1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: All kinds of Popups, and saying my computer is infected

Discussion in 'Virus & Other Malware Removal' started by jwlknsn7, Jul 25, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. jwlknsn7

    jwlknsn7 Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    11
    Please could someone check my HJT log and advise what to do necessary. I'm getting allkinds of popups saying computer is infected in particular with OHPE ver 4.12_23

    Logfile of HijackThis v1.99.1
    Scan saved at 18:43:14, on 25/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\atmclk.exe
    C:\WINDOWS\system32\dcomcfg.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\AOL 9.0a\waol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AOL 9.0a\aoltray.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Common Files\AOL\1150192763\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1150192763\ee\AOLServiceHost.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    c:\program files\common files\aol\1150192763\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    C:\Program Files\Common Files\AOL\1150192763\ee\AOLServiceHost.exe
    C:\Program Files\AOL 9.0a\shellmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1033
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp100.tmp
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150192763\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4B21355F-E962-4B02-8AC5-31639DFE61D4}: NameServer = 205.188.146.145
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    Thanks
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  3. jwlknsn7

    jwlknsn7 Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    11
    SmitFraudFix v2.75b

    Scan done at 17:37:51.80, 26/06/2006
    Run from C:\Documents and Settings\adam wilkinson\Desktop\SmitFraud\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="acheweed"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\mzoeut.dll ->
    C:\WINDOWS\system32\mzoeut.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\atmclk.exe Deleted
    C:\WINDOWS\system32\dcomcfg.exe Deleted
    C:\WINDOWS\system32\hp???.tmp Deleted
    C:\WINDOWS\system32\ld???.tmp Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\regperf.exe Deleted
    C:\WINDOWS\system32\simpole.tlb Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\ts.ico Deleted
    C:\WINDOWS\system32\1024\ Deleted
    C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
    C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
    C:\Program Files\Security Toolbar\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Now for the new HJT log

    Logfile of HijackThis v1.99.1
    Scan saved at 17:46:22, on 26/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Common Files\AOL\1150192763\ee\AOLHostManager.exe
    C:\Program Files\AOL 9.0a\aoltray.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\AOL\1150192763\ee\AOLServiceHost.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    c:\program files\common files\aol\1150192763\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    C:\Program Files\Common Files\AOL\1150192763\ee\AOLServiceHost.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\AOL 9.0a\waol.exe
    C:\Program Files\AOL 9.0a\shellmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1033
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150192763\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4B21355F-E962-4B02-8AC5-31639DFE61D4}: NameServer = 205.188.146.145
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  4. jwlknsn7

    jwlknsn7 Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    11
    well this must be a record, been online about half an hour since doing that fix and not one pop-up yet! Is that it then? How's the logs look? Previously to all these popups was a little but suss about my comp, wasnt performing as fast as id like.

    Things look ok?

    Cheers
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    What have you disabled in msconfig


    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · Run the application
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Apply all actions
    · look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    RE-Boot
    Post that log and a new HiJack log
     
  6. jwlknsn7

    jwlknsn7 Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    11
    The MSConfig thing is because that's how I had to restart into safe mode. The disabled part in MSConfig will be when I was finished in safemode turning off the safemode box in that Boot.ini tab.

    When I tried to reboot in safe mode using the F8 method it just comes up with a blue box on my screen asking me to choose my boot device - floppy disc etc.

    Am I still ok to proceed to the next instructions?
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    yes run ewido
     
  8. jwlknsn7

    jwlknsn7 Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    11
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 18:41:31 27/06/2006

    + Scan result:



    HKU\S-1-5-21-1644491937-1993962763-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F7D40011-29BB-43EB-9C97-875CE89E9E36} -> Adware.Generic : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Local Settings\Temporary Internet Files\Content.IE5\81AVKDIR\Scripts[1].js -> Adware.MediaMotor : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Local Settings\Temporary Internet Files\Content.IE5\WTGF0V4J\ControllerScripts[1].js -> Adware.MediaMotor : Cleaned.
    C:\Program Files\Common Files\Sandlot Shared\slghex.dll -> Adware.SpywareStorm : Cleaned.
    D:\John\FranklinGoestoSchoolSetup-dm.exe -> Adware.Trymedia : Cleaned.
    D:\John\MobEnf_Setup-dm.exe -> Adware.Trymedia : Cleaned.
    D:\John\RiskII-dm.exe -> Adware.Trymedia : Cleaned.
    D:\abbies file\3DMiniGolfSetupGB-dm.exe -> Adware.Trymedia : Cleaned.
    D:\abbies file\BookwormDeluxe-dm.exe -> Adware.Trymedia : Cleaned.
    D:\abbies file\RollerCoasterTycoon2-dm.exe -> Adware.Trymedia : Cleaned.
    D:\abbies file\Snoozleberg2Setup-dm.exe -> Adware.Trymedia : Cleaned.
    C:\Documents and Settings\john wilkinson\Application Data\winantispyware2006freeinstall[1].exe -> Downloader.Agent.alr : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\john wilkinson\Cookies\john [email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\john wilkinson\Cookies\john [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\john wilkinson\Cookies\john [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\john wilkinson\Cookies\john [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\john wilkinson\Cookies\john [email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Adviva : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Adviva : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\john wilkinson\Cookies\john [email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\john wilkinson\Cookies\john [email protected][1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Hitslink : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Hitslink : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Onestat : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Paycounter : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Paycounter : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Qksrv : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\john wilkinson\Cookies\john [email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Res99 : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Sexlist : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Sexlist : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\david wilkinson\Cookies\david [email protected][2].txt -> TrackingCookie.Xxxcounter : Cleaned.
    C:\Documents and Settings\john wilkinson\Cookies\john [email protected][2].txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\adam wilkinson\Cookies\adam [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\abbie wilkinson\Cookies\abbie [email protected][2].txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    HJT LOG

    Logfile of HijackThis v1.99.1
    Scan saved at 18:58:09, on 27/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AOL 9.0a\waol.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Common Files\AOL\1150192763\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1150192763\ee\AOLServiceHost.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    c:\program files\common files\aol\1150192763\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    C:\Program Files\Common Files\AOL\1150192763\ee\AOLServiceHost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AOL 9.0a\shellmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\AOL 9.0a\aoltray.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1033
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150192763\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4B21355F-E962-4B02-8AC5-31639DFE61D4}: NameServer = 205.188.146.145
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    IE - Block Third party cookies
    1. Click on the Tools button on the Internet Explorer tool bar.
    2. Highlight and click on Internet options at the bottom of the Tools menu.
    3. Select the Privacy Tab of the Internet Options menu.
    4. Select the Advanced... button at the bottom of the screen.
    5. Select override automatic cookie handling button.
    6. To block third party cookies select block under "Third-party cookies".
    7. Select "always allow session cookies".
    8. Click on the OK button at the bottom of the screen.
    ======================

    Clean [​IMG] - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?

    Restore points
    Turn off restore points, boot, turn them back on – here’s how

    XP
    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
     
  10. jwlknsn7

    jwlknsn7 Thread Starter

    Joined:
    Jul 25, 2006
    Messages:
    11
    Seems fine, cheers mate. Can't thank you enough.

    I've selected solved as requested.

    Thanks

    Jwlknsn7
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/486281

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice