Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

hijack this help please

Started by pappy94 , Mar 11 2007 11:58 PM

  • Please log in to reply
21 replies to this topic

#1 pappy94

pappy94

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 11 March 2007 - 11:58 PM

need help windows will not shut down

Logfile of HijackThis v1.99.1
Scan saved at 12:35:55 AM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\mike\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: BlogJet This! - {C2C96E56-F65A-4CEF-AF10-0F5C1B48F1BF} - C:\Documents and Settings\mike\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra 'Tools' menuitem: BlogJet This! - {C2C96E56-F65A-4CEF-AF10-0F5C1B48F1BF} - C:\Documents and Settings\mike\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.y...lgcst1006_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136625125531
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/...ewer/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...474/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D52A6358-D0BB-41DA-9109-9AABD0D6880C}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    Advertisements

Register to Remove

#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 31 March 2007 - 08:47 PM

Sorry for the delay :oops:
If you still need help and haven't posted at another forum.

Run AVG Anti-Spyware (ewido). Then scan and save the log from the scan.
Instructions and download link can be found here.

Rescan with hijackthis and post a new log with the results from AVG .
Also please describe how your computer behaves at the moment.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 pappy94

pappy94

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 01 April 2007 - 01:47 AM

thanks will do mike

#4 pappy94

pappy94

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 01 April 2007 - 05:16 PM

Ran the program deleted the adware and cookies found. Computer still hangs on saving when trying to shut down. following is the list from hajack this
Logfile of HijackThis v1.99.1
Scan saved at 4:10:21 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\browser\YBrowser.exe
C:\Documents and Settings\mike\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: BlogJet This! - {C2C96E56-F65A-4CEF-AF10-0F5C1B48F1BF} - C:\Documents and Settings\mike\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra 'Tools' menuitem: BlogJet This! - {C2C96E56-F65A-4CEF-AF10-0F5C1B48F1BF} - C:\Documents and Settings\mike\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.y...lgcst1006_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136625125531
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/...ewer/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...474/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D52A6358-D0BB-41DA-9109-9AABD0D6880C}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#5 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 01 April 2007 - 08:59 PM

Ran the program deleted the adware and cookies found.

Did you save the log? Can I see it? ;)

Run this online scan and post the results here.
You do not need to pay them to delete anything just post the log here.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#6 pappy94

pappy94

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 02 April 2007 - 12:23 AM

from the scan --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 3:24:37 PM 4/1/2007 + Scan result: C:\Documents and Settings\mike\Cookies\mike@2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\mike\Cookies\mike@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\mike\Cookies\mike@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned. C:\Documents and Settings\mike\Cookies\mike@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned. C:\Documents and Settings\mike\Cookies\mike@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\mike\Cookies\mike@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.burstbeacon[4].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\mike\Cookies\mike@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\mike\Cookies\mike@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\mike\Cookies\mike@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\mike\Cookies\mike@burstnet[4].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\mike\Cookies\mike@burstnet[5].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.burstnet[4].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.burstnet[5].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\mike\Cookies\mike@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\mike\Cookies\mike@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\mike\Cookies\mike@cz3.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\mike\Cookies\mike@cz3.clickzs[4].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\mike\Cookies\mike@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\mike\Cookies\mike@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\mike\Cookies\mike@cz4.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\mike\Cookies\mike@cz4.clickzs[4].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\mike\Cookies\mike@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\mike\Cookies\mike@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\mike\Cookies\mike@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\mike\Cookies\mike@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\mike\Cookies\mike@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned. C:\Documents and Settings\mike\Cookies\mike@ads.cnn[2].txt -> TrackingCookie.Cnn : Cleaned. C:\Documents and Settings\mike\Cookies\mike@ads.cnn[3].txt -> TrackingCookie.Cnn : Cleaned. C:\Documents and Settings\mike\Cookies\mike@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\mike\Cookies\mike@com[2].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\mike\Cookies\mike@com[3].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\mike\Cookies\mike@connextra[2].txt -> TrackingCookie.Connextra : Cleaned. C:\Documents and Settings\mike\Cookies\mike@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned. C:\Documents and Settings\mike\Cookies\mike@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\mike\Cookies\mike@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\mike\Cookies\mike@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\mike\Cookies\mike@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned. C:\Documents and Settings\mike\Cookies\mike@hit.gemius[3].txt -> TrackingCookie.Gemius : Cleaned. C:\Documents and Settings\mike\Cookies\mike@info[2].txt -> TrackingCookie.Info : Cleaned. C:\Documents and Settings\mike\Cookies\mike@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned. C:\Documents and Settings\mike\Cookies\mike@intelli-direct[2].txt -> TrackingCookie.Intelli-direct : Cleaned. C:\Documents and Settings\mike\Cookies\mike@intelli-direct[3].txt -> TrackingCookie.Intelli-direct : Cleaned. C:\Documents and Settings\mike\Cookies\mike@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned. C:\Documents and Settings\mike\Cookies\mike@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned. C:\Documents and Settings\mike\Cookies\mike@kmpads[4].txt -> TrackingCookie.Kmpads : Cleaned. C:\Documents and Settings\mike\Cookies\mike@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned. C:\Documents and Settings\mike\Cookies\mike@search.live[1].txt -> TrackingCookie.Live : Cleaned. C:\Documents and Settings\mike\Cookies\mike@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\mike\Cookies\mike@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\mike\Cookies\mike@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\mike\Cookies\mike@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\mike\Cookies\mike@image.masterstats[3].txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\mike\Cookies\mike@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned. C:\Documents and Settings\mike\Cookies\mike@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned. C:\Documents and Settings\mike\Cookies\mike@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\mike\Cookies\mike@ssl-hints.netflame[3].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\mike\Cookies\mike@ssl-hints.netflame[4].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\mike\Cookies\mike@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\mike\Cookies\mike@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\mike\Cookies\mike@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned. C:\Documents and Settings\mike\Cookies\mike@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned. C:\Documents and Settings\mike\Cookies\mike@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\mike\Cookies\mike@realguide.real[1].txt -> TrackingCookie.Real : Cleaned. C:\Documents and Settings\mike\Cookies\mike@revsci[2].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\mike\Cookies\mike@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\mike\Cookies\mike@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned. C:\Documents and Settings\mike\Cookies\mike@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned. C:\Documents and Settings\mike\Cookies\mike@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned. C:\Documents and Settings\mike\Cookies\mike@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\mike\Cookies\mike@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\mike\Cookies\mike@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\mike\Cookies\mike@adopt.specificclick[5].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\mike\Cookies\mike@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\mike\Cookies\mike@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\mike\Cookies\mike@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\mike\Cookies\mike@anad.tacoda[4].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\mike\Cookies\mike@anad.tacoda[5].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\mike\Cookies\mike@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\mike\Cookies\mike@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\mike\Cookies\mike@anat.tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\mike\Cookies\mike@anat.tacoda[4].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\mike\Cookies\mike@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\mike\Cookies\mike@toplist[1].txt -> TrackingCookie.Toplist : Cleaned. C:\Documents and Settings\mike\Cookies\mike@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned. C:\Documents and Settings\mike\Cookies\mike@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\mike\Cookies\mike@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\mike\Cookies\mike@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\mike\Cookies\mike@m.webtrends[3].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\mike\Cookies\mike@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end

#7 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 02 April 2007 - 05:11 AM

Can I see the scan from panda?
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#8 pappy94

pappy94

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 03 April 2007 - 01:49 PM

panda scan. Status Location Adware:Adware/nCase Not disinfected C:\WINDOWS\SYSTEM32\NCASE.DLL Spyware:Spyware/New.net Not disinfected C:\WINDOWS\SYSTEM32\NEWNET.DLL Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\BIINI.INF Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\SATMAT.INF Adware:adware/ieplugin Not disinfected C:\WINDOWS\KWV2.DAT Potentially unwanted tool:Application/MyWay Not disinfected C:\WINDOWS\s4Setp.exe Adware:adware program Not disinfected C:\WINDOWS\SS3UNSTL.EXE Adware:adware/ncase Not disinfected C:\WINDOWS\MSBBAU.DAT Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe] Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][dp-k13w13.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][sx.htm] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][ieupdate.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][td.exe] Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[dist1_1_00.exe] Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[SaveInstCsSm.exe] Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[ezStub.exe] Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[sys_ai_client_loader.exe] Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[incredifind.exe] Adware:Adware/StatBlaster Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\UPDATE_1.EXE[update.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe] Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][dp-k13w13.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][sx.htm] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][ieupdate.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][td.exe] Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[dist1_1_00.exe] Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[SaveInstCsSm.exe] Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[ezStub.exe] Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[sys_ai_client_loader.exe] Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[incredifind.exe] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@advertising[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@doubleclick[1].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@anm.co[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@tribalfusion[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@atdmt[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@realmedia[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@casalemedia[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@trafficmp[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@fastclick[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@statcounter[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@www.burstbeacon[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\MIKE\Cookies\mike@go.winantispyware[1].txt Adware:Adware/StatBlaster Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\UPDATE_1.EXE[update.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe[setup233.exe] Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe[setup233.exe][dp-k13w13.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe[setup233.exe][sx.htm] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe[setup233.exe][ieupdate.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe[setup233.exe][td.exe] Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe[dist1_1_00.exe] Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe[SaveInstCsSm.exe] Adware:Adware/eZula Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe[ezStub.exe] Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe[sys_ai_client_loader.exe] Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe[incredifind.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe[setup233.exe] Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe[setup233.exe][dp-k13w13.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe[setup233.exe][sx.htm] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe[setup233.exe][ieupdate.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe[setup233.exe][td.exe] Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe[dist1_1_00.exe] Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe[SaveInstCsSm.exe] Adware:Adware/eZula Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe[ezStub.exe] Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe[sys_ai_client_loader.exe] Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe[incredifind.exe]

#9 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 03 April 2007 - 06:04 PM

Please go HERE and do a online scan.
Let me know what is found.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#10 pappy94

pappy94

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 04 April 2007 - 02:09 AM

having trouble with this scan. After allowing the active x it starts to scan then I get an error message telling me to try again. Tried 3 times with the same problem.

    Advertisements

Register to Remove

#11 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 04 April 2007 - 06:41 PM

Download ATF Cleaner instructions here.


Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
It will create a file named: c:\rapport.txt
Please post the C:\rapport.txt in your next reply

IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Edited by little eagle, 04 April 2007 - 06:42 PM.

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#12 pappy94

pappy94

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 05 April 2007 - 02:19 AM

Scan done at 1:00:40.26, Thu 04/05/2007 Run from C:\Documents and Settings\mike\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\YAHOO!\YOP\yop.exe C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\PROGRA~1\YAHOO!\browser\ycommon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\PROGRA~1\SBCSEL~1\ASSTCO~1\MOTIVE~1.EXE C:\Program Files\SBC Self Support Tool\bin\mad.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mike »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mike\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\mike\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 68.94.156.1 DNS Server Search Order: 68.94.157.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{D52A6358-D0BB-41DA-9109-9AABD0D6880C}: NameServer=68.94.156.1 68.94.157.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{D52A6358-D0BB-41DA-9109-9AABD0D6880C}: NameServer=68.94.156.1 68.94.157.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{D52A6358-D0BB-41DA-9109-9AABD0D6880C}: NameServer=68.94.156.1 68.94.157.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

#13 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 05 April 2007 - 05:06 AM

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#14 pappy94

pappy94

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 05 April 2007 - 03:25 PM

SDFix: Version 1.76 Run by mike - Thu 04/05/2007 - 10:53:50.82 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe - Deleted C:\WINDOWS\system32\TFTP3604 - Deleted ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\YPAGER.EXE"="C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger" "C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher" "C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe:*:Enabled:dfbhd" "C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE:*:Enabled:UPDATE" "C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe:*:Enabled:RealPlayer" "C:\\Program Files\\DFPinger\\DFBHDPinger\\DFBHDPinger.exe"="C:\\Program Files\\DFPinger\\DFBHDPinger\\DFBHDPinger.exe:*:Enabled:DFBHDPinger" "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus" "C:\\Program Files\\Ulead Systems\\Ulead COOL 360\\UPano.exe"="C:\\Program Files\\Ulead Systems\\Ulead COOL 360\\UPano.exe:*:Enabled:Ulead COOL 360" "C:\\Program Files\\Yahoo!\\BROWSER\\YBrowser.exe"="C:\\Program Files\\Yahoo!\\BROWSER\\YBrowser.exe:*:Enabled:Yahoo! Browser" "C:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\REC\\Ghost Recon\\GhostRecon.exe"="C:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\REC\\Ghost Recon\\GhostRecon.exe:*:Enabled:GhostRecon" "C:\\Program Files\\ubi.com\\Core\\gs4.exe"="C:\\Program Files\\ubi.com\\Core\\gs4.exe:*:Enabled:ubi.com Game Service" "C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps" "C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\Black Operations Mod.exe"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\Black Operations Mod.exe:*:Enabled:Black Operations Mod" "C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\Battlegrounds.exe"="C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\Battlegrounds.exe:*:Disabled:Star Wars Galactic Battlegrounds" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\System32\\lxctcoms.exe"="C:\\WINDOWS\\System32\\lxctcoms.exe:*:Enabled:Lexmark Communications System" "C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal" "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Disabled:Windows Media Player" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\WINDOWS\cygwin1.dll C:\WINDOWS\cygcrypt-0.dll C:\WINDOWS\system32\PackethSvc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0838e3ca46c974d22be0ec664b800381\BIT2A.tmp C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp C:\Program Files\Microsoft Office\Office\Shortcut Bar\Off2.tmp C:\Program Files\InterActual\InterActual Player\itiF.tmp Finished

#15 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 05 April 2007 - 04:18 PM

Please go HERE and do a online scan.
Let me know what is found.

Let's see if we can get this scan to run now. Delete what is found.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·