1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack This log - looking for stubborn pop-up

Discussion in 'All Other Software' started by Montdr, May 26, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Montdr

    Montdr Thread Starter

    Joined:
    May 25, 2006
    Messages:
    55
    Hello,
    I've had this pop-up (or pop-in) that will not go away...tried all sorts of things. It comes in to any web page and replaces ads on the page. Someone said it might be in registry files. I downloaded HijackThis and here is the log. Can anyone see what might look like a pop-up . If not, any other way to get rid of this sucker?! Thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 4:46:56 AM, on 5/24/2006
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Intuit\QAgent\QAGENT.EXE
    C:\Program Files\Ehyveo\Wnjp.exe
    C:\Program Files\Common Files\AOL\1127713703\ee\AOLSoftware.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\program files\common files\aol\1127713703\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
    c:\program files\common files\aol\1127713703\ee\aolsoftware.exe
    C:\Program Files\AdwareAlert\AdwareAlert.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\America Online 9.0d\waol.exe
    C:\Program Files\America Online 9.0d\shellmon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\carp\LOCALS~1\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    O2 - BHO: (no name) - {00000000-0000-48EF-844F-31ABE43D9C78} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [Nfsvm] C:\Program Files\Ehyveo\Wnjp.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127713703\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\nero\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
    O4 - HKCU\..\Run: [adwarealert] "C:\Program Files\adwarealert\adwarealert.exe" -boot
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064.cab
    O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071.cab
    O16 - DPF: {07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063.cab
    O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4.cab
    O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_ASPIV4.cab
    O16 - DPF: {201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_ASPIV4.cab
    O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23852d5d4f688fe0b118/netzip/RdxIE601.cab
    O16 - DPF: {624321F1-0581-49D8-99BD-2E952C2DF31B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063_ASPIV4.cab
    O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073_ASPIV4.cab
    O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_ASPIV4.cab
    O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061.cab
    O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059.cab
    O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074.cab
    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068.cab
    O16 - DPF: {9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9} - http://scripts.dlv4.com/binaries/IA/sysia32svc_EN.cab
    O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1060.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
    O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073.cab
    O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_EN.cab
    O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067.cab
    O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_ASPIV4.cab
    O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074_ASPIV4.cab
    O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1062.cab
    O16 - DPF: {FA605711-8E72-46B2-AE49-BED11B2E729D} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063_ASPIV4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E1E20A17-7AFF-4BD7-AC75-D5ABDEA78299}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
     
  2. gfxrelay

    gfxrelay

    Joined:
    Oct 26, 2005
    Messages:
    588
    Have you tried removing adalert.Also install a fire wall and check wich processes are blocked
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    * Click here to download the trial version of Ewido Security Suite.

    · Install Ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido.
    · It will prompt you to update click the OK button and it will go to the main screen.
    · On the left side of the main screen click update.
    · Click on Start and let it update.
    · DO NOT run a scan yet.

    Restart your computer into Safe Mode now.
    (Start tapping the F8 key at Startup, before the Windows logo screen).
    Perform the following steps in Safe Mode:

    * Run Ewido:
    Click on scanner
    Click Complete System Scan and the scan will begin.
    During the scan it will prompt you to clean files, click OK.
    When the scan is finished, look at the bottom of the screen and click the Save report button.
    Save the report to your desktop.

    Reboot.

    Post a new Hijack This log and the results of the Ewido scan.
     
  4. Montdr

    Montdr Thread Starter

    Joined:
    May 25, 2006
    Messages:
    55
    Thanks! Will try it and let you know results.
     
  5. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  6. Montdr

    Montdr Thread Starter

    Joined:
    May 25, 2006
    Messages:
    55
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 1:35:24 PM, 5/29/2006
    + Report-Checksum: 39B879F4

    + Scan result:

    HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Adware.FizzleBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Adware.FizzleBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Adware.FizzleBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup
    C:\Documents and Settings\carp\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\carp\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\carp\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\carp\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\carp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\carp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\carp\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\carp\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\carp\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Application Data\Hotbar -> Adware.HotBar : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Application Data\Hotbar\reports.txt -> Adware.HotBar : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Bfast : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Epilot : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.Sidefind : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Cookies\dr [email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Bfast : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Pro-market : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][2].txt -> TrackingCookie.Sidefind : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Dr Carp\Local Settings\Temp\Cookies\dr [email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\program storage\MISCELLANEOUS\1001 programs\cd 1\internet\ezdial.zip/EzDialler.exe -> Heuristic.Win32.Dialer : Error during cleaning
    C:\program storage\MISCELLANEOUS\1001 programs\cd 1\internet\Lg99.exe -> Adware.Jumnet : Cleaned with backup
    C:\program storage\MISCELLANEOUS\1001 programs\cd 1\internet\rasrdl.zip/RasRedial.exe -> Heuristic.Win32.Dialer : Error during cleaning
    C:\WINNT\Downloaded Program Files\UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.c : Cleaned with backup
    C:\WINNT\system32\msclock32.dll -> Adware.NaviPromo : Cleaned with backup
    C:\WINNT\system32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup


    ::Report End
     
  7. Montdr

    Montdr Thread Starter

    Joined:
    May 25, 2006
    Messages:
    55
    Logfile of HijackThis v1.99.1
    Scan saved at 2:46:21 PM, on 5/29/2006
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Intuit\QAgent\QAGENT.EXE
    C:\Program Files\Common Files\AOL\1127713703\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\program files\common files\aol\1127713703\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
    C:\Program Files\America Online 9.0d\waol.exe
    C:\Program Files\Pop up Blocker\pd.exe
    c:\program files\common files\aol\1127713703\ee\aolsoftware.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\AdwareAlert\AdwareAlert.exe
    C:\WINNT\system32\wuauclt.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\America Online 9.0d\shellmon.exe
    C:\Program Files\ewido anti-malware\SecuritySuite.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\WINNT\system32\NOTEPAD.EXE
    C:\Program Files\RegCure\RegCure.exe
    C:\DOCUME~1\carp\LOCALS~1\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    O2 - BHO: (no name) - {00000000-0000-48EF-844F-31ABE43D9C78} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [Nfsvm] C:\Program Files\Ehyveo\Wnjp.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127713703\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\nero\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
    O4 - HKCU\..\Run: [adwarealert] "C:\Program Files\adwarealert\adwarealert.exe" -boot
    O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: PD - {DD227C2F-7CE4-475B-954A-CED5CFB394DF} - C:\Program Files\Pop up Blocker\pd.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064.cab
    O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071.cab
    O16 - DPF: {07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063.cab
    O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4.cab
    O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_ASPIV4.cab
    O16 - DPF: {201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_ASPIV4.cab
    O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23852d5d4f688fe0b118/netzip/RdxIE601.cab
    O16 - DPF: {624321F1-0581-49D8-99BD-2E952C2DF31B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063_ASPIV4.cab
    O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073_ASPIV4.cab
    O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_ASPIV4.cab
    O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061.cab
    O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059.cab
    O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074.cab
    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068.cab
    O16 - DPF: {9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9} - http://scripts.dlv4.com/binaries/IA/sysia32svc_EN.cab
    O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1060.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
    O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073.cab
    O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_EN.cab
    O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067.cab
    O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_ASPIV4.cab
    O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074_ASPIV4.cab
    O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1062.cab
    O16 - DPF: {FA605711-8E72-46B2-AE49-BED11B2E729D} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063_ASPIV4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E1E20A17-7AFF-4BD7-AC75-D5ABDEA78299}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download KillBox.

    Save it to your desktop.
    DO NOT run it yet. We will use it later.

    Hijack This is running from the Temp folder.
    It needs to be in a permanent folder on the hard drive.
    It will not function properly from there and it cannot create and restore backups from there.

    Redownload it here: http://thespykiller.co.uk/files/hijackthis_sfx.exe

    Let it extract to C:\Program Files
    Rerun it from there and post a new log.
     
  9. Montdr

    Montdr Thread Starter

    Joined:
    May 25, 2006
    Messages:
    55
    Logfile of HijackThis v1.99.1
    Scan saved at 4:37:42 PM, on 5/30/2006
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Intuit\QAgent\QAGENT.EXE
    C:\Program Files\Common Files\AOL\1127713703\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\program files\common files\aol\1127713703\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    c:\program files\common files\aol\1127713703\ee\aolsoftware.exe
    C:\WINNT\system32\wuauclt.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\AdwareAlert\AdwareAlert.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\America Online 9.0d\waol.exe
    C:\Program Files\America Online 9.0d\shellmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\carp\LOCALS~1\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    O2 - BHO: (no name) - {00000000-0000-48EF-844F-31ABE43D9C78} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [Nfsvm] C:\Program Files\Ehyveo\Wnjp.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127713703\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\nero\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
    O4 - HKCU\..\Run: [adwarealert] "C:\Program Files\adwarealert\adwarealert.exe" -boot
    O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: PD - {DD227C2F-7CE4-475B-954A-CED5CFB394DF} - C:\Program Files\Pop up Blocker\pd.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064.cab
    O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071.cab
    O16 - DPF: {07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063.cab
    O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4.cab
    O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_ASPIV4.cab
    O16 - DPF: {201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_ASPIV4.cab
    O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23852d5d4f688fe0b118/netzip/RdxIE601.cab
    O16 - DPF: {624321F1-0581-49D8-99BD-2E952C2DF31B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063_ASPIV4.cab
    O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073_ASPIV4.cab
    O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_ASPIV4.cab
    O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061.cab
    O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059.cab
    O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074.cab
    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068.cab
    O16 - DPF: {9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9} - http://scripts.dlv4.com/binaries/IA/sysia32svc_EN.cab
    O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1060.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
    O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073.cab
    O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_EN.cab
    O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067.cab
    O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_ASPIV4.cab
    O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074_ASPIV4.cab
    O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1062.cab
    O16 - DPF: {FA605711-8E72-46B2-AE49-BED11B2E729D} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063_ASPIV4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E1E20A17-7AFF-4BD7-AC75-D5ABDEA78299}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    It's still in the Temp folder.
     
  11. Montdr

    Montdr Thread Starter

    Joined:
    May 25, 2006
    Messages:
    55
    Logfile of HijackThis v1.99.1
    Scan saved at 6:20:20 PM, on 5/31/2006
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Intuit\QAgent\QAGENT.EXE
    C:\Program Files\Common Files\AOL\1127713703\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\program files\common files\aol\1127713703\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    c:\program files\common files\aol\1127713703\ee\aolsoftware.exe
    C:\Program Files\AdwareAlert\AdwareAlert.exe
    C:\WINNT\system32\wuauclt.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\America Online 9.0d\waol.exe
    C:\Program Files\America Online 9.0d\shellmon.exe
    C:\WINNT\system32\ntvdm.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\carp\LOCALS~1\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    O2 - BHO: (no name) - {00000000-0000-48EF-844F-31ABE43D9C78} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [Nfsvm] C:\Program Files\Ehyveo\Wnjp.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127713703\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\nero\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
    O4 - HKCU\..\Run: [adwarealert] "C:\Program Files\adwarealert\adwarealert.exe" -boot
    O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: PD - {DD227C2F-7CE4-475B-954A-CED5CFB394DF} - C:\Program Files\Pop up Blocker\pd.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064.cab
    O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071.cab
    O16 - DPF: {07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063.cab
    O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4.cab
    O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_ASPIV4.cab
    O16 - DPF: {201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_ASPIV4.cab
    O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23852d5d4f688fe0b118/netzip/RdxIE601.cab
    O16 - DPF: {624321F1-0581-49D8-99BD-2E952C2DF31B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063_ASPIV4.cab
    O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073_ASPIV4.cab
    O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_ASPIV4.cab
    O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061.cab
    O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059.cab
    O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074.cab
    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068.cab
    O16 - DPF: {9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9} - http://scripts.dlv4.com/binaries/IA/sysia32svc_EN.cab
    O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1060.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
    O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073.cab
    O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_EN.cab
    O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067.cab
    O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_ASPIV4.cab
    O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074_ASPIV4.cab
    O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1062.cab
    O16 - DPF: {FA605711-8E72-46B2-AE49-BED11B2E729D} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063_ASPIV4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E1E20A17-7AFF-4BD7-AC75-D5ABDEA78299}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Right log but in wrong location. Create a new folder in My Documents. Name it "HJT"
    Then click here to download Hijack This: http://216.180.233.162/~merijn/files/HijackThis.exe
    Be sure to choose Save (and save it to the folder you just created)
    Then rerun Hijack This from its new location and post the log. :)
     
  13. Montdr

    Montdr Thread Starter

    Joined:
    May 25, 2006
    Messages:
    55
    Logfile of HijackThis v1.99.1
    Scan saved at 9:03:44 PM, on 5/31/2006
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Intuit\QAgent\QAGENT.EXE
    C:\Program Files\Common Files\AOL\1127713703\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\program files\common files\aol\1127713703\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    c:\program files\common files\aol\1127713703\ee\aolsoftware.exe
    C:\Program Files\AdwareAlert\AdwareAlert.exe
    C:\WINNT\system32\wuauclt.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\America Online 9.0d\waol.exe
    C:\Program Files\America Online 9.0d\shellmon.exe
    C:\WINNT\system32\ntvdm.exe
    C:\Documents and Settings\carp\My Documents\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    O2 - BHO: (no name) - {00000000-0000-48EF-844F-31ABE43D9C78} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [Nfsvm] C:\Program Files\Ehyveo\Wnjp.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127713703\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\nero\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
    O4 - HKCU\..\Run: [adwarealert] "C:\Program Files\adwarealert\adwarealert.exe" -boot
    O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: PD - {DD227C2F-7CE4-475B-954A-CED5CFB394DF} - C:\Program Files\Pop up Blocker\pd.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064.cab
    O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071.cab
    O16 - DPF: {07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063.cab
    O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4.cab
    O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_ASPIV4.cab
    O16 - DPF: {201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_ASPIV4.cab
    O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23852d5d4f688fe0b118/netzip/RdxIE601.cab
    O16 - DPF: {624321F1-0581-49D8-99BD-2E952C2DF31B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063_ASPIV4.cab
    O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073_ASPIV4.cab
    O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_ASPIV4.cab
    O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061.cab
    O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059.cab
    O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074.cab
    O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068.cab
    O16 - DPF: {9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9} - http://scripts.dlv4.com/binaries/IA/sysia32svc_EN.cab
    O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1060.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
    O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073.cab
    O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_EN.cab
    O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066.cab
    O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067.cab
    O16 - DPF: {E7AE1661-EBEB-492B-AE0D-860DF24174C6} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064_ASPIV4.cab
    O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074_ASPIV4.cab
    O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1062.cab
    O16 - DPF: {FA605711-8E72-46B2-AE49-BED11B2E729D} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1063_ASPIV4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E1E20A17-7AFF-4BD7-AC75-D5ABDEA78299}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Perfect! :)

    I wanna run one more thing before doing any fixes.

    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  15. Montdr

    Montdr Thread Starter

    Joined:
    May 25, 2006
    Messages:
    55
    ********
    1:54 AM: | Start of Session, Thursday, June 01, 2006 |
    1:54 AM: Spy Sweeper started
    1:54 AM: Sweep initiated using definitions version 689
    1:54 AM: Starting Memory Sweep
    2:09 AM: Memory Sweep Complete, Elapsed Time: 00:15:15
    2:09 AM: Starting Registry Sweep
    2:10 AM: Found Adware: winad
    2:10 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 775720)
    2:10 AM: Found Adware: winantispyware 2005
    2:10 AM: HKCR\uwfx6pcheck.uwfx6pcheck.1\ (ID = 1136990)
    2:10 AM: HKCR\typelib\{2d687163-96cc-4409-94da-969d48f93f7f}\ (ID = 1137101)
    2:10 AM: HKCR\typelib\{64e338e4-da65-4923-8fe5-47954473d6fe}\ (ID = 1137111)
    2:10 AM: HKCR\typelib\{a24843d4-581b-4ed0-9487-9ee4ff88daae}\ (ID = 1137121)
    2:10 AM: HKCR\typelib\{cc92a2f6-55e8-40d8-99c2-717133429490}\ (ID = 1137131)
    2:10 AM: HKCR\typelib\{e1ba5887-184b-4c5e-8e82-3c5dcc946d0d}\ (ID = 1137141)
    2:10 AM: HKCR\typelib\{eb701895-7d43-426f-85b4-16c54f437298}\ (ID = 1137151)
    2:10 AM: HKLM\software\classes\uwfx6pcheck.uwfx6pcheck.1\ (ID = 1137248)
    2:10 AM: HKLM\software\classes\typelib\{2d687163-96cc-4409-94da-969d48f93f7f}\ (ID = 1137359)
    2:10 AM: HKLM\software\classes\typelib\{64e338e4-da65-4923-8fe5-47954473d6fe}\ (ID = 1137369)
    2:10 AM: HKLM\software\classes\typelib\{a24843d4-581b-4ed0-9487-9ee4ff88daae}\ (ID = 1137379)
    2:10 AM: HKLM\software\classes\typelib\{cc92a2f6-55e8-40d8-99c2-717133429490}\ (ID = 1137389)
    2:10 AM: HKLM\software\classes\typelib\{e1ba5887-184b-4c5e-8e82-3c5dcc946d0d}\ (ID = 1137399)
    2:10 AM: HKLM\software\classes\typelib\{eb701895-7d43-426f-85b4-16c54f437298}\ (ID = 1137409)
    2:10 AM: HKLM\system\currentcontrolset\control\safeboot\minimal\d_kmd.sys\ (1 subtraces) (ID = 1137425)
    2:10 AM: HKLM\system\currentcontrolset\control\safeboot\network\d_kmd.sys\ (1 subtraces) (ID = 1137427)
    2:10 AM: HKLM\system\currentcontrolset\services\d_kmd\ (12 subtraces) (ID = 1137429)
    2:10 AM: Found Adware: winantivirus pro
    2:10 AM: HKLM\software\winantivirus pro 2006\ (1 subtraces) (ID = 1216196)
    2:10 AM: Found Adware: websearch toolbar
    2:10 AM: HKU\S-1-5-21-790525478-484763869-1060284298-1000\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
    2:10 AM: Found Adware: 180search assistant/zango
    2:10 AM: HKU\S-1-5-21-790525478-484763869-1060284298-1000\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\180search assistant\ (ID = 972193)
    2:10 AM: Registry Sweep Complete, Elapsed Time:00:01:21
    2:10 AM: Starting Cookie Sweep
    2:10 AM: Found Spy Cookie: specificclick.com cookie
    2:10 AM: [email protected][2].txt (ID = 3400)
    2:10 AM: Found Spy Cookie: pointroll cookie
    2:10 AM: [email protected][1].txt (ID = 3148)
    2:10 AM: Found Spy Cookie: atwola cookie
    2:10 AM: [email protected][1].txt (ID = 2255)
    2:10 AM: Found Spy Cookie: trb.com cookie
    2:10 AM: [email protected][1].txt (ID = 3588)
    2:10 AM: Found Spy Cookie: directtrack cookie
    2:10 AM: [email protected][1].txt (ID = 2527)
    2:10 AM: Found Spy Cookie: fastclick cookie
    2:10 AM: [email protected][1].txt (ID = 2652)
    2:10 AM: Found Spy Cookie: overture cookie
    2:10 AM: [email protected][2].txt (ID = 3105)
    2:10 AM: [email protected][1].txt (ID = 2528)
    2:10 AM: Found Spy Cookie: server.iad.liveperson cookie
    2:10 AM: [email protected][1].txt (ID = 3341)
    2:10 AM: Found Spy Cookie: reliablestats cookie
    2:10 AM: [email protected][2].txt (ID = 3254)
    2:10 AM: Found Spy Cookie: tacoda cookie
    2:10 AM: [email protected][1].txt (ID = 6444)
    2:10 AM: [email protected][1].txt (ID = 3587)
    2:10 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
    2:11 AM: Starting File Sweep
    2:19 AM: dfd.sys (ID = 162513)
    2:44 AM: Found Adware: ist istbar
    2:44 AM: shortcuts.txt (ID = 64711)
    3:22 AM: Found Adware: instant access
    3:22 AM: old207.tmp (ID = 201164)
    3:22 AM: sysnetsvc32.inf (ID = 107282)
    3:23 AM: Found System Monitor: potentially rootkit-masked files
    3:23 AM: uzbrsmy_nav.dat (ID = 0)
    3:23 AM: uzbrsmy.dat (ID = 0)
    3:23 AM: uzbrsmy.exe (ID = 0)
    3:33 AM: Warning: Unhandled Archive Type
    3:34 AM: Warning: Unhandled Archive Type
    3:34 AM: Warning: Unhandled Archive Type
    3:34 AM: Warning: Unhandled Archive Type
    3:34 AM: Warning: Unhandled Archive Type
    3:34 AM: Warning: File not found
    3:34 AM: Warning: Unhandled Archive Type
    3:35 AM: Warning: Unhandled Archive Type
    3:35 AM: Warning: Invalid file - not a PKZip file
    3:35 AM: Warning: Invalid file - not a PKZip file
    3:35 AM: Warning: Invalid file - not a PKZip file
    3:35 AM: Warning: Invalid file - not a PKZip file
    3:35 AM: File Sweep Complete, Elapsed Time: 01:24:45
    3:35 AM: Full Sweep has completed. Elapsed time 01:41:30
    3:35 AM: Traces Found: 57
    8:40 AM: Removal process initiated
    8:40 AM: Quarantining All Traces: 180search assistant/zango
    8:40 AM: Quarantining All Traces: ist istbar
    8:40 AM: Quarantining All Traces: websearch toolbar
    8:40 AM: Quarantining All Traces: winad
    8:40 AM: Quarantining All Traces: instant access
    8:40 AM: Quarantining All Traces: winantivirus pro
    8:40 AM: Quarantining All Traces: atwola cookie
    8:40 AM: Quarantining All Traces: directtrack cookie
    8:40 AM: Quarantining All Traces: fastclick cookie
    8:40 AM: Quarantining All Traces: overture cookie
    8:40 AM: Quarantining All Traces: pointroll cookie
    8:40 AM: Quarantining All Traces: reliablestats cookie
    8:40 AM: Quarantining All Traces: server.iad.liveperson cookie
    8:40 AM: Quarantining All Traces: specificclick.com cookie
    8:40 AM: Quarantining All Traces: tacoda cookie
    8:40 AM: Quarantining All Traces: trb.com cookie
    8:40 AM: Quarantining All Traces: winantispyware 2005
    8:41 AM: Removal process completed. Elapsed time 00:00:48
    ********
    1:34 AM: | Start of Session, Thursday, June 01, 2006 |
    1:34 AM: Spy Sweeper started
    1:49 AM: Your spyware definitions have been updated.
    1:54 AM: | End of Session, Thursday, June 01, 2006 |
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Hijack looking stubborn
  1. jood
    Replies:
    6
    Views:
    323
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/470232

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice