Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Hijack Log... Please Help

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Hijack Log... Please Help

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 03-08-2006, 10:05 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2006
Posts: 5
poseidon Is a beginner here at D-A-L
Hijack Log... Please Help
Hey... I have heaps of popups and internet explorer doesnt work very well anymore.
Please help

Logfile of HijackThis v1.99.1
Scan saved at 6:50:22 PM, on 3/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA MP.EXE
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\dfndrac_6.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\{54A58EF0-0A62-3081-0813-03030408003d}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Multimedia Keyboard\Multimedia Keyboard\mm2000.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpande r.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Geoff\Desktop\hijackthis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C83 Series" /O6 "USB001" /M "Stylus C83"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX650 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA MP.EXE /P31 "EPSON Stylus Photo RX650 Series" /O6 "USB002" /M "Stylus Photo RX650"
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [defender] C:\\dfndrac_6.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [GentlemanFox] C:\Program Files\Gentleman Fox\Gentleman Fox.lnk
O4 - HKCU\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C83 Series" /M "Stylus C83" /EF "HKCU"
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpande r.exe
O4 - Global Startup: Multimedia Keyboard.lnk = C:\Program Files\Multimedia Keyboard\Multimedia Keyboard\mm2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/w...omanagerwt.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 03-08-2006, 09:21 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Hijack Log... Please Help
Welcome to DAL,


Look in add/remove program and remove IPWINS if present.



Download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  1. Once you have downloaded Ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Right click on ewido in the system tray and uncheck "Start with Windows".
  3. Go to Start > Run and type: services.msc
  4. Press "OK".
  5. In Services, click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
  6. When you find the guard service, double-click on it.
  7. In the Properties Window > General Tab that opens, click the "Stop" button.
  8. From the drop-down menu next to "Startup Type", click on "Manual".
  9. Now click "Apply", then "OK" and close the Services window.
  10. Once the setup is complete you will need run ewido and update the definition files.
  11. On the main screen select the icon "Update" then select the "Update now" link.
  12. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    If you are having problems with the updater, manually update with the Ewido Full database installer from here.
[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".[*]Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
Close ewido anti-spyware Do Not run a scan yet.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "BFU"

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not run the Uninstaller and the Remover yet.

Please reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key.
Use the arrow keys to highlight Safe Mode and press the Enter key.
  • Lauch ewido anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system. Make sure to remember where you save that file.
Now close ewido anti-spyware..

Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu

Press execute and let it do its job.

Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.


This line here:

O4 - HKCU\..\Run: [GentlemanFox] C:\Program Files\Gentleman Fox\Gentleman Fox.lnk

Are you familiar with this, did you install it, never seen that before.


Please run HijackThis, click Scan, and check the following:

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [defender] C:\\dfndrac_6.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe


Close all open windows except HijackThis, and click Fix Checked.


Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE FILES:

C:\\dfndrac_6.exe



DELETE FOLDERS

C:\Program Files\ipwins
C:\Program Files\TClock



Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 04-08-2006, 01:54 PM
Newbie
D-A-L Newbie
  
Join Date: Aug 2006
Posts: 5
poseidon Is a beginner here at D-A-L
Re: Hijack Log... Please Help
hello... thank you so much for helping me with this...

the hijack this report is:
Logfile of HijackThis v1.99.1
Scan saved at 10:43:50 PM, on 4/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Geoff\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C83 Series" /O6 "USB001" /M "Stylus C83"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX650 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA MP.EXE /P31 "EPSON Stylus Photo RX650 Series" /O6 "USB002" /M "Stylus Photo RX650"
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C83 Series" /M "Stylus C83" /EF "HKCU"
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpande r.exe
O4 - Global Startup: Multimedia Keyboard.lnk = C:\Program Files\Multimedia Keyboard\Multimedia Keyboard\mm2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/w...omanagerwt.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe



and the ewido report is this:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:34:21 PM 4/08/2006

+ Scan result:



C:\Installer2.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\warebundle2.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\kybrdac_6.exe -> Downloader.VB.ada : Cleaned with backup (quarantined).
C:\Documents and Settings\Geoff\Local Settings\Temp\Temporary Internet Files\Content.IE5\TQ2PWXTS\i[1].exe -> Downloader.VB.aik : Cleaned with backup (quarantined).
C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\4994Z2W8\ABoxInst_int15[1].exe -> Downloader.VB.ft : Cleaned with backup (quarantined).
C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\59K9LUWA\ABoxInst_int15[1].exe -> Downloader.VB.ft : Cleaned with backup (quarantined).
C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\RY5YJCTB\ABoxInst_int15[1].exe -> Downloader.VB.ft : Cleaned with backup (quarantined).
C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\UCRLV7PJ\ABoxInst_int15[1].exe -> Downloader.VB.ft : Cleaned with backup (quarantined).
C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\4994Z2W8\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\8U1PG3G5\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\H5JKDSWZ\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\UCRLV7PJ\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1O63Z8YZ\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1O63Z8YZ\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
:mozilla.340:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.240:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.349:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Geoff\Cookies\geoff@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.102:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.103:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.162:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.163:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.165:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\WINDOWS\Temp\Cookies\geoff@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.380:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.381:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.134:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.135:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.136:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.137:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.138:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.338:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.114:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.179:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.325:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.326:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.79:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Geoff\Cookies\geoff@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Geoff\Local Settings\Temp\Cookies\geoff@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Geoff\Local Settings\Temp\Cookies\geoff@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\geoff@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.50:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.290:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.291:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.341:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.342:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Geoff\Cookies\geoff@e-2dj6wgkochczkgq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Geoff\Cookies\geoff@e-2dj6wgkywmajehp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Geoff\Cookies\geoff@e-2dj6wjnygmdzeho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.248:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.249:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.250:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.251:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.252:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.286:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.287:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.288:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.289:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.278:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.279:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.280:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.382:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.383:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.384:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.253:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Geoff\Local Settings\Temp\Cookies\geoff@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\WINDOWS\Temp\Cookies\geoff@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
:mozilla.185:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.268:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.184:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\Temp\Cookies\geoff@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.194:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.195:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.196:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Geoff\Cookies\geoff@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Geoff\Local Settings\Temp\Cookies\geoff@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.117:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.118:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.119:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.120:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.121:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.85:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.87:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.89:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.90:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.91:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.92:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.93:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.229:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.100:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.109:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.97:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.99:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.203:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.353:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.354:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.168:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.7:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.339:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.345:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.346:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.347:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.307:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.308:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\r7c655ky.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Geoff\Cookies\geoff@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\geoff@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\geoff@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 04-08-2006, 05:35 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Hijack Log... Please Help
Hi,


Are you still getting popups?

What happened to all your running processes? The top part of your log is much shorter then the original log.

How is IE working now?
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 05-08-2006, 03:06 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2006
Posts: 5
poseidon Is a beginner here at D-A-L
Re: Hijack Log... Please Help
IE seems to be working well.. and no popups seem to be coming up.

Thanks

Ummm... I dont know what happened to processes

this is a new one, i may have done it while still in safe mode:
Logfile of HijackThis v1.99.1
Scan saved at 12:05:19 PM, on 5/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA MP.EXE
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Multimedia Keyboard\Multimedia Keyboard\mm2000.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpande r.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Geoff\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C83 Series" /O6 "USB001" /M "Stylus C83"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX650 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA MP.EXE /P31 "EPSON Stylus Photo RX650 Series" /O6 "USB002" /M "Stylus Photo RX650"
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C83 Series" /M "Stylus C83" /EF "HKCU"
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpande r.exe
O4 - Global Startup: Multimedia Keyboard.lnk = C:\Program Files\Multimedia Keyboard\Multimedia Keyboard\mm2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/w...omanagerwt.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe


Does everything look better now?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 06-08-2006, 12:27 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Hijack Log... Please Help
Hi,


Looks real good except two ani-virus scanners going at the same time might want to consider uninstalling one or disableing one and use it as an on demand scanner, but two things I would like for you to do. Your sunjava is out of date and is a security issue as it is now, so...


* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have next icon next to it:
Select it and click Remove.
* Then Download and install the newest version from here:
Sun Java


Then let's do an online scan with BitDefender to make sure all is well.



Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 06-08-2006, 06:47 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2006
Posts: 5
poseidon Is a beginner here at D-A-L
Re: Hijack Log... Please Help
Hey i've done as directed and installed the new java thingo but when i do that online scan my c drive fills up.... i dont know with what or why but it looses hard drive space and then stops... i've only got 1.34 gb left on c drive now and i started off with way more than that... so i stopped the scan..

but here is the HJT report

Logfile of HijackThis v1.99.1
Scan saved at 3:44:11 PM, on 6/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA MP.EXE
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Multimedia Keyboard\Multimedia Keyboard\mm2000.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpande r.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Geoff\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C83 Series" /O6 "USB001" /M "Stylus C83"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX650 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA MP.EXE /P31 "EPSON Stylus Photo RX650 Series" /O6 "USB002" /M "Stylus Photo RX650"
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C83 Series" /M "Stylus C83" /EF "HKCU"
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpande r.exe
O4 - Global Startup: Multimedia Keyboard.lnk = C:\Program Files\Multimedia Keyboard\Multimedia Keyboard\mm2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/w...omanagerwt.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 06-08-2006, 08:25 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Hijack Log... Please Help
Very strange indeed. Is everything ok then? Running fine?
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 07-08-2006, 08:53 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2006
Posts: 5
poseidon Is a beginner here at D-A-L
Re: Hijack Log... Please Help
yeah everything seems fine... explorer is working good... Thanks

so no ideas why it filled my harddrive.../

But thank you for taking the time to help me out.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 08-08-2006, 12:54 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Hijack Log... Please Help
No idea.



If you are no longer having any more trouble here is some preventative measures for you.

Be sure to re-hide hidden files/folders if you were asked to unhide them

Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.

Read This First - IMPORTANT Instructions

Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.

Explained Here:
Windows XP: http://vil.nai.com/vil/SystemHelpDoc...ysRestore.aspx

Explained Here
Microsoft ME:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam


RegProtect

This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.

You have the option of allowing(good) items or blocking(bad)items.

http://www.diamondcs.com.au/index.php?page=regprot


To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

http://www.microsoft.com/windows/ie/default.asp


2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1

Avast: http://www.avast.com/eng/avast_4_home.html


3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
Windows Defender

http://www.microsoft.com/athome/secu...e/default.mspx


4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Kerio.cfm

OutPost Personal Firewall:
Outpost



5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/


6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:

http://www.javacoolsoftware.com/spywareblaster.html


If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/


IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm


Block access to Untrustworthy Sites

You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.



*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
about:blank hijack - Hijack this log muzikmann Spyware, Adware, Viruses and HijackThis Logs 3 02-09-2004 06:47 PM


All times are GMT +1. The time now is 08:09 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav