Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hello all i have a problem with spyware at the minute. I downloaded Spybot search and destroy, rebooted into safe mode and done the scan. It said all problems had been fixed.When i restarted i found that the popups that were appearing of such things as shopping and dating services now said 'url not found'.Some still came up though.
Any help would be greatly appreciated.
Many thanks,
Kyle
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
0 
.... have you also tried a virus scan?,try scanning in safe mode again,
empty temp folder,
empty temporary internet files folder,might try hijackthis:hjt
and save log and paste at:
HijackThis Log file
0
Thanks heres the hijack this log file:
Logfile of HijackThis v1.99.1
Scan saved at 22:20:13, on 08/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Kyle_2\LOCALS~1\Temp\Rar$EX02.062\ServInfo.exe
C:\asrc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.exe
C:\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btopenworld.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [PixAlertMonitor] C:\Program Files\BOS\PixAlert Monitor Home\MCtrlA5-0.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com
O15 - Trusted Zone: www.avsim.com
O15 - Trusted Zone: forums.avsim.net
O15 - Trusted Zone: library.avsim.net
O15 - Trusted Zone: www.avsim.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098731009296
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB6E7BF-876D-4715-BE70-337A4831922A}: NameServer = 194.72.9.34 62.6.40.178
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\m428lefu1h28.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
You are infected with Look2Me spyware.
Next download Look2Me-Destroyer from this link Look2Me-Destroyer
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.If Look2Me-Destroyer does not reopen automatically, reboot and try again.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Next go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab > uncheck and delete everything you find in there. (except for "My current home page")
Post a new HT log
0
Ok thank you I have ran through that and here is the new HT logfile:
Logfile of HijackThis v1.99.1
Scan saved at 00:20:48, on 09/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btopenworld.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [PixAlertMonitor] C:\Program Files\BOS\PixAlert Monitor Home\MCtrlA5-0.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com
O15 - Trusted Zone: www.avsim.com
O15 - Trusted Zone: forums.avsim.net
O15 - Trusted Zone: library.avsim.net
O15 - Trusted Zone: www.avsim.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098731009296
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB6E7BF-876D-4715-BE70-337A4831922A}: NameServer = 194.72.9.34 62.6.40.178
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Looks like you got it.
Run Ht again, close all windows and browsers except HT, place a check to the left of the following item and press "fix checked":
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
Please download ATF-Cleaner from this link
http://www.atribune.org/content/view/19/2/ we will run it in safe mode laterDownload Ewido Security Suite then set it up this way Ewido Setup Instructions <We will run it in safe mode later
Reboot the computer into safe mode by folllowing the directions at this link if you need them How To Boot into Safe Mode
Run ATF-Cleaner from safe mode.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Please reboot into normal mode and post the ewido log and an HT log.
I suggest that you uninstall p2p networking because most of them leave a unprotected shared folder on you system that by-passes, with your permissiom, your antivirus.
Some of the guys and gals around here may know a best way to to p2p but I do not.
0
just out of curiousity, i looked through the hj log file,,and didnt see anything about look 2 me spyware...where did you see it
0
Ive went through everything there, her is the ewido report file:
ewido anti-malware - Scan report
+ Created on: 14:24:43, 09/04/2006
+ Report-Checksum: BEE041D3+ Scan result:
HKLM\SOFTWARE\PSGuard.com -> Adware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard -> Adware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Adware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Adware.PSGuard : Cleaned with backup
HKLM\SOFTWARE\twaintec -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\kyle&kelly\Cookies\kyle&kelly@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\kyle&kelly\Cookies\kyle&kelly@www.incredifind[2].txt -> TrackingCookie.Incredifind : Cleaned with backup
C:\Documents and Settings\kyle&kelly\Cookies\kyle&kelly@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Epilot : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Kyle_2\Application Data\Mozilla\Firefox\Profiles\0hjiqchd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Kyle_2\Local Settings\Temporary Internet Files\Content.IE5\KPMVCLIR\AppWrap[1].exe -> Adware.Zestyfind : Cleaned with backup
C:\Documents and Settings\Kyle_2\Local Settings\Temporary Internet Files\Content.IE5\RD0KONFN\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Kyle_2\Local Settings\Temporary Internet Files\Content.IE5\RD0KONFN\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Kyle_2\Local Settings\Temporary Internet Files\Content.IE5\RD0KONFN\drsmartload[1].exe -> Downloader.VB.aad : Cleaned with backup
C:\Documents and Settings\Kyle_2\Local Settings\Temporary Internet Files\Content.IE5\WXURO5E3\105[1].avi -> Adware.Maxifiles : Cleaned with backup
C:\Downloads\JDAmericanFarmer_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\RECYCLER\S-1-5-21-2210005112-2695072642-2419647484-500\Dc6\ToolBar888.dll -> Adware.Softomate : Cleaned with backup
C:\WINDOWS\a3lsZSZrZWxseQ\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\a3lsZSZrZWxseQ\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\Installer.exe -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup
C:\WINDOWS\system32\repairs303169566.dll -> Adware.SurfSide : Cleaned with backup
C:\WINDOWS\Мicrosoft.NET\smss.exe -> Downloader.PurityScan.w : Cleaned with backup
::Report EndAnd here is the Hijack this logfile:
Logfile of HijackThis v1.99.1
Scan saved at 14:42:59, on 09/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.exe
C:\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btopenworld.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btopenworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [PixAlertMonitor] C:\Program Files\BOS\PixAlert Monitor Home\MCtrlA5-0.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com
O15 - Trusted Zone: www.avsim.com
O15 - Trusted Zone: forums.avsim.net
O15 - Trusted Zone: library.avsim.net
O15 - Trusted Zone: www.avsim.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098731009296
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB6E7BF-876D-4715-BE70-337A4831922A}: NameServer = 194.72.9.34 62.6.40.178
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Many thanks for your patience and helping me, i hope thats it sorted.
Kyle
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
