySweeperCASS 127.0.0.1 ad19.doubleclick.net #SpySweeperCASS 127.0.0.1 ad2.adcept.net #SpySweeperCASS 127.0.0.1 ad2.doubleclick.net #SpySweeperCASS 127.0.0.1 ad2.peel.com #SpySweeperCASS 127.0.0.1 ad20.doubleclick.net #SpySweeperCASS 127.0.0.1 ad3.doubleclick.net #SpySweeperCASS 127.0.0.1 ad3.peel.com #SpySweeperCASS 127.0.0.1 ad4.doubleclick.net #SpySweeperCASS 127.0.0.1 ad5.doubleclick.net #SpySweeperCASS 127.0.0.1 ad6.doubleclick.net #SpySweeperCASS 127.0.0.1 ad7.doubleclick.net #SpySweeperCASS 127.0.0.1 ad7.internetadserver.com #SpySweeperCASS 127.0.0.1 ad8.doubleclick.net #SpySweeperCASS 127.0.0.1 ad9.doubleclick.net #SpySweeperCASS 127.0.0.1 ad-adex3.flycast.com #SpySweeperCASS 127.0.0.1 adbanner.sweepsclub.com #SpySweeperCASS 127.0.0.1 adbot.com #SpySweeperCASS 127.0.0.1 adbureau.net #SpySweeperCASS 127.0.0.1 adcodes.bla-bla.com #SpySweeperCASS 127.0.0.1 adcontent.gamespy.com #SpySweeperCASS 127.0.0.1 adcontroller.unicast.com #SpySweeperCASS 127.0.0.1 adcount.hollywood.com #SpySweeperCASS 127.0.0.1 adcreative.tribuneinteractive.com #SpySweeperCASS 127.0.0.1 adcreatives.imaginemedia.com #SpySweeperCASS 127.0.0.1 add.yaho.com #SpySweeperCASS 127.0.0.1 adengine.theglobe.com #SpySweeperCASS 127.0.0.1 adex3.flycast.com #SpySweeperCASS 127.0.0.1 adfarm.mediaplex.com #SpySweeperCASS 127.0.0.1 adforce.ads.imgis.com #SpySweeperCASS 127.0.0.1 adforce.adtech.de #SpySweeperCASS 127.0.0.1 adforce.imgis.com #SpySweeperCASS 127.0.0.1 adfu.blockstackers.com #SpySweeperCASS 127.0.0.1 adi.mainichi.co.jp #SpySweeperCASS 127.0.0.1 adimage.asia1.com.sg #SpySweeperCASS 127.0.0.1 adimage.asiaone.com.sg #SpySweeperCASS 127.0.0.1 adimage.bankrate.com #SpySweeperCASS 127.0.0.1 adimage.blm.net #SpySweeperCASS 127.0.0.1 adimages.earthweb.com #SpySweeperCASS 127.0.0.1 adimages.go.com #SpySweeperCASS 127.0.0.1 adimg.com.com #SpySweeperCASS 127.0.0.1 adimg.egroups.com #SpySweeperCASS 127.0.0.1 adimg1.chosun.com #SpySweeperCASS 127.0.0.1 adlink.deh.de #SpySweeperCASS 127.0.0.1 adlog.com.com #SpySweeperCASS 127.0.0.1 adlui001.adlink.de #SpySweeperCASS 127.0.0.1 admedia.xoom.com #SpySweeperCASS 127.0.0.1 adng.ascii24.com #SpySweeperCASS 127.0.0.1 adpick.switchboard.com #SpySweeperCASS 127.0.0.1 adpop.theglobe.com #SpySweeperCASS 127.0.0.1 adpulse.ads.targetnet.com #SpySweeperCASS 127.0.0.1 adremote.pathfinder.com #SpySweeperCASS 127.0.0.1 ads*.focalink.com #SpySweeperCASS 127.0.0.1 ads.1for1.com #SpySweeperCASS 127.0.0.1 ads.adflight.com #SpySweeperCASS 127.0.0.1 ads.ad-flow.com #SpySweeperCASS 127.0.0.1 ads.admaximize.com #SpySweeperCASS 127.0.0.1 ads.admonitor.net #SpySweeperCASS 127.0.0.1 ads.adtegrity.net #SpySweeperCASS 127.0.0.1 ads.advance.net #SpySweeperCASS 127.0.0.1 ads.adviva.net #SpySweeperCASS 127.0.0.1 ads.amazingmedia.com #SpySweeperCASS 127.0.0.1 ads.as4x.tmcs.net #SpySweeperCASS 127.0.0.1 ads.astalavista.us #SpySweeperCASS 127.0.0.1 ads.belointeractive.com #SpySweeperCASS 127.0.0.1 ads.bfast.com #SpySweeperCASS 127.0.0.1 ads.bianca.com #SpySweeperCASS 127.0.0.1 ads.bigcitytools.com #SpySweeperCASS 127.0.0.1 ads.bitsonthewire.com #SpySweeperCASS 127.0.0.1 ads.bloomberg.com #SpySweeperCASS 127.0.0.1 ads.cashsurfers.com #SpySweeperCASS 127.0.0.1 ads.cbc.ca #SpySweeperCASS 127.0.0.1 ads.centralohio.com #SpySweeperCASS 127.0.0.1 ads.clearbluemedia.com #SpySweeperCASS 127.0.0.1 ads.clearchannel.com #SpySweeperCASS 127.0.0.1 ads.clickagents.com #SpySweeperCASS 127.0.0.1 ads.clickhouse.com #SpySweeperCASS 127.0.0.1 ads.colo.kiva.net #SpySweeperCASS 127.0.0.1 ads.columbian.com #SpySweeperCASS 127.0.0.1 ads.courierpostonline.com #SpySweeperCASS 127.0.0.1 ads.criticalmass.com #SpySweeperCASS 127.0.0.1 ads.csi.emcweb.com #SpySweeperCASS 127.0.0.1 ads.currantbun.com #SpySweeperCASS 127.0.0.1 ads.dai.net #SpySweeperCASS 127.0.0.1 ads.democratandchronicle.com #SpySweeperCASS 127.0.0.1 ads.desmoinesregister.com #SpySweeperCASS 127.0.0.1 ads.detelefoongids.nl #SpySweeperCASS 127.0.0.1 ads.developershed.com #SpySweeperCASS 127.0.0.1 ads.devx.com #SpySweeperCASS 127.0.0.1 ads.digitalmedianet.com #SpySweeperCASS 127.0.0.1 ads.discovery.com #SpySweeperCASS 127.0.0.1 ads.doubleclick.com #SpySweeperCASS 127.0.0.1 ads.doubleclick.net #SpySweeperCASS 127.0.0.1 ads.ecircles.com #SpySweeperCASS 127.0.0.1 ads.enliven.com #SpySweeperCASS 127.0.0.1 ads.erotism.com #SpySweeperCASS 127.0.0.1 ads.eu.msn.com #SpySweeperCASS 127.0.0.1 ads.exhedra.com #SpySweeperCASS 127.0.0.1 ads.fairfax.com.au #SpySweeperCASS 127.0.0.1 ads.filez.com #SpySweeperCASS 127.0.0.1 ads.floridatoday.com #SpySweeperCASS 127.0.0.1 ads.fool.com #SpySweeperCASS 127.0.0.1 ads.forbes.com #SpySweeperCASS 127.0.0.1 ads.forbes.net #SpySweeperCASS 127.0.0.1 ads.fortunecity.com #SpySweeperCASS 127.0.0.1 ads.fredericksburg.com #SpySweeperCASS 127.0.0.1 ads.freshmeat.net #SpySweeperCASS 127.0.0.1 ads.gameanswers.com #SpySweeperCASS 127.0.0.1 ads.gamespy.com #SpySweeperCASS 127.0.0.1 ads.globeandmail.com #SpySweeperCASS 127.0.0.1 ads.god.co.uk #SpySweeperCASS 127.0.0.1 ads.granadamedia.com #SpySweeperCASS 127.0.0.1 ads.greensboro.com #SpySweeperCASS 127.0.0.1 ads.guardian.co.uk #SpySweeperCASS 127.0.0.1 ads.guardianunlimited.co.uk #SpySweeperCASS 127.0.0.1 ads.hitcents.com #SpySweeperCASS 127.0.0.1 ads.hollywood.com #SpySweeperCASS 127.0.0.1 ads.hyperbanner.net #SpySweeperCASS 127.0.0.1 ads.i33.com #SpySweeperCASS 127.0.0.1 ads.iafrica.com #SpySweeperCASS 127.0.0.1 ads.iambic.com #SpySweeperCASS 127.0.0.1 ads.icq.com #SpySweeperCASS 127.0.0.1 ads.ign.com #SpySweeperCASS 127.0.0.1 ads.imagine-inc.com #SpySweeperCASS 127.0.0.1 ads.imdb.com #SpySweeperCASS 127.0.0.1 ads.infi.net #SpySweeperCASS 127.0.0.1 ads.infospace.com #SpySweeperCASS 127.0.0.1 ads.iwon.com #SpySweeperCASS 127.0.0.1 ads.jacksonsun.com #SpySweeperCASS 127.0.0.1 ads.jpost.com #SpySweeperCASS 127.0.0.1 ads.jwtt3.com #SpySweeperCASS 127.0.0.1 ads.link4ads.com #SpySweeperCASS 127.0.0.1 ads.list-universe.com #SpySweeperCASS 127.0.0.1 ads.live365.com #SpySweeperCASS 127.0.0.1 ads.lycos.com #SpySweeperCASS 127.0.0.1 ads.madison.com #SpySweeperCASS 127.0.0.1 ads.mcafee.com #SpySweeperCASS 127.0.0.1 ads.mdchoice.com #SpySweeperCASS 127.0.0.1 ads.mediadevil.com #SpySweeperCASS 127.0.0.1 ads.mediaodyssey.com #SpySweeperCASS 127.0.0.1 ads.mediaturf.net #SpySweeperCASS 127.0.0.1 ads.mh5.com #SpySweeperCASS 127.0.0.1 ads.mirrormedia.co.uk #SpySweeperCASS 127.0.0.1 ads.msn.com #SpySweeperCASS 127.0.0.1 ads.msn-ppe.com #SpySweeperCASS 127.0.0.1 ads.musiccity.com #SpySweeperCASS 127.0.0.1 ads.mysimon.com #SpySweeperCASS 127.0.0.1 ads.nandomedia.com #SpySweeperCASS 127.0.0.1 ads.narrowline.com #SpySweeperCASS 127.0.0.1 ads.nerve.com #SpySweeperCASS 127.0.0.1 ads.netmechanic.com #SpySweeperCASS 127.0.0.1 ads.newcity.com #SpySweeperCASS 127.0.0.1 ads.newcitynet.com #SpySweeperCASS 127.0.0.1 ads.newsdigital.net #SpySweeperCASS 127.0.0.1 ads.newsint.co.uk #SpySweeperCASS 127.0.0.1 ads.newsquest.co.uk #SpySweeperCASS 127.0.0.1 ads.newtimes.com #SpySweeperCASS 127.0.0.1 ads.ninemsn.com.au #SpySweeperCASS 127.0.0.1 ads.northjersey.com #SpySweeperCASS 127.0.0.1 ads.nwsource.com #SpySweeperCASS 127.0.0.1 ads.nyi.net #SpySweeperCASS 127.0.0.1 ads.nypost.com #SpySweeperCASS 127.0.0.1 ads.nytimes.com #SpySweeperCASS 127.0.0.1 ads.ole.com #SpySweeperCASS 127.0.0.1 ads.paxnet.co.kr #SpySweeperCASS 127.0.0.1 ads.paxnet.com #SpySweeperCASS 127.0.0.1 ads.peel.com #SpySweeperCASS 127.0.0.1 ads.pennyweb.com #SpySweeperCASS 127.0.0.1 ads.premiumnetwork.com #SpySweeperCASS 127.0.0.1 ads.realcities.com #SpySweeperCASS 127.0.0.1 ads.realmedia.com #SpySweeperCASS 127.0.0.1 ads.rottentomatoes.com #SpySweeperCASS 127.0.0.1 ads.scifi.com #SpySweeperCASS 127.0.0.1 ads.seattletimes.com #SpySweeperCASS 127.0.0.1 ads.smartclicks.com #SpySweeperCASS 127.0.0.1 ads.smartclicks.net #SpySweeperCASS 127.0.0.1 ads.snowball.com #SpySweeperCASS 127.0.0.1 ads.specificpop.com #SpySweeperCASS 127.0.0.1 ads.sptimes.com #SpySweeperCASS 127.0.0.1 ads.starnews.com #SpySweeperCASS 127.0.0.1 ads.statesmanjournal.com #SpySweeperCASS 127.0.0.1 ads.stileproject.com #SpySweeperCASS 127.0.0.1 ads.switchboard.com #SpySweeperCASS 127.0.0.1 ads.telegraph.co.uk #SpySweeperCASS 127.0.0.1 ads.themes.org #SpySweeperCASS 127.0.0.1 ads.theolympian.com #SpySweeperCASS 127.0.0.1 ads.thestar.com #SpySweeperCASS 127.0.0.1 ads.tmcs.net #SpySweeperCASS 127.0.0.1 ads.tripod.com #SpySweeperCASS 127.0.0.1 ads.tucows.com #SpySweeperCASS 127.0.0.1 ads.ugo.com #SpySweeperCASS 127.0.0.1 ads.usatoday.com #SpySweeperCASS 127.0.0.1 ads.viaarena.com #SpySweeperCASS 127.0.0.1 ads.videoaxs.com #SpySweeperCASS 127.0.0.1 ads.vnuemedia.com #SpySweeperCASS 127.0.0.1 ads.washingtonpost.com #SpySweeperCASS 127.0.0.1 ads.web.aol.com #SpySweeperCASS 127.0.0.1 ads.web.de #SpySweeperCASS 127.0.0.1 ads.web21.com #SpySweeperCASS 127.0.0.1 ads.webcash.nl #SpySweeperCASS 127.0.0.1 ads.wnd.com #SpySweeperCASS 127.0.0.1 ads.x10.com #SpySweeperCASS 127.0.0.1 ads.xtra.co.nz #SpySweeperCASS 127.0.0.1 ads.zdnet.com #SpySweeperCASS 127.0.0.1 ads01.focalink.com #SpySweeperCASS 127.0.0.1 ads02.focalink.com #SpySweeperCASS 127.0.0.1 ads03.focalink.com #SpySweeperCASS 127.0.0.1 ads-03.tor.focusin.ads.targetnet.com #SpySweeperCASS 127.0.0.1 ads04.focalink.com #SpySweeperCASS 127.0.0.1 ads05.focalink.com #SpySweeperCASS 127.0.0.1 ads06.focalink.com #SpySweeperCASS 127.0.0.1 ads08.focalink.com #SpySweeperCASS 127.0.0.1 ads09.focalink.com #SpySweeperCASS 127.0.0.1 ads1.activeagent.at #SpySweeperCASS 127.0.0.1 ads1.ad-flow.com #SpySweeperCASS 127.0.0.1 ads1.advance.net #SpySweeperCASS 127.0.0.1 ads1.condenet.com #SpySweeperCASS 127.0.0.1 ads1.intelliads.com #SpySweeperCASS 127.0.0.1 ads1.sptimes.com #SpySweeperCASS 127.0.0.1 ads10.focalink.com #SpySweeperCASS 127.0.0.1 ads11.focalink.com #SpySweeperCASS 127.0.0.1 ads12.focalink.com #SpySweeperCASS 127.0.0.1 ads13.focalink.com #SpySweeperCASS 127.0.0.1 ads14.focalink.com #SpySweeperCASS 127.0.0.1 ads15.focalink.com #SpySweeperCASS 127.0.0.1 ads16.focalink.com #SpySweeperCASS 127.0.0.1 ads17.focalink.com #SpySweeperCASS 127.0.0.1 ads18.bpath.com #SpySweeperCASS 127.0.0.1 ads18.focalink.com #SpySweeperCASS 127.0.0.1 ads19.focalink.com #SpySweeperCASS 127.0.0.1 ads2.advance.net #SpySweeperCASS 127.0.0.1 ads2.clearchannel.com #SpySweeperCASS 127.0.0.1 ads2.condenet.com #SpySweeperCASS 127.0.0.1 ads2.zdnet.com #SpySweeperCASS 127.0.0.1 ads20.focalink.com #SpySweeperCASS 127.0.0.1 ads21.focalink.com #SpySweeperCASS 127.0.0.1 ads22.focalink.com #SpySweeperCASS 127.0.0.1 ads23.focalink.com #SpySweeperCASS 127.0.0.1 ads24.focalink.com #SpySweeperCASS 127.0.0.1 ads25.focalink.com #SpySweeperCASS 127.0.0.1 ads3.advance.net #SpySweeperCASS 127.0.0.1 ads3.zdnet.com #SpySweeperCASS 127.0.0.1 ads4.advance.net #SpySweeperCASS 127.0.0.1 ads4.clearchannel.com #SpySweeperCASS 127.0.0.1 ads4.condenet.com #SpySweeperCASS 127.0.0.1 ads5.advance.net #SpySweeperCASS 127.0.0.1 ads5.canoe.ca #SpySweeperCASS 127.0.0.1 ads5.gamecity.net #SpySweeperCASS 127.0.0.1 ads7.advance.net #SpySweeperCASS 127.0.0.1 ads7.udc.advance.net #SpySweeperCASS 127.0.0.1 ads-b.focalink.com #SpySweeperCASS 127.0.0.1 adserv.iafrica.com #SpySweeperCASS 127.0.0.1 adserv.internetfuel.com #SpySweeperCASS 127.0.0.1 adserv.newcentury.net #SpySweeperCASS 127.0.0.1 adserv.quality-channel.de #SpySweeperCASS 127.0.0.1 adservant.guj.de #SpySweeperCASS 127.0.0.1 adservant.mediapoint.de #SpySweeperCASS 127.0.0.1 adserver.ads360.com #SpySweeperCASS 127.0.0.1 adserver.anm.co.uk #SpySweeperCASS 127.0.0.1 adserver.bizland-inc.net #SpySweeperCASS 127.0.0.1 adserver.colleges.com #SpySweeperCASS 127.0.0.1 adserver.dbusiness.com #SpySweeperCASS 127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS 127.0.0.1 adserver.garden.com #SpySweeperCASS 127.0.0.1 adserver.hispavista.com #SpySweeperCASS 127.0.0.1 adserver.ign.com #SpySweeperCASS 127.0.0.1 adserver.janes.com #SpySweeperCASS 127.0.0.1 adserver.matchcraft.com #SpySweeperCASS 127.0.0.1 adserver.merc.com #SpySweeperCASS 127.0.0.1 adserver.monster.com #SpySweeperCASS 127.0.0.1 adserver.netcast.nl #SpySweeperCASS 127.0.0.1 adserver.news.com.au #SpySweeperCASS 127.0.0.1 adserver.nydailynews.com #SpySweeperCASS 127.0.0.1 adserver.phillyburbs.com #SpySweeperCASS 127.0.0.1 adserver.pollstar.com #SpySweeperCASS 127.0.0.1 adserver.securityfocus.com #SpySweeperCASS 127.0.0.1 adserver.snowball.com #SpySweeperCASS 127.0.0.1 adserver.track-star.com #SpySweeperCASS 127.0.0.1 adserver.trb.com #SpySweeperCASS 127.0.0.1 adserver.tribuneinteractive.com #SpySweeperCASS 127.0.0.1 adserver.ugo.com #SpySweeperCASS 127.0.0.1 adserver.ukplus.co.uk #SpySweeperCASS 127.0.0.1 adserver.webads.com #SpySweeperCASS 127.0.0.1 adserver.webads.nl #SpySweeperCASS 127.0.0.1 adserver1.ogilvy-interactive.de #SpySweeperCASS 127.0.0.1 adserver1.realtracker.com #SpySweeperCASS 127.0.0.1 adserver2.realtracker.com #SpySweeperCASS 127.0.0.1 adserver3.realtracker.com #SpySweeperCASS 127.0.0.1 adserver-espnet.sportszone.com #SpySweeperCASS 127.0.0.1 adsrv.bankrate.com #SpySweeperCASS 127.0.0.1 adsrv.iol.co.za #SpySweeperCASS 127.0.0.1 adsrv2.gainesvillesun.com #SpySweeperCASS 127.0.0.1 adtegrity.spinbox.net #SpySweeperCASS 127.0.0.1 adtegrity.thruport.com #SpySweeperCASS 127.0.0.1 adthru.com #SpySweeperCASS 127.0.0.1 ad-up.com #SpySweeperCASS 127.0.0.1 adverity.adverity.com #SpySweeperCASS 127.0.0.1 advert.bayarea.com #SpySweeperCASS 127.0.0.1 advert.heise.de #SpySweeperCASS 127.0.0.1 affiliate.doteasy.com #SpySweeperCASS 127.0.0.1 akaads-abc.starwave.com #SpySweeperCASS 127.0.0.1 altfarm.mediaplex.com #SpySweeperCASS 127.0.0.1 amch.questionmarket.com #SpySweeperCASS 127.0.0.1 amedia.techies.com #SpySweeperCASS 127.0.0.1 antfarm-ad.flycast.com #SpySweeperCASS 127.0.0.1 ar.atwola.com #SpySweeperCASS 127.0.0.1 arc1.msn.com #SpySweeperCASS 127.0.0.1 arc2.msn.com #SpySweeperCASS 127.0.0.1 arc3.msn.com #SpySweeperCASS 127.0.0.1 arc4.msn.com #SpySweeperCASS 127.0.0.1 arc5.msn.com #SpySweeperCASS 127.0.0.1 askmen.thruport.com #SpySweeperCASS 127.0.0.1 au.ads.link4ads.com #SpySweeperCASS 127.0.0.1 banner.adlink.de #SpySweeperCASS 127.0.0.1 banner.coza.com #SpySweeperCASS 127.0.0.1 banner.easyspace.com #SpySweeperCASS 127.0.0.1 banner.linkexchange.com #SpySweeperCASS 127.0.0.1 banner.media-system.de #SpySweeperCASS 127.0.0.1 banner.northsky.com #SpySweeperCASS 127.0.0.1 banner.orb.net #SpySweeperCASS 127.0.0.1 banner.relcom.ru #SpySweeperCASS 127.0.0.1 banner.rootsweb.com #SpySweeperCASS 127.0.0.1 banner1.adlink.de #SpySweeperCASS 127.0.0.1 bannerads.anytimenews.com #SpySweeperCASS 127.0.0.1 banners.adultfriendfinder.com #SpySweeperCASS 127.0.0.1 banners.affiliatefuel.com #SpySweeperCASS 127.0.0.1 banners.babylon-x.com #SpySweeperCASS 127.0.0.1 banners.chek.com #SpySweeperCASS 127.0.0.1 banners.easydns.com #SpySweeperCASS 127.0.0.1 banners.friendfinder.com #SpySweeperCASS 127.0.0.1 banners.internetextra.com #SpySweeperCASS 127.0.0.1 banners.looksmart.com #SpySweeperCASS 127.0.0.1 banners.moviegoods.com #SpySweeperCASS 127.0.0.1 banners.nextcard.com #SpySweeperCASS 127.0.0.1 banners.revenuelink.com #SpySweeperCASS 127.0.0.1 banners.valuead.com #SpySweeperCASS 127.0.0.1 banners.wunderground.com #SpySweeperCASS 127.0.0.1 bannerswap.com #SpySweeperCASS 127.0.0.1 barnesandnoble.bfast.com #SpySweeperCASS 127.0.0.1 beseenad.looksmart.com #SpySweeperCASS 127.0.0.1 bidclix.net #SpySweeperCASS 127.0.0.1 bizad.nikkeibp.co.jp #SpySweeperCASS 127.0.0.1 bn.bfast.com #SpySweeperCASS 127.0.0.1 c1.zedo.com #SpySweeperCASS 127.0.0.1 c3.xxxcounter.com #SpySweeperCASS 127.0.0.1 ca.fp.sandpiper.net #SpySweeperCASS 127.0.0.1 califia.imaginemedia.com #SpySweeperCASS 127.0.0.1 campaigns.f2.com.au #SpySweeperCASS 127.0.0.1 cb.icq.com #SpySweeperCASS 127.0.0.1 cds.mediaplex.com #SpySweeperCASS 127.0.0.1 cf.icq.com #SpySweeperCASS 127.0.0.1 cgi.declicnet.com #SpySweeperCASS 127.0.0.1 classic.adlink.de #SpySweeperCASS 127.0.0.1 click.adlink.de #SpySweeperCASS 127.0.0.1 click.avenuea.com #SpySweeperCASS 127.0.0.1 click.go2net.com #SpySweeperCASS 127.0.0.1 click.linksynergy.com #SpySweeperCASS 127.0.0.1 click.mp3.com #SpySweeperCASS 127.0.0.1 clickit.go2net.com #SpySweeperCASS 127.0.0.1 clickserve.cc-dt.com #SpySweeperCASS 127.0.0.1 commonwealth.riddler.com #SpySweeperCASS 127.0.0.1 comtrack.comclick.com #SpySweeperCASS 127.0.0.1 connect.247media.ads.link4ads.com #SpySweeperCASS 127.0.0.1 cookies.cmpnet.com #SpySweeperCASS 127.0.0.1 coreg.flashtrack.net #SpySweeperCASS 127.0.0.1 cornflakes.pathfinder.com #SpySweeperCASS 127.0.0.1 counter.hitbox.com #SpySweeperCASS 127.0.0.1 creative.whi.co.nz #SpySweeperCASS 127.0.0.1 crux.songline.com #SpySweeperCASS 127.0.0.1 delivery1.ads.telegraaf.nl #SpySweeperCASS 127.0.0.1 desktop.kazaa.com #SpySweeperCASS 127.0.0.1 di.image.eshop.msn.com #SpySweeperCASS 127.0.0.1 dino.mainz.ibm.de #SpySweeperCASS 127.0.0.1 direct.adlink.de #SpySweeperCASS 127.0.0.1 doubleclick.net #SpySweeperCASS 127.0.0.1 ds.eyeblaster.com #SpySweeperCASS 127.0.0.1 ehg-bestbuy.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-dig.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-espn.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-intel.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-macromedia.hitbox.com #SpySweeperCASS 127.0.0.1 engage.speedera.net #SpySweeperCASS 127.0.0.1 erie.smartage.com #SpySweeperCASS 127.0.0.1 etad.telegraph.co.uk #SpySweeperCASS 127.0.0.1 eur.yimg.com #SpySweeperCASS 127.0.0.1 fl01.ct2.comclick.com #SpySweeperCASS 127.0.0.1 focusin.ads.targetnet.com #SpySweeperCASS 127.0.0.1 fp.valueclick.com #SpySweeperCASS 127.0.0.1 ftp.nacorp.com #SpySweeperCASS 127.0.0.1 gadgeteer.pdamart.com #SpySweeperCASS 127.0.0.1 ganges.imagine-inc.com #SpySweeperCASS 127.0.0.1 garden.ngadcenter.net #SpySweeperCASS 127.0.0.1 geoads.osdn.com #SpySweeperCASS 127.0.0.1 global.msads.net #SpySweeperCASS 127.0.0.1 globaltrack.com #SpySweeperCASS 127.0.0.1 globaltrak.net #SpySweeperCASS 127.0.0.1 gm.preferences.com #SpySweeperCASS 127.0.0.1 gp.dejanews.com #SpySweeperCASS 127.0.0.1 hg1.hitbox.com #SpySweeperCASS 127.0.0.1 holland.hyperbanner.net #SpySweeperCASS 127.0.0.1 hurricane.adlink.de #SpySweeperCASS 127.0.0.1 i.timeinc.net #SpySweeperCASS 127.0.0.1 icover.realmedia.com #SpySweeperCASS 127.0.0.1 ieee-images.adbureau.net #SpySweeperCASS 127.0.0.1 im.800.com #SpySweeperCASS 127.0.0.1 image.click2net.com #SpySweeperCASS 127.0.0.1 image.eimg.com #SpySweeperCASS 127.0.0.1 image.imgfarm.com #SpySweeperCASS 127.0.0.1 images.ads.fairfax.com.au #SpySweeperCASS 127.0.0.1 images.bizrate.com #SpySweeperCASS 127.0.0.1 images.cybereps.com #SpySweeperCASS 127.0.0.1 images.fastclick.net #SpySweeperCASS 127.0.0.1 images.newsx.cc #SpySweeperCASS 127.0.0.1 images.scripps.com #SpySweeperCASS 127.0.0.1 images.trafficmp.com #SpySweeperCASS 127.0.0.1 images.webads.nl #SpySweeperCASS 127.0.0.1 images2.nytimes.com #SpySweeperCASS 127.0.0.1 imageserv.adtech.de #SpySweeperCASS 127.0.0.1 img.cmpnet.com #SpySweeperCASS 127.0.0.1 information.gopher.com #SpySweeperCASS 127.0.0.1 iv.doubleclick.net #SpySweeperCASS 127.0.0.1 java.yahoo.com #SpySweeperCASS 127.0.0.1 jobkeys.ngadcenter.net #SpySweeperCASS 127.0.0.1 js1.hitbox.com #SpySweeperCASS 127.0.0.1 k5ads.osdn.com #SpySweeperCASS 127.0.0.1 kansas.valueclick.com #SpySweeperCASS 127.0.0.1 kaplanindex.com #SpySweeperCASS 127.0.0.1 kr-adimage.lycos.co.kr #SpySweeperCASS 127.0.0.1 krd.realcities.com #SpySweeperCASS 127.0.0.1 leader.linkexchange.com #SpySweeperCASS 127.0.0.1 liquidad.narrowcastmedia.com #SpySweeperCASS 127.0.0.1 ln.doubleclick.net #SpySweeperCASS 127.0.0.1 m.doubleclick.net #SpySweeperCASS 127.0.0.1 m.tribalfusion.com #SpySweeperCASS 127.0.0.1 m2.doubleclick.net #SpySweeperCASS 127.0.0.1 macaddictads.snv.futurenet.com #SpySweeperCASS 127.0.0.1 marketing.nyi.net #SpySweeperCASS 127.0.0.1 maximumpcads.imaginemedia.com #SpySweeperCASS 127.0.0.1 mds.centrport.net #SpySweeperCASS 127.0.0.1 media.fastclick.net #SpySweeperCASS 127.0.0.1 media.popuptraffic.com #SpySweeperCASS 127.0.0.1 media.preferences.com #SpySweeperCASS 127.0.0.1 media13.fastclick.net #SpySweeperCASS 127.0.0.1 media15.fastclick.net #SpySweeperCASS 127.0.0.1 media17.fastclick.net #SpySweeperCASS 127.0.0.1 media19.fastclick.net #SpySweeperCASS 127.0.0.1 mediamgr.ugo.com #SpySweeperCASS 127.0.0.1 mercury.rmuk.co.uk #SpySweeperCASS 127.0.0.1 mjxads.internet.com #SpySweeperCASS 127.0.0.1 mojofarm.mediaplex.com #SpySweeperCASS 127.0.0.1 mojofarm.sjc.mediaplex.com #SpySweeperCASS 127.0.0.1 mt37.mtree.com #SpySweeperCASS 127.0.0.1 nbc.adbureau.net #SpySweeperCASS 127.0.0.1 neighborhood.standard.net #SpySweeperCASS 127.0.0.1 netcomm.spinbox.net #SpySweeperCASS 127.0.0.1 netshelter.adtrix.com #SpySweeperCASS 127.0.0.1 newads.cmpnet.com #SpySweeperCASS 127.0.0.1 ng3.ads.warnerbros.com #SpySweeperCASS 127.0.0.1 ngads.smartage.com #SpySweeperCASS 127.0.0.1 nrsite.com #SpySweeperCASS 127.0.0.1 nsads.hotwired.com #SpySweeperCASS 127.0.0.1 ntbanner.digitalriver.com #SpySweeperCASS 127.0.0.1 oas.dispatch.com #SpySweeperCASS 127.0.0.1 oas.lee.net #SpySweeperCASS 127.0.0.1 oas.mmd.ch #SpySweeperCASS 127.0.0.1 oas.uniontrib.com #SpySweeperCASS 127.0.0.1 oas.villagevoice.com #SpySweeperCASS 127.0.0.1 oasads.whitepages.com #SpySweeperCASS 127.0.0.1 ogilvy.ngadcenter.net #SpySweeperCASS 127.0.0.1 oz.valueclick.com #SpySweeperCASS 127.0.0.1 ph-ad05.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad06.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad07.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad16.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad17.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad18.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad19.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad21.focalink.com #SpySweeperCASS 127.0.0.1 phoenix-adrunner.mycomputer.com #SpySweeperCASS 127.0.0.1 phpads2.cnpapers.com #SpySweeperCASS 127.0.0.1 pluto1.iserver.net #SpySweeperCASS 127.0.0.1 primetime.ad.asap-asp.net #SpySweeperCASS 127.0.0.1 pub-g.ifrance.com #SpySweeperCASS 127.0.0.1 pubs.mgn.net #SpySweeperCASS 127.0.0.1 q.pni.com #SpySweeperCASS 127.0.0.1 rad.msn.com #SpySweeperCASS 127.0.0.1 rd1.hitbox.com #SpySweeperCASS 127.0.0.1 realads.realmedia.com #SpySweeperCASS 127.0.0.1 realmedia-a800.d4p.net #SpySweeperCASS 127.0.0.1 redherring.ngadcenter.net #SpySweeperCASS 127.0.0.1 redirect.click2net.com #SpySweeperCASS 127.0.0.1 regio.adlink.de #SpySweeperCASS 127.0.0.1 reply.mediatris.net #SpySweeperCASS 127.0.0.1 responsemedia-ad.flycast.com #SpySweeperCASS 127.0.0.1 retaildirect.realmedia.com #SpySweeperCASS 127.0.0.1 rmads.msn.com #SpySweeperCASS 127.0.0.1 rmedia.boston.com #SpySweeperCASS 127.0.0.1 s0b.bluestreak.com #SpySweeperCASS 127.0.0.1 s2.focalink.com #SpySweeperCASS 127.0.0.1 sc.clicksupply.com #SpySweeperCASS 127.0.0.1 scand.adlink.de #SpySweeperCASS 127.0.0.1 secure.webconnect.net #SpySweeperCASS 127.0.0.1 servads.aip.org #SpySweeperCASS 127.0.0.1 serve.thisbanner.com #SpySweeperCASS 127.0.0.1 servedby.advertising.com #SpySweeperCASS 127.0.0.1 service.bfast.com #SpySweeperCASS 127.0.0.1 sfads.osdn.com #SpySweeperCASS 127.0.0.1 sg.yimg.com #SpySweeperCASS 127.0.0.1 sh4sure-images.adbureau.net #SpySweeperCASS 127.0.0.1 shop.kazaa.com #SpySweeperCASS 127.0.0.1 spd.atdmt.com #SpySweeperCASS 127.0.0.1 speed.pointroll.com #SpySweeperCASS 127.0.0.1 spin.spinbox.net #SpySweeperCASS 127.0.0.1 spinbox.maccentral.com #SpySweeperCASS 127.0.0.1 spinbox.techtracker.com #SpySweeperCASS 127.0.0.1 ss.mtree.com #SpySweeperCASS 127.0.0.1 static.admaximize.com #SpySweeperCASS 127.0.0.1 stats.adultrevenueservice.com #SpySweeperCASS 127.0.0.1 stats.superstats.com #SpySweeperCASS 127.0.0.1 suissa-ad.flycast.com #SpySweeperCASS 127.0.0.1 sview.avenuea.com #SpySweeperCASS 127.0.0.1 techreview-images.adbureau.net #SpySweeperCASS 127.0.0.1 thinknyc.eu-adcenter.net #SpySweeperCASS 127.0.0.1 ti.click2net.com #SpySweeperCASS 127.0.0.1 tmsads.tribune.com #SpySweeperCASS 127.0.0.1 toads.osdn.com #SpySweeperCASS 127.0.0.1 tracker.clicktrade.com #SpySweeperCASS 127.0.0.1 tsms-ad.tsms.com #SpySweeperCASS 127.0.0.1 ugo.eu-adcenter.net #SpySweeperCASS 127.0.0.1 us.a1.yimg.com #SpySweeperCASS 127.0.0.1 usbytecom.orbitcycle.com #SpySweeperCASS 127.0.0.1 utils.mediageneral.com #SpySweeperCASS 127.0.0.1 v0.extreme-dm.com #SpySweeperCASS 127.0.0.1 v1.extreme-dm.com #SpySweeperCASS 127.0.0.1 van.ads.link4ads.com #SpySweeperCASS 127.0.0.1 view.accendo.com #SpySweeperCASS 127.0.0.1 view.atdmt.com #SpySweeperCASS 127.0.0.1 view.avenuea.com #SpySweeperCASS 127.0.0.1 vnu.eu-adcenter.net #SpySweeperCASS 127.0.0.1 vpdc.ru4.com #SpySweeperCASS 127.0.0.1 w113.hitbox.com #SpySweeperCASS 127.0.0.1 w25.hitbox.com #SpySweeperCASS 127.0.0.1 wap.adlink.de #SpySweeperCASS 127.0.0.1 web2.deja.com #SpySweeperCASS 127.0.0.1 webad.ajeeb.com #SpySweeperCASS 127.0.0.1 webads.bizservers.com #SpySweeperCASS 127.0.0.1 webaffiliate.covad.com #SpySweeperCASS 127.0.0.1 west.adlink.de #SpySweeperCASS 127.0.0.1 wwa.hitbox.com #SpySweeperCASS 127.0.0.1 wwb.hitbox.com #SpySweeperCASS 127.0.0.1 www.24pm-affiliation.com #SpySweeperCASS 127.0.0.1 www.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www.ad4ex.com #SpySweeperCASS 127.0.0.1 www.ad-flow.com #SpySweeperCASS 127.0.0.1 www.adireland.com #SpySweeperCASS 127.0.0.1 www.admex.com #SpySweeperCASS 127.0.0.1 www.ad-up.com #SpySweeperCASS 127.0.0.1 www.alladvantage.com #SpySweeperCASS 127.0.0.1 www.avsads.com #SpySweeperCASS 127.0.0.1 www.b3d.com #SpySweeperCASS 127.0.0.1 www.banner2u.com #SpySweeperCASS 127.0.0.1 www.bannercampaign.com #SpySweeperCASS 127.0.0.1 www.banneroverdrive.com #SpySweeperCASS 127.0.0.1 www.blissnet.net #SpySweeperCASS 127.0.0.1 www.bonzi.com #SpySweeperCASS 127.0.0.1 www.brilliantdigital.com #SpySweeperCASS 127.0.0.1 www.burstnet.com #SpySweeperCASS 127.0.0.1 www.cibleclick.com #SpySweeperCASS 127.0.0.1 www.click-fr.com #SpySweeperCASS 127.0.0.1 www.commission-junction.com #SpySweeperCASS 127.0.0.1 www.consumerinfo.com #SpySweeperCASS 127.0.0.1 www.crisscross.com #SpySweeperCASS 127.0.0.1 www.cyberbounty.com #SpySweeperCASS 127.0.0.1 www.datais.com #SpySweeperCASS 127.0.0.1 www.digitalbettingcasinos.com #SpySweeperCASS 127.0.0.1 www.dnps.com #SpySweeperCASS 127.0.0.1 www.doubleclick.net #SpySweeperCASS 127.0.0.1 www.eads.com #SpySweeperCASS 127.0.0.1 www.exchange-it.com #SpySweeperCASS 127.0.0.1 www.fineclicks.com #SpySweeperCASS 127.0.0.1 www.freestats.com #SpySweeperCASS 127.0.0.1 www.imaginemedia.com #SpySweeperCASS 127.0.0.1 www.kaplanindex.com #SpySweeperCASS 127.0.0.1 www.linksynergy.com #SpySweeperCASS 127.0.0.1 www.nailitonline2.com #SpySweeperCASS 127.0.0.1 www.netdirect.nl #SpySweeperCASS 127.0.0.1 www.netflip.com #SpySweeperCASS 127.0.0.1 www.netsponsors.com #SpySweeperCASS 127.0.0.1 www.netvertising.be #SpySweeperCASS 127.0.0.1 www.nrsite.com #SpySweeperCASS 127.0.0.1 www.oneandonlynetwork.com #SpySweeperCASS 127.0.0.1 www.onresponse.com #SpySweeperCASS 127.0.0.1 www.postmasterbannernet.com #SpySweeperCASS 127.0.0.1 www.qksrv.net #SpySweeperCASS 127.0.0.1 www.speedyclick.com #SpySweeperCASS 127.0.0.1 www.targetshop.com #SpySweeperCASS 127.0.0.1 www.teknosurf2.com #SpySweeperCASS 127.0.0.1 www.teknosurf3.com #SpySweeperCASS 127.0.0.1 www.valueclick.com #SpySweeperCASS 127.0.0.1 www.webads.nl #SpySweeperCASS 127.0.0.1 www.websitefinancing.com #SpySweeperCASS 127.0.0.1 www10.valueclick.com #SpySweeperCASS 127.0.0.1 www15.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www2.burstnet.com #SpySweeperCASS 127.0.0.1 www2.newtopsites.com #SpySweeperCASS 127.0.0.1 www23.valueclick.com #SpySweeperCASS 127.0.0.1 www3.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www3.bannerspace.com #SpySweeperCASS 127.0.0.1 www3.pagecount.com #SpySweeperCASS 127.0.0.1 www4.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www4.trix.net #SpySweeperCASS 127.0.0.1 www6.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www75.valueclick.com #SpySweeperCASS 127.0.0.1 www8.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www80.valueclick.com #SpySweeperCASS 127.0.0.1 y.ibsys.com #SpySweeperCASS 127.0.0.1 z.extreme-dm.com #SpySweeperCASS 127.0.0.1 z0.extreme-dm.com #SpySweeperCASS 127.0.0.1 z1.adserver.com #SpySweeperCASS 127.0.0.1 z1.extreme-dm.com #SpySweeperCASS 127.0.0.1 zi.r.tv.com #SpySweeperCASS 127.0.0.1 zrap.zdnet.com.com #SpySweeperCASS 127.0.0.1 as.casalemedia.com #SpySweeperCASS

#33 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 January 2006 - 03:25 AM

I see nothing in the host file that may be wrong?

Download Cleanup! here.

Run it use the standard cleanup.

#34 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 12 January 2006 - 03:33 AM

done! I had that machine already on my machine, but I stopped using it, I used it now again, and the same problem has arisen:

I can't start ms-word (or access, powerpoint) anymore. when I try to do that a window pops up saying:
I need the installation packet PRO.MSI

the only way in the past to get the ms-programs running again was to reinstal them.
Do you know a better way..?


sigh..

#35 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 January 2006 - 04:09 AM

No I really don't since some of the new malware deletes or overwrites some necessary files, some times reinstalling the program is the best way.

#36 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 12 January 2006 - 06:01 AM

Ok, Ill reinstall the ms stuff...but might refrain from using that cleaning program again... :D I have not gone to myspace.com in the meantime anymore, and spybot does not come up with anything either. I do have friends over there though...so, i'll go over there again, and if winfixer does pop up again, I'll instantly run a hjt and post it here, is that ok eagle? thanks for your help. :) Amar

#37 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 January 2006 - 08:23 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

#38 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 13 January 2006 - 04:45 PM

Hello people...it's back...
this is my old thread...where little eagle did all he could to help. :scratch:
http://forums.tomcoy...pic=54143&st=30


Logfile of HijackThis v1.99.1
Scan saved at 23:41:24, on 13.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Iomega\AutoDisk\ADUserMon.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\dvd43\dvd43_tray.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\SpywareGuard\sgmain.exe
C:\Programme\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programme\mozilla.org\Mozilla\mozilla.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programme\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [dvd43] C:\Programme\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasserv] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programme\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq....yssey_web11.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe

#39 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 13 January 2006 - 05:29 PM

This topic has been reopened by request of the starter of this topic. Or it has been moved to the correct forum

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#40 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 15 January 2006 - 03:21 PM

Hello people....not sure if you're still checking in on my problem...but winfixer just keeps on popping up...

Logfile of HijackThis v1.99.1
Scan saved at 22:21:04, on 15.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Iomega\AutoDisk\ADUserMon.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\dvd43\dvd43_tray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\SpywareGuard\sgmain.exe
C:\Programme\SpywareGuard\sgbhp.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\mozilla.org\Mozilla\mozilla.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programme\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [dvd43] C:\Programme\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasserv] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programme\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq....yssey_web11.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe

    Advertisements

Register to Remove


#41 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 16 January 2006 - 07:11 AM

Disable SpywareGuard and Spy Sweeper again. Run ewido and post the results here with a new log from hijackthis also.

#42 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 16 January 2006 - 07:38 AM

thanks, here it is, my ewido log:

---------------------------------------------------------
ewido anti-malware - Scan Report
---------------------------------------------------------

+ Erstellt am: 14:36:14, 16.01.2006
+ Report-Checksumme: 876948BD

+ Scanergebnis:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c -> Adware.WinFixer : Gesäubert mit Backup
HKU\S-1-5-21-4002047349-3616637250-216586179-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c -> Adware.WinFixer : Gesäubert mit Backup
:mozilla.33:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Firefox\Profiles\default.14t\cookies.txt -> Spyware.Cookie.Adjuggler : Gesäubert mit Backup
:mozilla.28:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.29:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.30:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.31:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.49:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.50:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.51:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.62:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Revenue : Gesäubert mit Backup
:mozilla.63:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Revenue : Gesäubert mit Backup
:mozilla.64:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Revenue : Gesäubert mit Backup
:mozilla.74:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Trafic : Gesäubert mit Backup
:mozilla.75:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.76:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.77:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.78:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.79:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.141:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Weborama : Gesäubert mit Backup
:mozilla.189:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.190:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.191:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.192:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup



and my hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 14:38:08, on 16.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Iomega\AutoDisk\ADUserMon.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\dvd43\dvd43_tray.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\mozilla.org\Mozilla\mozilla.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programme\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [dvd43] C:\Programme\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasserv] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programme\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq....yssey_web11.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe


sorry...forgot to disable sweeper...hold on..


ok, here's my new hjt log, now with sweeper off:

Logfile of HijackThis v1.99.1
Scan saved at 14:40:37, on 16.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Iomega\AutoDisk\ADUserMon.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\dvd43\dvd43_tray.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\mozilla.org\Mozilla\mozilla.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programme\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [dvd43] C:\Programme\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasserv] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programme\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq....yssey_web11.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe

Edited by amar66, 16 January 2006 - 07:41 AM.


#43 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 16 January 2006 - 07:53 AM

Disable SpywareGuard also.

Then Download, unzip and run 'RootkitRevealer' from Sysinternals:
http://www.sysintern...itRevealer.html
Once the program has started, press Scan and let it run.
When the scan is done, use 'File > Save' to place the logfile in a convenient location (such as the desktop). The default filename will be 'RootkitReveal.txt'.
Copy/Paste the contecnts of that logfile into your next reply

To prevent as many False Positives 's from happening, and therefore causing lots of head scratching etc,
Launch + run RR and then do NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !.
That way you should have a much simpler and clearer log file in which to peruse and evaluate.

#44 amar66

amar66

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts
  • Interests:Scotland, home-cinema, celtic music, tinwhistle, low whistle.

Posted 16 January 2006 - 08:14 AM

ok, done, just as you said (sorry for not having diabled spyguard before already... HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 16.01.2006 14:59 80 bytes Data mismatch between Windows API and raw hive data. C:\Programme\Spamihilator\SPA101.tmp.log 16.01.2006 14:59 0 bytes Visible in Windows API, but not in MFT or directory index. C:\Programme\Spamihilator\SPA102.tmp.log 16.01.2006 14:59 0 bytes Visible in Windows API, but not in MFT or directory index. C:\Programme\Spamihilator\SPA104.tmp.log 16.01.2006 15:09 366 bytes Hidden from Windows API. C:\Programme\Spamihilator\SPA105.tmp.log 16.01.2006 15:09 506 bytes Hidden from Windows API.

#45 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 16 January 2006 - 08:54 AM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users