tried on my own cant do it need help pls

  1. 23-10-2005  #1
    vicki36x
    vicki36x is offline Newbie

    tried on my own cant do it need help pls

    hi to any1 who reads this my comp has been drivin me mad for ages now ive read forum after forum my comp keeps goin on a go slow and crashing ive downloaded "ad-aware" followed in structions on that ive run spy sweeper n still it goes slow i use avg virus i scan it shows virus "heals them" i run scan again they there again it puts some into quarintine what should be done with them after that?im not brill with computers wen they dont do what i xpect so i thank any1 in advance that may be able to help me out with this because kids are driving me mad o get comp fixed.
    ArchiveData(auto-quarantine- 2005-10-23 16-58-02.bckp)
    Referencefile : SE1R71 19.10.2005
    ================================================== ====

    MRU LIST
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[0]=MRU FileReference : C:\Documents and Settings\Ray\recent\Picture 5.lnk
    obj[1]=MRU FileReference : C:\Documents and Settings\Ray\recent\Picture 4.lnk
    obj[2]=MRU FileReference : C:\Documents and Settings\Ray\recent\Pictures and Videos.lnk
    obj[3]=MRU FileReference : C:\Documents and Settings\Ray\recent\vicki.lnk
    obj[4]=MRU FileReference : C:\Documents and Settings\Ray\recent\Unused Desktop Shortcuts.lnk
    obj[6]=MRU RegReference : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\windows\currentversion\exp lorer\comdlg32\opensavemru\*
    obj[7]=MRU RegReference : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\windows\currentversion\exp lorer\recentdocs\.jpg
    obj[8]=MRU RegReference : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\windows\currentversion\exp lorer\recentdocs\.rtf
    obj[9]=MRU RegReference : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\windows\currentversion\exp lorer\recentdocs\Folder
    obj[10]=MRU RegReference : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\windows\currentversion\exp lorer\comdlg32\lastvisitedmru
    obj[11]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername
    obj[12]=MRU RegReference : S-1-5-18\software\microsoft\windows media\wmsdk\general computername
    obj[13]=MRU RegReference : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\windows media\wmsdk\general computername
    this is the log from ad aware which i did today does it tell any1 anything thank you if any 1 can help me
  2. 23-10-2005  #2
    Neal
    Neal is offline Dedicated Member
    Hi there welcome to DAL

    Download the new version of hijackthis here:
    http://www.thatcomputerguy.us/downloads-cat4.html
    or here:
    http://majorgeeks.com/download3155.html

    Please put your HJT in a folder. Create a folder HJT such as C:\HJT or C:\Program Files\HJT. Copy or drag-and-drop the HijackThis program to the newly created folder. Then make or alter the shortcut to the HJT program.

    Notepad will open up and results of scan will be there, copy and paste that into your next reply. Thanks.
  3. 24-10-2005  #3
    vicki36x
    vicki36x is offline Newbie
    this is the log from the download 4 hijack this i have gone no further than put this here thank you for takin the time to reply Logfile of HijackThis v1.99.1
    Scan saved at 1:22:34 AM, on 10/24/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\msconfigx32.exe
    C:\WINDOWS\System32\Drivxp.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ray\Desktop\hijackthis1991.exe

    R3 - Default URLSearchHook is missing
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Microsoft Config 32] msconfigx32.exe
    O4 - HKLM\..\Run: [SWOD] C:\WINDOWS\exe82.exe
    O4 - HKLM\..\Run: [Winxp update] Drivxp.exe
    O4 - HKLM\..\Run: [Piuoxyul] C:\Program Files\Fehdx\Yeitw.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\RunServices: [Microsoft Config 32] msconfigx32.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Microsoft Config 32] msconfigx32.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/6512bd/games...ploader_v6.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...08/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AAF1D460-6253-465A-BA69-2BCC68D179F5}: NameServer = 212.74.114.129 212.74.114.193
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  4. 24-10-2005  #4
    Neal
    Neal is offline Dedicated Member
    Welcome to DAL,


    Please download, install, update and scan your system with the free version of Ewido trojan scanner: http://www.ewido.net/en/download/

    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    3. From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.

    4. After the update finishes (the status bar at the bottom will display ("Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.


    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.


    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.


    Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal.


    Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  5. 24-10-2005  #5
    vicki36x
    vicki36x is offline Newbie
    i am now running the ewido scan but to check first i didnt do anything with the hijack this except run the scan and posted the report in here,will now follow instructions with last post
  6. 24-10-2005  #6
    vicki36x
    vicki36x is offline Newbie
    here are the logs that u asked for again thank you neal for your help in this
    ---------------------------------------------------------
    ewido security suite - Process report
    ---------------------------------------------------------

    + Created on: 5:33:44 PM, 10/24/2005
    + Report-Checksum: 7E4898A8

    0: System Process
    4: System Process
    184: C:\PROGRA~1\Webshots\webshots.scr
    292: \SystemRoot\System32\smss.exe
    348: \??\C:\WINDOWS\system32\csrss.exe
    376: \??\C:\WINDOWS\system32\winlogon.exe
    424: C:\WINDOWS\system32\services.exe
    436: C:\WINDOWS\system32\lsass.exe
    588: C:\WINDOWS\system32\svchost.exe
    612: C:\WINDOWS\System32\svchost.exe
    684: C:\WINDOWS\System32\svchost.exe
    700: C:\WINDOWS\System32\svchost.exe
    796: C:\WINDOWS\System32\wuauclt.exe
    972: C:\WINDOWS\system32\spoolsv.exe
    976: C:\WINDOWS\Explorer.EXE
    1080: C:\WINDOWS\System32\alg.exe
    1104: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    1232: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    1256: C:\WINDOWS\system32\cisvc.exe
    1288: C:\Program Files\Executive Software\Diskeeper\DkService.exe
    1344: C:\Program Files\ewido\security suite\ewidoctrl.exe
    1392: C:\WINDOWS\System32\svchost.exe
    1428: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    1440: C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    1484: C:\Program Files\Logitech\Video\LogiTray.exe
    1516: C:\WINDOWS\System32\msconfigx32.exe
    1560: C:\WINDOWS\System32\Drivxp.exe
    1584: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    1592: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    1680: C:\Program Files\Spyware Doctor\swdoctor.exe
    1772: C:\Program Files\MSN Messenger\MsnMsgr.Exe
    1816: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    1832: C:\WINDOWS\System32\wdfmgr.exe
    1936: C:\WINDOWS\System32\LVComS.exe
    1984: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    2348: C:\WINDOWS\System32\wuauclt.exe
    3160: C:\WINDOWS\system32\cidaemon.exe
    3272: C:\Program Files\ewido\security suite\SecuritySuite.exe
    and this is the 2nd run log from hijack this which istill havent done anything with it as i am un sure which boxes to check incase it deletes something i need
    Logfile of HijackThis v1.99.1
    Scan saved at 5:34:54 PM, on 10/24/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\msconfigx32.exe
    C:\WINDOWS\System32\Drivxp.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Ray\Desktop\hijackthis1991.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Microsoft Config 32] msconfigx32.exe
    O4 - HKLM\..\Run: [SWOD] C:\WINDOWS\exe82.exe
    O4 - HKLM\..\Run: [Winxp update] Drivxp.exe
    O4 - HKLM\..\Run: [Piuoxyul] C:\Program Files\Fehdx\Yeitw.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\RunServices: [Microsoft Config 32] msconfigx32.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Microsoft Config 32] msconfigx32.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/6512bd/games...ploader_v6.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...08/mcfscan.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  7. 24-10-2005  #7
    Neal
    Neal is offline Dedicated Member
    On the Ewido scan did you click "full system scan"?

    Did you check for updates before scanning with Ewido?

    Ewido shows it did not find anything.

    If you didn't do those above please re-scan with ewido. Thanks
  8. 26-10-2005  #8
    vicki36x
    vicki36x is offline Newbie
    hi neal,i have tried a lot more scans but done no repairs to see if this tells u more about whats happenin i can only post 1 log in ere at 1 time so i will put them allin separate threads once again thank you for takin your time to try and help me alos i have to run these scans everyday to get comp to run half decent all except hijack this repair automaticly hijack ask if i sure as it may delete objects i dont no what is safe to delete?
    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 7:47:06 PM, 10/26/2005
    + Report-Checksum: 7DC48EF4

    + Scan result:

    C:\Documents and Settings\Ray\Local Settings\Temporary Internet Files\Content.IE5\5APUV5T7\v3cab[1].cab/v3.dll -> Spyware.EliteBar : Ignored
    C:\Documents and Settings\Ray\Local Settings\Temporary Internet Files\Content.IE5\XBZBHQFF\goaway[1].exe -> Trojan.LowZones.ct : Ignored
    C:\Documents and Settings\Ray\Local Settings\Temporary Internet Files\Content.IE5\XBZBHQFF\mmxxxxmas2[1].exe -> TrojanDownloader.VB.jl : Ignored
    C:\Documents and Settings\Ray\Local Settings\Temporary Internet Files\Content.IE5\XBZBHQFF\avatarz[1].exe -> Trojan.LowZones.cf : Ignored
    C:\Documents and Settings\Ray\Cookies\ray@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Ignored
    C:\Documents and Settings\Ray\Cookies\ray@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Ignored
    C:\Documents and Settings\Ray\Cookies\ray@adviva[2].txt -> Spyware.Cookie.Adviva : Ignored
    C:\Documents and Settings\Ray\Cookies\ray@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
    C:\Documents and Settings\Ray\Cookies\ray@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Ignored
    C:\Documents and Settings\Ray\Cookies\ray@advertising[2].txt -> Spyware.Cookie.Advertising : Ignored
    C:\Documents and Settings\Ray\Cookies\ray@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Ignored
    C:\Documents and Settings\Ray\Cookies\ray@revenue[2].txt -> Spyware.Cookie.Revenue : Ignored
    C:\Documents and Settings\Ray\Cookies\ray@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
    C:\goaway.exe -> Trojan.LowZones.ct : Ignored
    C:\avatarz.exe -> Trojan.LowZones.cf : Ignored
    C:\mmxxxxmas2.exe -> TrojanDownloader.VB.jl : Ignored


    ::Report End
  9. 26-10-2005  #9
    vicki36x
    vicki36x is offline Newbie
    this is the ad-aware lo
    Ad-Aware SE Build 1.06r1
    Logfile Created on:Wednesday, October 26, 2005 6:19:46 PM
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R72 26.10.2005
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    MRU List(TAC index:0):16 total references
    Possible Browser Hijack attempt(TAC index:3):2 total references
    Tracking Cookie(TAC index:3):16 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Definition File:
    =========================
    Definitions File Loaded:
    Reference Number : SE1R71 19.10.2005
    Internal build : 83
    File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
    File size : 536446 Bytes
    Total size : 1605851 Bytes
    Signature data size : 1572346 Bytes
    Reference data size : 32993 Bytes
    Signatures total : 44624
    CSI Fingerprints total : 1056
    CSI data size : 37714 Bytes
    Target categories : 15
    Target families : 763

    10-26-2005 6:17:47 PM Performing WebUpdate...

    Installing Update...
    Definitions File Loaded:
    Reference Number : SE1R72 26.10.2005
    Internal build : 84
    File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
    File size : 539750 Bytes
    Total size : 1615006 Bytes
    Signature data size : 1581460 Bytes
    Reference data size : 33034 Bytes
    Signatures total : 44876
    CSI Fingerprints total : 1056
    CSI data size : 37714 Bytes
    Target categories : 15
    Target families : 765


    10-26-2005 6:18:37 PM Success
    Update successfully downloaded and installed.


    Memory + processor status:
    ==========================
    Number of processors : 1
    Processor architecture : Intel Pentium III
    Memory available:17 %
    Total physical memory:114160 kb
    Available physical memory:18556 kb
    Total page file size:362528 kb
    Available on page file:50064 kb
    Total virtual memory:2097024 kb
    Available virtual memory:2046332 kb
    OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Search for low-risk threats
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Obtain command line of scanned processes
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Write-protect system files after repair (Hosts file, etc.)
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects


    10-26-2005 6:19:46 PM - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : C:\Documents and Settings\Ray\recent
    Description : list of recently opened documents


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X


    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplicatio n
    Description : most recent application to use microsoft directdraw


    MRU List Object Recognized!
    Location: : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\internet explorer
    Description : last download directory used in microsoft internet explorer


    MRU List Object Recognized!
    Location: : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\internet explorer\typedurls
    Description : list of recently entered addresses in microsoft internet explorer


    MRU List Object Recognized!
    Location: : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\mediaplayer\player\recentf ilelist
    Description : list of recently used files in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\mediaplayer\preferences
    Description : last playlist index loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\search assistant\acmru
    Description : list of recent search terms used with the search assistant


    MRU List Object Recognized!
    Location: : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\windows\currentversion\exp lorer\comdlg32\lastvisitedmru
    Description : list of recent programs opened


    MRU List Object Recognized!
    Location: : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\windows\currentversion\exp lorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according to file extension


    MRU List Object Recognized!
    Location: : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\windows\currentversion\exp lorer\recentdocs
    Description : list of recent documents opened


    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    MRU List Object Recognized!
    Location: : S-1-5-21-583907252-1935655697-854245398-1004\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    ModuleName : \SystemRoot\System32\smss.exe
    Command Line : n/a
    ProcessID : 300
    ThreadCreationTime : 10-26-2005 4:19:55 PM
    BasePriority : Normal


    #:2 [csrss.exe]
    ModuleName : \??\C:\WINDOWS\system32\csrss.exe
    Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
    ProcessID : 356
    ThreadCreationTime : 10-26-2005 4:20:05 PM
    BasePriority : Normal


    #:3 [winlogon.exe]
    ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
    Command Line : winlogon.exe
    ProcessID : 380
    ThreadCreationTime : 10-26-2005 4:20:08 PM
    BasePriority : High


    #:4 [services.exe]
    ModuleName : C:\WINDOWS\system32\services.exe
    Command Line : C:\WINDOWS\system32\services.exe
    ProcessID : 424
    ThreadCreationTime : 10-26-2005 4:20:10 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    ModuleName : C:\WINDOWS\system32\lsass.exe
    Command Line : C:\WINDOWS\system32\lsass.exe
    ProcessID : 436
    ThreadCreationTime : 10-26-2005 4:20:10 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    ModuleName : C:\WINDOWS\system32\svchost.exe
    Command Line : C:\WINDOWS\system32\svchost -k rpcss
    ProcessID : 608
    ThreadCreationTime : 10-26-2005 4:20:13 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    ModuleName : C:\WINDOWS\System32\svchost.exe
    Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
    ProcessID : 632
    ThreadCreationTime : 10-26-2005 4:20:14 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    ModuleName : C:\WINDOWS\System32\svchost.exe
    Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
    ProcessID : 748
    ThreadCreationTime : 10-26-2005 4:20:17 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    ModuleName : C:\WINDOWS\System32\svchost.exe
    Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
    ProcessID : 772
    ThreadCreationTime : 10-26-2005 4:20:17 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [explorer.exe]
    ModuleName : C:\WINDOWS\Explorer.EXE
    Command Line : C:\WINDOWS\Explorer.EXE
    ProcessID : 988
    ThreadCreationTime : 10-26-2005 4:20:23 PM
    BasePriority : Normal
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : EXPLORER.EXE

    #:11 [spoolsv.exe]
    ModuleName : C:\WINDOWS\system32\spoolsv.exe
    Command Line : C:\WINDOWS\system32\spoolsv.exe
    ProcessID : 996
    ThreadCreationTime : 10-26-2005 4:20:23 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.1699 (xpsp2.050610-1533)
    ProductVersion : 5.1.2600.1699
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:12 [alg.exe]
    ModuleName : C:\WINDOWS\System32\alg.exe
    Command Line : C:\WINDOWS\System32\alg.exe
    ProcessID : 1096
    ThreadCreationTime : 10-26-2005 4:20:25 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:13 [cisvc.exe]
    ModuleName : C:\WINDOWS\system32\cisvc.exe
    Command Line : C:\WINDOWS\system32\cisvc.exe
    ProcessID : 1260
    ThreadCreationTime : 10-26-2005 4:20:30 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Content Index service
    InternalName : cisvc.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : cisvc.exe

    #:14 [dkservice.exe]
    ModuleName : C:\Program Files\Executive Software\Diskeeper\DkService.exe
    Command Line : "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
    ProcessID : 1288
    ThreadCreationTime : 10-26-2005 4:20:32 PM
    BasePriority : Normal
    FileVersion : 9.0.532.0
    ProductVersion : 9.0.532.0
    ProductName : Diskeeper (TM) Disk Defragmenter
    CompanyName : Executive Software International, Inc.
    FileDescription : DKSERVICE.EXE
    InternalName : DKSERVICE
    LegalCopyright : © 1995-2005 Executive Software Int'l, Inc.
    OriginalFilename : DKSERVICE

    #:15 [ewidoctrl.exe]
    ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
    Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
    ProcessID : 1340
    ThreadCreationTime : 10-26-2005 4:20:37 PM
    BasePriority : Normal
    FileVersion : 3, 0, 0, 1
    ProductVersion : 3, 0, 0, 1
    ProductName : ewido control
    CompanyName : ewido networks
    FileDescription : ewido control
    InternalName : ewido control
    LegalCopyright : Copyright © 2004
    OriginalFilename : ewidoctrl.exe

    #:16 [svchost.exe]
    ModuleName : C:\WINDOWS\System32\svchost.exe
    Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
    ProcessID : 1400
    ThreadCreationTime : 10-26-2005 4:20:38 PM
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:17 [wrsssdk.exe]
    ModuleName : C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    Command Line : "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe"
    ProcessID : 1432
    ThreadCreationTime : 10-26-2005 4:20:39 PM
    BasePriority : Normal
    FileVersion : 2,0,3,364
    ProductVersion : 2, 0
    ProductName : Spy Sweeper SDK
    CompanyName : Webroot Software, Inc.
    FileDescription : Spy Sweeper SDK
    LegalCopyright : Copyright (C) 2002 - 2005, All Rights Reserved.
    LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
    OriginalFilename : SpySweeper.exe

    #:18 [jusched.exe]
    ModuleName : C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    Command Line : "C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe"
    ProcessID : 1440
    ThreadCreationTime : 10-26-2005 4:20:40 PM
    BasePriority : Normal


    #:19 [logitray.exe]
    ModuleName : C:\Program Files\Logitech\Video\LogiTray.exe
    Command Line : "C:\Program Files\Logitech\Video\LogiTray.exe"
    ProcessID : 1448
    ThreadCreationTime : 10-26-2005 4:20:41 PM
    BasePriority : Normal
    FileVersion : 8.1.5.1016
    ProductVersion : 8.1.5.1016
    ProductName : Logitech QuickCam
    CompanyName : Logitech Inc.
    FileDescription : ImageStudio Tray Application
    InternalName : LogiTray.exe
    LegalCopyright : (c) 1996-2003 Logitech. All rights reserved.
    OriginalFilename : LogiTray.exe

    #:20 [msconfigx32.exe]
    ModuleName : C:\WINDOWS\System32\msconfigx32.exe
    Command Line : "C:\WINDOWS\System32\msconfigx32.exe"
    ProcessID : 1460
    ThreadCreationTime : 10-26-2005 4:20:42 PM
    BasePriority : Normal
  10. 26-10-2005  #10
    vicki36x
    vicki36x is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    #:21 [drivxp.exe]
    ModuleName : C:\WINDOWS\System32\Drivxp.exe
    Command Line : "C:\WINDOWS\System32\Drivxp.exe"
    ProcessID : 1500
    ThreadCreationTime : 10-26-2005 4:20:43 PM
    BasePriority : Normal


    #:22 [spysweeper.exe]
    ModuleName : C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    Command Line : "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    ProcessID : 1604
    ThreadCreationTime : 10-26-2005 4:20:49 PM
    BasePriority : Normal
    FileVersion : 4,5,3,560
    ProductVersion : 4, 5
    ProductName : Spy Sweeper
    CompanyName : Webroot Software, Inc.
    FileDescription : Spy Sweeper Client Executable
    LegalCopyright : Copyright (C) 2002 - 2005, All Rights Reserved.
    OriginalFilename : SpySweeper.exe

    #:23 [swdoctor.exe]
    ModuleName : C:\Program Files\Spyware Doctor\swdoctor.exe
    Command Line : "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    ProcessID : 1640
    ThreadCreationTime : 10-26-2005 4:20:50 PM
    BasePriority : Normal
    FileVersion : 3.2.1.359
    ProductVersion : 3.1
    ProductName : Spyware Doctor
    CompanyName : PCTools
    FileDescription : Spyware Doctor
    InternalName : Spyware Doctor
    LegalCopyright : Copyright (c) 2004. Distributed by PC Tools Pty Ltd
    OriginalFilename : swdr.exe

    #:24 [msnmsgr.exe]
    ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
    Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    ProcessID : 1760
    ThreadCreationTime : 10-26-2005 4:20:53 PM
    BasePriority : Normal
    FileVersion : 7.5.0306
    ProductVersion : 7.5.0306
    ProductName : MSN Messenger
    CompanyName : Microsoft Corporation
    FileDescription : MSN Messenger
    InternalName : msnmsgr
    LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
    LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename : msnmsgr.exe

    #:25 [backweb-8876480.exe]
    ModuleName : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    Command Line : "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
    ProcessID : 1800
    ThreadCreationTime : 10-26-2005 4:20:57 PM
    BasePriority : Normal


    #:26 [wdfmgr.exe]
    ModuleName : C:\WINDOWS\System32\wdfmgr.exe
    Command Line : C:\WINDOWS\System32\wdfmgr.exe
    ProcessID : 1812
    ThreadCreationTime : 10-26-2005 4:20:57 PM
    BasePriority : Normal
    FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
    ProductVersion : 5.2.3790.1230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows User Mode Driver Manager
    InternalName : WdfMgr
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : WdfMgr.exe

    #:27 [dslmon.exe]
    ModuleName : C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    Command Line : "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" /W
    ProcessID : 1932
    ThreadCreationTime : 10-26-2005 410 PM
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : DSLMON Application
    FileDescription : ADIMON MFC Application
    InternalName : DSLMON
    LegalCopyright : Copyright (C) 2000
    OriginalFilename : ADIMON.EXE

    #:28 [lvcoms.exe]
    ModuleName : C:\WINDOWS\System32\LVComS.exe
    Command Line : C:\WINDOWS\System32\LVComS.exe -Embedding
    ProcessID : 1940
    ThreadCreationTime : 10-26-2005 411 PM
    BasePriority : Normal
    FileVersion : 8.0.3.1110
    ProductVersion : 8.0.3.1110
    ProductName : Logitech QuickCam
    CompanyName : Logitech Inc.
    FileDescription : LVCom Server
    InternalName : LVComS.exe
    LegalCopyright : (c) 1996-2003 Logitech. All rights reserved.
    OriginalFilename : LVComS.exe

    #:29 [webshots.scr]
    ModuleName : C:\PROGRA~1\Webshots\webshots.scr
    Command Line : C:\PROGRA~1\Webshots\webshots.scr /t
    ProcessID : 140
    ThreadCreationTime : 10-26-2005 421 PM
    BasePriority : Normal
    FileVersion : 2.2.0.4644
    ProductVersion : 2.2.0.4644
    ProductName : The Webshots Desktop
    CompanyName : Webshots.com
    FileDescription : Webshots Photo Manager
    InternalName : Webshots2
    LegalCopyright : Copyright (C) 2004
    OriginalFilename : Webshots2.SCR

    #:30 [wuauclt.exe]
    ModuleName : C:\WINDOWS\System32\wuauclt.exe
    Command Line : "C:\WINDOWS\System32\wuauclt.exe"
    ProcessID : 2560
    ThreadCreationTime : 10-26-2005 4:24:55 PM
    BasePriority : Normal
    FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
    ProductVersion : 5.8.0.2469
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Automatic Updates
    InternalName : wuauclt.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : wuauclt.exe

    #:31 [cidaemon.exe]
    ModuleName : C:\WINDOWS\system32\cidaemon.exe
    Command Line : cidaemon.exe DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1260l
    ProcessID : 3556
    ThreadCreationTime : 10-26-2005 4:28:26 PM
    BasePriority : Idle
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Indexing Service filter daemon
    InternalName : cidaemon.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : cidaemon.exe

    #:32 [avgupsvc.exe]
    ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    ProcessID : 3732
    ThreadCreationTime : 10-26-2005 4:30:32 PM
    BasePriority : Normal
    FileVersion : 7,1,0,285
    ProductVersion : 7.1.0.285
    ProductName : AVG 7.0 Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Update Service
    InternalName : avgupsvc
    LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
    OriginalFilename : avgupdsvc.EXE

    #:33 [avgamsvr.exe]
    ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    ProcessID : 3768
    ThreadCreationTime : 10-26-2005 4:30:43 PM
    BasePriority : Normal
    FileVersion : 7,1,0,285
    ProductVersion : 7.1.0.285
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Alert Manager
    InternalName : avgamsvr
    LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
    OriginalFilename : avgamsvr.EXE

    #:34 [avgcc.exe]
    ModuleName : C:\Program Files\Grisoft\AVG Free\avgcc.exe
    Command Line : "C:\Program Files\Grisoft\AVG Free\avgcc.exe" /STARTUP
    ProcessID : 3816
    ThreadCreationTime : 10-26-2005 4:30:55 PM
    BasePriority : Normal
    FileVersion : 7,1,0,287
    ProductVersion : 7.1.0.287
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Control Center
    InternalName : AvgCC
    LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
    OriginalFilename : AvgCC.EXE

    #:35 [avgemc.exe]
    ModuleName : C:\Program Files\Grisoft\AVG Free\avgemc.exe
    Command Line : "C:\Program Files\Grisoft\AVG Free\avgemc.exe"
    ProcessID : 3832
    ThreadCreationTime : 10-26-2005 4:30:55 PM
    BasePriority : Normal
    FileVersion : 7,1,0,286
    ProductVersion : 7.1.0.286
    ProductName : AVG Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG E-Mail Scanner
    InternalName : avgemc
    LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
    OriginalFilename : avgemc.exe

    #:36 [securitysuite.exe]
    ModuleName : C:\Program Files\ewido\security suite\SecuritySuite.exe
    Command Line : "C:\Program Files\ewido\security suite\SecuritySuite.exe"
    ProcessID : 2236
    ThreadCreationTime : 10-26-2005 5:10:59 PM
    BasePriority : Normal
    FileVersion : 3, 5, 0, 0
    ProductVersion : 3, 5, 0, 0
    ProductName : ewido security suite
    CompanyName : ewido networks
    FileDescription : security suite
    InternalName : GuiLoader
    LegalCopyright : © 2003 ewido networks
    OriginalFilename : SecuritySuite.exe

    #:37 [ad-aware.exe]
    ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
    ProcessID : 3096
    ThreadCreationTime : 10-26-2005 5:11:20 PM
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 16


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 16


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Trusted zone presumably compromised : media-motor.net

    Possible Browser Hijack attempt Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 0
    Category : Vulnerability
    Comment : Trusted zone presumably compromised : media-motor.net
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net
    Trusted zone presumably compromised : popuppers.com

    Possible Browser Hijack attempt Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 0
    Category : Vulnerability
    Comment : Trusted zone presumably compromised : popuppers.com
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 2
    Objects found so far: 18


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@tribalfusion[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:5
    Value : Cookie:ray@tribalfusion.com/
    Expires : 1-1-2038 1:00:00 AM
    LastSync : Hits:5
    UseCount : 0
    Hits : 5

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@advertising[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:18
    Value : Cookie:ray@advertising.com/
    Expires : 10-25-2010 5:11:14 PM
    LastSync : Hits:18
    UseCount : 0
    Hits : 18

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@live365[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:7
    Value : Cookie:ray@live365.com/
    Expires : 10-27-2010 6:07:26 PM
    LastSync : Hits:7
    UseCount : 0
    Hits : 7

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@atdmt[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:7
    Value : Cookie:ray@atdmt.com/
    Expires : 10-25-2010 1:00:00 AM
    LastSync : Hits:7
    UseCount : 0
    Hits : 7

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@as1.falkag[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:33
    Value : Cookie:ray@as1.falkag.de/
    Expires : 11-25-2005 5:09:58 PM
    LastSync : Hits:33
    UseCount : 0
    Hits : 33

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@adviva[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:11
    Value : Cookie:ray@adviva.net/
    Expires : 9-30-2010 5:10:06 PM
    LastSync : Hits:11
    UseCount : 0
    Hits : 11

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@doubleclick[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:8
    Value : Cookie:ray@doubleclick.net/
    Expires : 10-25-2008 12:02:50 AM
    LastSync : Hits:8
    UseCount : 0
    Hits : 8

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@revenue[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:ray@revenue.net/
    Expires : 6-10-2022 6:05:42 AM
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@hg1.hitbox[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:ray@hg1.hitbox.com/
    Expires : 10-24-2006 11:34:48 PM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@hitbox[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:3
    Value : Cookie:ray@hitbox.com/
    Expires : 10-24-2006 11:34:48 PM
    LastSync : Hits:3
    UseCount : 0
    Hits : 3

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@servedby.advertising[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:11
    Value : Cookie:ray@servedby.advertising.com/
    Expires : 11-25-2005 5:11:14 PM
    LastSync : Hits:11
    UseCount : 0
    Hits : 11

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@ran.popuppers[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:9
    Value : Cookie:ray@ran.popuppers.com/
    Expires : 10-27-2005 4:58:48 PM
    LastSync : Hits:9
    UseCount : 0
    Hits : 9

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@casalemedia[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:3
    Value : Cookie:ray@casalemedia.com/
    Expires : 10-15-2006 2:47:50 PM
    LastSync : Hits:3
    UseCount : 0
    Hits : 3

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@statcounter[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:ray@statcounter.com/
    Expires : 10-23-2010 9:03:24 PM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@questionmarket[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:ray@questionmarket.com/
    Expires : 12-17-2006 7:19:52 AM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : ray@bluestreak[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:ray@bluestreak.com/
    Expires : 10-24-2015 10:45:56 AM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 16
    Objects found so far: 34



    Deep scanning and examining files (C
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 34


    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 34




    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 34

    6:33:01 PM Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:13:15.163
    Objects scanned:87250
    Objects identified:18
    Objects ignored:0
    New critical objects:18g
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« Hijackthis- log | All my browsers keep shutting off whenever they want - posting Hijackthis log. Help? »