1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

slow computer (spyware?)

Discussion in 'Virus & Other Malware Removal' started by budgirl369, Feb 4, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. budgirl369

    budgirl369 Thread Starter

    Joined:
    Feb 3, 2007
    Messages:
    2
    Incident Status Location
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Internetfuel Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][2].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\austin\Cookies\[email protected][1].txt
    Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\austin\Local Settings\Temp\i12.tmp
    Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\austin\Local Settings\Temp\RN.dll
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\christy\Application Data\Mozilla\Profiles\default\o1m8ydpz.slt\cookies.txt[.atwola.com/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\christy\Application Data\Mozilla\Profiles\default\o1m8ydpz.slt\cookies.txt[.z1.adserver.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\christy\Application Data\Mozilla\Profiles\default\o1m8ydpz.slt\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\christy\Application Data\Mozilla\Profiles\default\o1m8ydpz.slt\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\christy\Application Data\Mozilla\Profiles\default\o1m8ydpz.slt\cookies.txt[.2o7.net/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\christy\Cookies\[email protected][1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\christy\Cookies\[email protected][2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\christy\Cookies\[email protected][2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\christy\Cookies\[email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\christy\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\christy\Cookies\[email protected][2].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\christy\Cookies\[email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\christy\Cookies\[email protected][1].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\christy\Cookies\[email protected][1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\christy\Cookies\[email protected][2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
    Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\9.dll
    Adware:Adware/CommAd Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\cmdinst.exe
    Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\GLF1EGLF1E.EXE
    Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\msin_installer1\getnexus.exe
    Hacktool:Generic Application Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\msin_installer2\gb.exe
    Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe
    Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\tsupdate_4_0_3_9_b2.exe
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][3].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][1].txt
    Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\tiffany\Cookies\[email protected][2].txt
    Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\tiffany\Local Settings\Temp\clicks.dll
    Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\tiffany\Local Settings\Temp\v1.dll
    Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\tiffany\Local Settings\Temp\WildWinTracker.exe
    Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
    Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\kkim\kkimd\kkimc.dll
    Adware:Adware/IST.SideFind Not disinfected C:\Program Files\Common Files\kkim\kkimp.exe
    Adware:Adware/Zango Not disinfected C:\Program Files\Zango Messenger\idle.dll
    Adware:adware/aurora Not disinfected C:\WINDOWS\abiuninst.htm
    Adware:Adware/Midaddle Not disinfected C:\WINDOWS\addit.exe Adware:adware/exact.bargainbuddy Not disinfected C:\WINDOWS\bargain3.exe
    Spyware:spyware/clipgenie Not disinfected C:\WINDOWS\clipg.exe
     
  2. techkid

    techkid

    Joined:
    Sep 1, 2004
    Messages:
    2,339
    First Name:
    David
    Although I can't assist in HJT logs or malware removal, I must recommend that you have it moved to the Security forum.

    In the top-right corner of your message is a red triangle with an exclamation mark: Report Post to Moderators. Ask them politely if they can move your post to the Security forum. You'll more likely (and more quickly) get a response.
     
  3. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    This is my neighbors compaq...windows xp..sp2 with IE 7. The report above is a Panda online scan.
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Please download ATF Cleaner by Atribune
    This program is for XP and Windows 2000 only

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

    If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    =============================================

    Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    ;)
     
  5. budgirl369

    budgirl369 Thread Starter

    Joined:
    Feb 3, 2007
    Messages:
    2
    Logfile of HijackThis v1.99.1
    Scan saved at 11:48:25 AM, on 2/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1167451785\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
    C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\AOL\1167451785\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\1167451785\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Common Files\AOL\1167451785\ee\aolsoftware.exe
    C:\Program Files\Common Files\AOL\1167451785\ee\SSCEvtHdlr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\christy\Local Settings\Temporary Internet Files\Content.IE5\MOQX5NXC\ATF-Cleaner[2].exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1044
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {A18824B9-0009-D2C0-702D-1C36207E693C} - C:\WINDOWS\System32\CdmFiles\wnkejcabck.dll (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [DVDTray] C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DVDBitSet] C:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe /NOUI
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
    O4 - HKLM\..\Run: [AOLT4] E:\AOLSETUP.EXE -ACS
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167451785\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1167451785\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1167451785\ee\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.34/waterwheel/waterwheel-ob-assets.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.2.30/poppit2/poppit2-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.4.0.34/peaks/peaks-ob-assets.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1167451785\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
     
  6. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Hi again.....sorry for the delay......your not infected so no worries,just a bit of hoovering to do:)

    Run hijackthis again and put a checkmark against these entries....double check
    in case you miss anything....
    .....then,close all browser and outlook windows INCLUDING THIS ONE and "fix checked"

    O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
    O2 - BHO: (no name) - {A18824B9-0009-D2C0-702D-1C36207E693C} - C:\WINDOWS\System32\CdmFiles\wnkejcabck.dll (file missing)
    O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)


    ;)
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/541021

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice