Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Popup Help! (with hjt log)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Popup Help! (with hjt log)

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 08-01-2007, 03:13 PM
J-T J-T is offline
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 6
J-T Is a beginner here at D-A-L
Popup Help! (with hjt log)
Hi

I've tried to search the entries on my log myself, but they seem to be coming up ok, but i still get popups every 2 minutes. I have spybot and ntl antivirus installed, which i keep updated, but it got round them! here is my log, any help is much appreciated

Logfile of HijackThis v1.99.1
Scan saved at 14:12:42, on 08/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1127497943045
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1127497371343
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bal...webinstall.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/c...jolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/gho...sis/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.bigfishgames.com/online/f...utLauncher.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Client (nwclntd) - Unknown owner - C:\WINDOWS\system32\netclnd.exe (file missing)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 09-01-2007, 12:54 PM
J-T J-T is offline
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 6
J-T Is a beginner here at D-A-L
Re: Popup Help! (with hjt log)
anyone?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 10-01-2007, 05:22 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Popup Help! (with hjt log)
You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and/or potential lost backup issues.

It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.
  • Create a new folder in your C: Drive.
  • Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and move the HijackThis.exe file into it.
  • Run HJT from there (and revise your shortcut accordingly).




Additionally, please rename 'HijackThis.exe' to 'foolyou.exe' because some infections may hide themselves in the first instance.


We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.




Download and install AVG Anti-Spyware 7.5 (AVG AS - formally known as Ewido anti-spyware 4.0 - uninstall any previous version first).
  • Click the Download BUTTON. On the next page click the Download now BUTTON.
  • Save and then install (Run) from the save location.
  • Open/Run AVG Anti-Spyware
  • Wait a few moments and AVG Anti-Spyware should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:

    Quote:
  • Click on the Update now LINK at the top of the window
    • Click on the Start update button
    • Wait for the update to download and install
    		•
  • This is very important to get the LATEST updates.
  • Click on the Status ICON
    • Under "Your computers Security"
      Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
  • Click on the Scanner ICON at the top of the window
  • Click on the Settings tab then select Recommended Actions and choose Quarantine
  • When updating has finished. Close AVG Anti-Spyware.



We will be using this tool in a later step.




Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________


Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware , and run a full scan:
  • Click on the default Status ICON and select the Scan now LINK.

    OR

  • Click on the Scanner ICON . Select the Scan TAB.

    • Select Complete System Scan. AVG Anti-Spyware will now begin to scan your system.

  • If AVG Anti-Spyware finds anything it will list them in the Preview WINDOW:
    • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).

  • When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
  • Copy and paste the AVG Anti-Spyware scan results into your next post.
  • Close AVG Anti-Spyware.


REBOOT and Post your latest HijackThis log (using foolyou.exe). And, let us know how your PC is now behaving – any changes in behavior.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 12-01-2007, 05:52 PM
J-T J-T is offline
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 6
J-T Is a beginner here at D-A-L
Re: Popup Help! (with hjt log)
Hi

Thanks for taking the time to do that!!
Ok, followed the instructions. No real change in my PC's behaviour (other than taking a bit longer to startup). The popups are still there (don't know if they're meant to be or not ). Here is the what the AVG scan found:



Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:40:37 12/01/2007

+ Scan result:



HKLM\SOFTWARE\backup\EliteSideBar -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Downloads\PSamNoNeed-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22} -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422} -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422} -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier.1 -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier.1\CL SID -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier\CLSI D -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier\CurV er -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\wasfsd -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\wasfsd\Enum -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\wasfsd\Secu rity -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
C:\eied_s7.cab/eied_s7_c_200.exe -> Downloader.Mediket.bc : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.39:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.69:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.35:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.156:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.158:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.159:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.54:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.70:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.257:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@ads.guardian.co[2].txt -> TrackingCookie.Co : Cleaned.
:mozilla.34:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.109:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.129:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.139:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.140:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.141:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.146:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.168:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.176:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.186:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.203:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.218:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.241:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.272:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.273:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.277:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.96:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@e-2dj6wfk4wnajcgq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@e-2dj6wfkiupdzkgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@www.etracker[1].txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.74:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.56:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.47:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2B.tmp -> TrackingCookie.Goclick : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ38.tmp -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@server.iad.livepers on[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.55:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.57:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.162:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.163:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.143:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.144:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@stats1.reliablestat s[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.270:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.213:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.197:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.198:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.199:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.200:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.269:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.164:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.237:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.263:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.193:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.194:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.195:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.196:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ12.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1B.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ23.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ25.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2E.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3A.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3B.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3D.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ40.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ44.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ45.tmp -> TrackingCookie.Statcounter : Cleaned.
:mozilla.134:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.122:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.138:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.219:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ43.tmp -> TrackingCookie.Weborama : Cleaned.
:mozilla.148:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.149:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.150:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.151:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.152:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.153:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.154:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.155:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.166:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.167:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.173:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.174:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.175:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.240:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.67:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.73:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\duncan\Cookies\duncan@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ11.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ17.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1A.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1E.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ26.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ28.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2C.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2F.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ31.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ33.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ34.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ35.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ36.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ41.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ46.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ47.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ49.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4C.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4D.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4F.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ51.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ55.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ57.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ58.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ5B.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ5D.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ5E.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ62.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ63.tmp -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.210:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\ncat902.exe -> Trojan.Agent.fk : Cleaned with backup (quarantined).


::Report end



Here is the lastes HJT log:

Logfile of HijackThis v1.98.0
Scan saved at 16:51:48, on 12/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HijackThis\foolyou.exe.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1127497943045
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1127497371343
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bal...webinstall.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/c...jolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/gho...sis/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.bigfishgames.com/online/f...utLauncher.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"



and thanks again for your help!!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 13-01-2007, 03:40 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Popup Help! (with hjt log)
See if the following helps control your popups:

A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
  • Run the HiJackThis tool and select ‘Open the Misc Tools section’.
  • Next select ‘Open host file manager’ button.
  • Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
  • Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.

    EXCERPT:
    Quote:
    #start of lines added by WinHelp2002
    # [Misc A - Z]
    127.0.0.1 phpadsnew.abac.com
    127.0.0.1 a.abnad.net
    127.0.0.1 e.abnad.net
    127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
    .
    .
    .
    #end of lines added by WinHelp2002



Let us see what is loaded on your PC:
  • Run HijackThis and Click ‘Open the Misc Tools section’ button.
  • Then click the ‘Open Uninstall Manager…’ button.
  • Click the ‘Save list…’ button. Save uninstall_list to your desktop.

  • Open the Uninstall list file and post in your next reply please.


Quote:
Logfile of HijackThis v1.98.0
Your latest HijackThis LOG was run under an older version. Please re-run under v1.99.1.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
More CiD popup probs Phil Spyware, Adware, Viruses and HijackThis Logs 4 09-08-2007 02:54 PM
Autoplay popup AngryAngel Spyware, Adware, Viruses and HijackThis Logs 1 15-04-2006 12:06 AM
regfixnow.net popup tboz Spyware, Adware, Viruses and HijackThis Logs 1 27-03-2006 02:25 AM
Popup Blocker jimbo Spyware, Adware, Viruses and HijackThis Logs 1 13-02-2005 11:35 AM


All times are GMT +1. The time now is 08:49 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav