Logfile of HijackThis v1.99.1
Scan saved at 11:58:19 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Yehuda\My Documents\downloads\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://dslstart.verizon.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://cgi.verizon.n...=6.1&bm=ho_home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [oafgt] C:\WINDOWS\system32\sltmsr.exe reg_run
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
********
11:06 PM: | Start of Session, Thursday, March 23, 2006 |
11:06 PM: Spy Sweeper started
11:06 PM: Sweep initiated using definitions version 640
11:06 PM: Starting Memory Sweep
11:09 PM: Memory Sweep Complete, Elapsed Time: 00:02:39
11:09 PM: Starting Registry Sweep
11:09 PM: Found Adware: quicklink search toolbar
11:09 PM: HKCR\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180460)
11:09 PM: HKCR\fseytdc.ariaqudok.1\ (3 subtraces) (ID = 1180464)
11:09 PM: HKCR\fseytdc.yvakt\ (3 subtraces) (ID = 1180468)
11:09 PM: HKCR\fseytdc.yvakt.1\ (3 subtraces) (ID = 1180472)
11:09 PM: HKLM\software\classes\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180510)
11:09 PM: HKLM\software\classes\fseytdc.ariaqudok.1\ (3 subtraces) (ID = 1180514)
11:09 PM: HKLM\software\classes\fseytdc.yvakt\ (3 subtraces) (ID = 1180518)
11:09 PM: HKLM\software\classes\fseytdc.yvakt.1\ (3 subtraces) (ID = 1180522)
11:09 PM: Found Adware: fullcontext
11:09 PM: HKCR\clsid\{994d478a-45d0-4db4-ae77-288b1e346e99}\ (4 subtraces) (ID = 1190252)
11:09 PM: HKCR\typelib\{1b8b502e-455b-4022-be77-fb6d9f808a18}\ (9 subtraces) (ID = 1190257)
11:09 PM: HKLM\software\classes\clsid\{994d478a-45d0-4db4-ae77-288b1e346e99}\ (4 subtraces) (ID = 1190291)
11:09 PM: HKLM\software\classes\typelib\{1b8b502e-455b-4022-be77-fb6d9f808a18}\ (9 subtraces) (ID = 1190296)
11:09 PM: Found Adware: dollarrevenue
11:09 PM: HKCR\typelib\{3a76a523-4fbc-487c-a94f-a94ea80e48ef}\ (9 subtraces) (ID = 1198901)
11:09 PM: HKLM\software\oj1vshp3a\ (3 subtraces) (ID = 1198933)
11:09 PM: HKLM\software\classes\typelib\{3a76a523-4fbc-487c-a94f-a94ea80e48ef}\ (9 subtraces) (ID = 1198962)
11:09 PM: HKLM\software\microsoft\windows\currentversion\uninstall\jgaf\ || uninstallstring (ID = 1199465)
11:09 PM: Found Adware: clkoptimizer
11:09 PM: HKCR\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (6 subtraces) (ID = 1212644)
11:09 PM: HKLM\software\classes\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (6 subtraces) (ID = 1212651)
11:09 PM: HKU\S-1-5-21-842925246-1060284298-839522115-1003\software\eqadvice\ (8 subtraces) (ID = 1190273)
11:09 PM: HKU\S-1-5-21-842925246-1060284298-839522115-1003\software\fcadvice\ (3 subtraces) (ID = 1190282)
11:09 PM: Registry Sweep Complete, Elapsed Time:00:00:09
11:09 PM: Starting Cookie Sweep
11:09 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:09 PM: Starting File Sweep
11:10 PM: unwn.exe (ID = 268798)
11:11 PM: Found Adware: zquest
11:11 PM: pf78.exe (ID = 258925)
11:19 PM: keyboard4.exe (ID = 268841)
11:21 PM: cv3wanv28.exe (ID = 259982)
11:22 PM: newname4.exe (ID = 268845)
11:27 PM: jukqs.exe (ID = 268934)
11:32 PM: pf79.exe (ID = 259845)
11:32 PM: 302.exe (ID = 258294)
11:34 PM: mksawrtal.amf (ID = 208796)
11:35 PM: Found Adware: twain-tech
11:35 PM: wininit.ini (ID = 81900)
11:37 PM: Warning: File not found
11:41 PM: Warning: File not found
11:41 PM: File Sweep Complete, Elapsed Time: 00:31:34
11:41 PM: Full Sweep has completed. Elapsed time 00:33:54
11:41 PM: Traces Found: 124
11:52 PM: Removal process initiated
11:52 PM: Quarantining All Traces: clkoptimizer
11:52 PM: Quarantining All Traces: fullcontext
11:52 PM: Quarantining All Traces: dollarrevenue
11:52 PM: Quarantining All Traces: quicklink search toolbar
11:52 PM: Quarantining All Traces: zquest
11:52 PM: Quarantining All Traces: twain-tech
11:52 PM: Removal process completed. Elapsed time 00:00:05
********
11:02 PM: | Start of Session, Thursday, March 23, 2006 |
11:02 PM: Spy Sweeper started
11:02 PM: Sweep initiated using definitions version 640
11:02 PM: Starting Memory Sweep
11:03 PM: Sweep Canceled
11:03 PM: Memory Sweep Complete, Elapsed Time: 00:00:38
11:03 PM: Traces Found: 0
********
10:59 PM: | Start of Session, Thursday, March 23, 2006 |
10:59 PM: Spy Sweeper started
11:00 PM: Your spyware definitions have been updated.
11:02 PM: | End of Session, Thursday, March 23, 2006 |
Between when you last helped me and your most recent post, I ran Spyware Doctor and that seemed to help things somewhat. Before that, AVG and ewidow kept alerting me to stuff that it couldn't remove. Now that seems to have stopped. However, msconfig still shows me that a startup item called sltmsr is running, and I can't get rid of it. Also, it may just be my imagination, but Firefox is freezing every once in a while, and I don't think that it usually does.
Thanks again.
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
