1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT LOG INC. - Win32.Harnig.BV Found-HELP PLEASE!

Discussion in 'Virus & Other Malware Removal' started by SimplyRose, Jan 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. SimplyRose

    SimplyRose Thread Starter

    Joined:
    Jan 17, 2006
    Messages:
    36
    :confused:
    Yesterday, Zone Alarm Security Suite popped-up and said it had found this virus: "Win32.Harnig.BV". It could not Quarantine it but then said it was treated.
    The program that gave it to me was, "TNT-OLCALL.1.74_KG\crack.exe"

    Now I am concerned if it did any damage and if it is completely gone from my system.o worried their may be other items that should not be on my computer.

    I am inserting my HiJack Log in case there is more that I need to do or remove.

    Thanks In Advance:)

    HiJack This Log 1-17-06
    Logfile of HijackThis v1.99.1
    Scan saved at 6:33:48 PM, on 1/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\default\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=cons

    umer&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://online.tvguide.com/listings/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searc

    hbar&LC=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=cons

    umer&LC=0409
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sheila's IE
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone

    Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay

    Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch

    &c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -

    {06FE5D02-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch

    &c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch

    &c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -

    {06FE5D03-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch

    &c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=

    3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=

    3c00&LC=0409 (file missing)
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&

    c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818}

    -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&

    c=3c00&LC=0409 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file

    missing)
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -

    http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

    http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab

    ?1132276755052
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.c

    ab?1132281364771
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

    http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E32DC2F-2358-4B40-A676-DAFDDC56A3BC}:

    NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. -

    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program

    Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

    C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
     
  2. wdm2291

    wdm2291

    Joined:
    Nov 4, 2004
    Messages:
    403
    Hi Simply Rose,

    Your HijackThis log is very hard to read the way you have it posted.

    Can you please post your HijackThis log again. This time when you save it in Notepad, please click on Edit (in the Notepad file) and make sure "Word Wrap" is checked, and save it that way and then copy and paste it into back into this thread (that way all the lines will be together and not all separated as they are in your current post).

    thanks,

    Wayne
     
  3. SimplyRose

    SimplyRose Thread Starter

    Joined:
    Jan 17, 2006
    Messages:
    36
    Logfile of HijackThis v1.99.1
    Scan saved at 7:10:34 PM, on 1/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\default\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=cons

    umer&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://online.tvguide.com/listings/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searc

    hbar&LC=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=cons

    umer&LC=0409
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sheila's IE
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone

    Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay

    Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch

    &c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -

    {06FE5D02-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch

    &c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch

    &c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -

    {06FE5D03-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch

    &c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=

    3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=

    3c00&LC=0409 (file missing)
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&

    c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818}

    -

    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&

    c=3c00&LC=0409 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file

    missing)
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -

    http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

    http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab

    ?1132276755052
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.c

    ab?1132281364771
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

    http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E32DC2F-2358-4B40-A676-DAFDDC56A3BC}:

    NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. -

    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program

    Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

    C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe



    Looks the same to me so I put in the attachment of the log too:rolleyes:

    Am I doing something wrong?
     

    Attached Files:

  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Yes you're not doing wordwrap - this is how it should look

    Logfile of HijackThis v1.99.1
    Scan saved at 7:10:34 PM, on 1/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\default\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.tvguide.com/listings/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sheila's IE
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132276755052
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132281364771
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E32DC2F-2358-4B40-A676-DAFDDC56A3BC}: NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    http://www.kaspersky.com/virusscanner - Online scan

    When the scan is finished Post the results from the scan!
    =========

    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido
    · It will prompt you to update click the OK button and it will go to the main screen
    · On the left side of the main screen click update
    · Click on Start and let it update.
    · DO NOT run a scan yet. You will do that later in safe mode.

    Restart your computer into safe mode now. Perform the following steps in safe mode:
    (Start tapping F8 at the first black screen after power up)

    Run Ewido:
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · During the scan it will prompt you to clean files, click OK
    · When the scan is finished, look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    Boot to normal mode
    Post that log and a new HiJack log
     
  6. SimplyRose

    SimplyRose Thread Starter

    Joined:
    Jan 17, 2006
    Messages:
    36
    Thanks,
    But mine looks like that it Note Pad but when I PASTE it, it all comes apart.

    I did send it in my last post as an attachment, and it came out the way it did in your example and my Note Pad.

    I assure all that the attachment is ONLY the HiJack This Log and nothing more.

    Hope that helps :)
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Have no idea what you just said - I open your attachement and posted the log with word wrap checked

    Do what I said WRT Ewido and Kaspersky
     
  8. SimplyRose

    SimplyRose Thread Starter

    Joined:
    Jan 17, 2006
    Messages:
    36
    Will do
    MFDnSC

    Am working on it but won't be posting till in the morning, it's I had major surgery and need to rest after messing with this tonight! So don't expect something until in the morning.

    Thank you for sticking with me, you all are great!

    Everyone should Donate when you all put in so much work to help us out. Sites like this is a great option for those who can't afford a tech to fix it in your home or a shop!
     
  9. SimplyRose

    SimplyRose Thread Starter

    Joined:
    Jan 17, 2006
    Messages:
    36
    Kaspersky Scan Results:
    My Computer:
    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Wednesday, January 18, 2006 08:51:13
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 18/01/2006
    Kaspersky Anti-Virus database records: 171720
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 27699
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 3295 sec
    No malware has been detected. The sections that have been scanned are CLEAN.

    Scan process completed.
    ___________________________________________________________________
    Critical Areas:
    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Wednesday, January 18, 2006 10:06:28
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 18/01/2006
    Kaspersky Anti-Virus database records: 171720
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - Critical Areas:
    C:\WINDOWS
    C:\DOCUME~1\default\LOCALS~1\Temp\

    Scan Statistics:
    Total number of scanned objects: 15902
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 2666 sec
    No malware has been detected. The sections that have been scanned are CLEAN.

    Scan process completed.
    ____________________________________________________________________
    My Email:
    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Wednesday, January 18, 2006 10:57:07
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 18/01/2006
    Kaspersky Anti-Virus database records: 171720
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Email:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 40
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 168 sec
    No malware has been detected. The sections that have been scanned are CLEAN.

    Scan process completed.


    __________________________________________________________________


    Note: Downloaded "Ewido". Am now installing and then I will run it and post the results as instructed. Shouldn't take long
     
  10. SimplyRose

    SimplyRose Thread Starter

    Joined:
    Jan 17, 2006
    Messages:
    36
    Hi MFDnSC,

    Sorry so long getting this done, but I ran into another problem and had to Post it in a different area here to get it fixed before I could do what you suggested. It was a BIGGIE!

    If you want to see the problem I had, you can find it here:
    http://forums.techguy.org/windows-n...-my-user-account-help-please.html#post3300999
    or



    Here is the "EWIDO" Log:

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 10:34:04 PM, 1/19/2006
    + Report-Checksum: D2A648F3

    + Scan result:

    C:\WINDOWS\PCTPTT.EXE -> Dialer.Generic : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.145:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.146:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.166:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.171:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.174:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.194:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.195:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\SimplyRose\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    -> : Error during cleaning
    :mozilla.39:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.145:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.146:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.166:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.171:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.174:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.194:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.195:C:\Documents and Settings\SimplyRose\Log In\Application Data\Mozilla\Firefox\Profiles\h7bqjylp.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup


    ::Report End

    ___________________________________________________________________

    HiJack This Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:49:19 PM, on 1/19/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Documents and Settings\SimplyRose\User Accounts\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://online.tvguide.com/listings/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
    O4 - Startup: Pop-Up When my desktop is loading 1-19-06.txt
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132276755052
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132281364771
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

    _________________________________________________________________________

    Hope this will help :rolleyes:
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  12. SimplyRose

    SimplyRose Thread Starter

    Joined:
    Jan 17, 2006
    Messages:
    36
    I have Zone Alarm security suite, updated daily and scans daily.

    I don't know why it didn't show up. unless it was when I ran Kaspersky, it saidto shut off any Anti-Virus program while it was running so it wouldn't conflict with it's scan :rolleyes:

    I just keep having more and more problems.

    was there anything I needed to do besides the Anti-virus. Zone Alarm updated and scanned today and found nothing. I can run it again if you think I need to?

    Now, my firefox is acting up :mad:

    It made me create a user name and password to access it after closing it all up. there was a default ID there, but said it was already in use, I am sooooooo mad at this darn thing!

    Now that I created a sign-in for it, all my stuff is gone!!!!! Bookmarks!!!!!

    I went to restore to try and undo it but guess what it said:eek:

    If you restore you will lose this new account and the sheila one will come back, MAYBE-who knows!

    I just don't know what to do anymore about it all :confused:
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Sorry missed that - I saw the firewall but missed the AV

    Let's do one more thing

    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435005

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice