My Internet Explorer is acting funny. need help

  1. 16-01-2006  #1
    ThuG_PoeT
    ThuG_PoeT is offline Elite Member

    Unhappy My Internet Explorer is acting funny. need help

    Hi,

    When i open a couple of pages it always crashes or somethin weird happens & i can't open more pages then appears the "IE has encountered a problem...." thingy,,,,
    Plus whenever I try to go to www.msn.com or www.yahoo.com it directs me to (newshot.ru)

    Spy-bot didn't find anythin, Ad-aware didn't find anythin & also Norton Anti-virus didnt find anythin...still got da same problem.

    Also some of the other funny things that happens in my IE, whenever i restart my PC, the proxy settings become enabled, i have 2 switch it off evertime i start my PC, (PS: my net connection doesn't need proxy)... Also when i open 10+ IE windows sometimes the right-click menu doesn't appear unless i close 1 or more IE windows

    i'm gonna post the errors, the "File, Edit, View, ect" menu is not there & when you right click you don't get all off the commands (Open, Explore, ect)
    Attached Images

  3. 16-01-2006  #2
    ThuG_PoeT
    ThuG_PoeT is offline Elite Member
    Logfile of HijackThis v1.99.1
    Scan saved at 7:41:44 AM, on 06/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Warez P2P Client\warez.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\BitLord\BitLord.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Documents and Settings\User\NvTempLogger.exe
    C:\Program Files\interMute\AdSubtract\AdSub.exe
    C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mess.be/windows-live-messenger-invites.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:1081
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 213.219.251.78 google.com
    O1 - Hosts: 213.219.251.78 www.google.co.uk
    O1 - Hosts: 213.219.251.78 google.co.uk
    O1 - Hosts: 213.219.251.78 www.google.ca
    O1 - Hosts: 213.219.251.78 google.ca
    O1 - Hosts: 213.219.251.78 www.google.es
    O1 - Hosts: 213.219.251.78 google.es
    O1 - Hosts: 213.219.251.78 www.google.de
    O1 - Hosts: 213.219.251.78 google.de
    O1 - Hosts: 213.219.251.78 www.google.fr
    O1 - Hosts: 213.219.251.78 google.fr
    O1 - Hosts: 213.219.251.78 www.google.com.au
    O1 - Hosts: 213.219.251.78 google.com.au
    O1 - Hosts: 213.219.251.79 www.yahoo.com
    O1 - Hosts: 213.219.251.79 yahoo.com
    O1 - Hosts: 66.218.75.184 mail.yahoo.com
    O1 - Hosts: 213.219.251.80 www.msn.com
    O1 - Hosts: 213.219.251.80 msn.com
    O1 - Hosts: 213.219.251.80 search.msn.com
    O1 - Hosts: 213.219.251.80 www.search.msn.com
    O1 - Hosts: 213.219.251.80 go.com
    O1 - Hosts: 213.219.251.80 www.go.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
    O2 - BHO: YSIGet Browser Helper Object - {248B131E-01EA-4587-8EFE-1D915E143D5E} - C:\Program Files\YSIGet\YSIGet.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
    O2 - BHO: YSIGet Browser Helper Object - {FCF9FD72-694D-411f-A322-D002CB13735F} - C:\Program Files\YSIGet\YSIGet.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp 5 a.exe" /source=HKLM
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
    O4 - Startup: MSNP13 Downgrader.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: nvtemplogger.lnk = C:\Documents and Settings\User\NvTempLogger.exe
    O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
    O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
    O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: YSIGet it! - C:\Program Files\YSIGet\wgbho.js
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT....viewpoint.com/
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/p...s/GSManager.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://officeint.microsoft.com/offi...ntent/opuc3.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com...es/MsnPUpld.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.c...sharingctrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...b?1121540730156
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c8.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
    O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://www.advnt01.com/dialer/internazionale_ver15.CAB
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1013642.exe
    O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OC...ClientNoMFC.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com...ex/HMAtchmt.ocx
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec
    Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  4. 16-01-2006  #3
    VopThis
    VopThis is offline Senior Member (Canada)
    Get hoster here:
    http://www.funkytoad.com/download/hoster.zip

    Unzip it to a convenient place and open the program.
    Choose "Restore Original Hosts" and press "OK".
    Close the program.



    We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    [keep if you set this one up or use this link]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mess.be/windows-live-messenger-invites.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:1081
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT....viewpoint.com/
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c8.cab
    O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://www.advnt01.com/dialer/internazionale_ver15.CAB
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1013642.exe

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.



    POST A REVISED HIJACKTHIS LOG for review:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
  5. 16-01-2006  #4
    ThuG_PoeT
    ThuG_PoeT is offline Elite Member
    the proxy problem is still there...

    Logfile of HijackThis v1.99.1
    Scan saved at 6:23:48 PM, on 16/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Warez P2P Client\warez.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\BitLord\BitLord.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\interMute\AdSubtract\AdSub.exe
    C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mess.be/windows-live-messenger-invites.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:1107
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhaps ody_app*.listen.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
    O2 - BHO: YSIGet Browser Helper Object - {248B131E-01EA-4587-8EFE-1D915E143D5E} - C:\Program Files\YSIGet\YSIGet.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
    O2 - BHO: YSIGet Browser Helper Object - {FCF9FD72-694D-411f-A322-D002CB13735F} - C:\Program Files\YSIGet\YSIGet.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp 5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MSF_Monitor] RunDll32.exe C:\PROGRA~1\MySecretFolder\MSF32.dll,Start
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
    O4 - Startup: MSNP13 Downgrader.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
    O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
    O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: YSIGet it! - C:\Program Files\YSIGet\wgbho.js
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://officeint.microsoft.com/offic...tent/opuc3.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1121540730156
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCX...lientNoMFC.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/...x/HMAtchmt.ocx
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  6. 16-01-2006  #5
    VopThis
    VopThis is offline Senior Member (Canada)
    Your proxy server issue may have something to do with running P2P applications:

    warez.exe | SP2ConnPatcher.exe (warez related) | BitLord.exe


    Additionally, content acquired from such sites can potentially make you one download away from serious infections and/or mischief. I would suggest uninstalling them, for now, at least.



    Lets see what the following scans may identify:


    Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    3. From the main ewido screen, click on update in the left menu, then click the Start update button.
    4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.



    REBOOT.



    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      • Scan using the following Anti-Virus database:
        - Extended (if available otherwise Standard)
      • Scan Options:
        - Scan Archives
        - Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.



    Post a revised HJT log if you or EWIDO made and changes/fixes.
  7. 19-01-2006  #6
    ThuG_PoeT
    ThuG_PoeT is offline Elite Member
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 6:57:12 PM, 19/01/2006
    + Report-Checksum: 2CB3FA3E

    + Scan result:

    HKLM\SOFTWARE\AKSoft -> Spyware.AkSoft : Cleaned with backup
    HKLM\SOFTWARE\AKSoft\X-Tractor -> Spyware.AkSoft : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
    HKU\S-1-5-21-842925246-926492609-725345543-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-842925246-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
    HKU\S-1-5-21-842925246-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{208E7E77-507A-4649-B0C9-D39E9049C7A2} -> Spyware.Give4Free : Cleaned with backup
    HKU\S-1-5-21-842925246-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
    C:\data -> Downloader.IstBar.kc : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@ad.adocean[1].txt -> Spyware.Cookie.Adocean : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@adbrite.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@bilbo.counted[1].txt -> Spyware.Cookie.Counted : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@count.xhit[2].txt -> Spyware.Cookie.Xhit : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@cz4.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@data4.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@dbbsrv[1].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@e-2dj6wfkiclc5kkq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@e-2dj6wflialdjaho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@e-2dj6wfloqnc5cao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@e-2dj6wjlokod5ohp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@e-2dj6wjlyejcjcbo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@e-2dj6wjmiogczwdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@e-2dj6wjnyoldpmbo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@hotlog[1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@journalregistercompany. 122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@metacafe.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@msninvite.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@msnportal.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@msnservices.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@reduxads.valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@spylog[2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@stat.onestat[1].txt -> Spyware.Cookie.Onestat : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@www.adbrite[2].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\User\Cookies\user@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temp\Cookies\user@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temp\Del3BA.tmp -> Downloader.Small.asf : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temp\delwbi.tmp -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temp\res3B3.tmp -> Spyware.180Solutions : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\81QCNIZB\azesearch4[1].dll -> Spyware.AzSearch : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KL6R0XIV\get_19810_Ewido.Securit y.Suite.Plus.v3.0_crack[1].htm -> Downloader.IstBar.u : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\OHEJ4LUB\get_48892_Ewido.Securit y.Suite.3.5_crack[1].htm -> Downloader.IstBar.u : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\OHEJ4LUB\mm[1].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\YLQNC5AP\search[6].htm -> Downloader.IstBar.u : Cleaned with backup
    C:\Program Files\Canon\MP Navigator 1.1\mpn.exe -> Not-A-Virus.NetTool.Win32.CalcDNet.d : Cleaned with backup
    C:\Program Files\HijackThis\backups\backup-20060116-175945-321.dll -> Dialer.Generic : Cleaned with backup
    C:\Program Files\HijackThis\backups\backup-20060116-175945-813.dll -> Dialer.VB.j : Cleaned with backup
    C:\WINDOWS\azesearch4.dll -> Spyware.AzSearch : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\221258__.exe263 -> Trojan.Dialer.li : Cleaned with backup
    C:\WINDOWS\system32\azesearch4.ocx -> Spyware.AzSearch : Cleaned with backup
    C:\WINDOWS\ys.exe -> Downloader.IstBar.kc : Cleaned with backup
    D:\Downloads\msn\mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.104 : Cleaned with backup
    G:\Downloads\Archives\MSN Pass.zip/mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.104 : Error during cleaning


    ::Report End
  8. 19-01-2006  #7
    ThuG_PoeT
    ThuG_PoeT is offline Elite Member
    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Friday, January 20, 2006 01:57:44
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 19/01/2006
    Kaspersky Anti-Virus database records: 171921
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan Statistics:
    Total number of scanned objects: 74535
    Number of viruses found: 23
    Number of infected objects: 108
    Number of suspicious objects: 2
    Duration of the scan process: 4591 sec

    Infected Object Name - Virus Name
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTDownloader.zip/iinstall.exe Suspicious: Password-protected-EXE
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTDownloader.zip Suspicious: Password-protected-EXE
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\OHEJ4LUB\crackdb[1].htm Infected: Trojan-Downloader.JS.IstBar.u
    C:\Program Files\Canon\MP Navigator 1.1\mpn.exe Infected: not-a-virus:NetTool.Win32.Calc-DNet.d
    C:\Program Files\Norton AntiVirus\Quarantine\221127E9.htm Infected: Exploit.VBS.Phel.a
    C:\Program Files\Norton AntiVirus\Quarantine\41E5163F.htm Infected: Exploit.HTML.Mht
    C:\Program Files\Norton AntiVirus\Quarantine\41F5682D.htm Infected: Exploit.VBS.Phel.a
    C:\Program Files\Norton AntiVirus\Quarantine\426151B6.htm Infected: Exploit.HTML.Mht
    C:\Program Files\Norton AntiVirus\Quarantine\42647BB3.anr Infected: Trojan-Downloader.Win32.Ani.c
    C:\Program Files\Norton AntiVirus\Quarantine\426B4FAC.anr Infected: Trojan-Downloader.Win32.Ani.c
    C:\Program Files\Norton AntiVirus\Quarantine\426B4FAC.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
    C:\Program Files\Norton AntiVirus\Quarantine\426B4FAC.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
    C:\Program Files\Norton AntiVirus\Quarantine\426B4FAC.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
    C:\Program Files\Norton AntiVirus\Quarantine\426B4FAC.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
    C:\Program Files\Norton AntiVirus\Quarantine\439079CE.anr Infected: Trojan-Downloader.Win32.Ani.c
    C:\Program Files\PC Acme\view.exe Infected: not-a-virus:Monitor.Win32.PCAcme.64
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014885.exe Infected: Trojan-PSW.Win32.Misos
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014907.exe Infected: Trojan-PSW.Win32.Misos
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014915.exe/view.exe Infected: not-a-virus:Monitor.Win32.PCAcme.64
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014915.exe/file2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.63
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014915.exe/file.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014915.exe/key.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014915.exe/key2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014915.exe/keynt.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014915.exe/reg.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014915.exe/reg2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014915.exe/reg.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014915.exe/hook.dll Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014915.exe Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014916.exe/view.exe Infected: not-a-virus:Monitor.Win32.PCAcme.64
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014916.exe/file2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.63
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014916.exe/file.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014916.exe/key.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014916.exe/key2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014916.exe/keynt.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014916.exe/reg.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014916.exe/reg2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014916.exe/reg.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014916.exe/hook.dll Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP47\A0014916.exe Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP54\A0019102.exe Infected: not-a-virus:Monitor.Win32.PCAcme.64
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP55\A0019222.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.kc
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP55\A0019222.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP55\A0019222.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.kc
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP55\A0019222.exe Infected: Trojan-Downloader.Win32.IstBar.kc
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP61\A0022534.exe Infected: not-a-virus:PSWTool.Win32.Messen.104
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023532.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023533.sys Infected: not-a-virus:Monitor.Win32.PCAcme.63
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023534.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023582.dll Infected: not-a-virus:Monitor.Win32.PCAcme.61
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023597.exe Infected: not-a-virus:NetTool.Win32.Calc-DNet.d
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023598.dll Infected: not-a-virus:Porn-Dialer.Win32.Creazione.v
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023599.dll Infected: not-a-virus:Porn-Dialer.Win32.VB.j
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023600.dll Infected: not-a-virus:AdWare.Win32.AzSearch.c
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023601.ocx Infected: not-a-virus:AdWare.Win32.AzSearch.b
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023602.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.kc
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023602.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023602.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.kc
    C:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023602.exe Infected: Trojan-Downloader.Win32.IstBar.kc
    D:\System Volume Information\_restore{1AB36CFD-7409-41AB-929A-294209DDB91E}\RP62\A0023603.exe Infected: not-a-virus:PSWTool.Win32.Messen.104
    G:\Downloads\Archives\MSN Pass.zip/mspass.exe Infected: not-a-virus:PSWTool.Win32.Messen.104
    G:\Downloads\Archives\MSN Pass.zip Infected: not-a-virus:PSWTool.Win32.Messen.104
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/control.exe Infected: not-a-virus:Monitor.Win32.PCAcme.64
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/view.exe Infected: not-a-virus:Monitor.Win32.PCAcme.64
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/mapper.exe Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/file2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.63
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/file.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/key.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/key2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/keynt.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/reg.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/reg2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/reg.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe/hook.dll Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Acme Net v6.4.zip/pcacme.exe Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Acme Net v6.4.zip Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip/pcacme.exe/view.exe Infected: not-a-virus:Monitor.Win32.PCAcme.64
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip/pcacme.exe/file2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.63
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip/pcacme.exe/file.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip/pcacme.exe/key.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip/pcacme.exe/key2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip/pcacme.exe/keynt.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip/pcacme.exe/reg.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip/pcacme.exe/reg2k.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip/pcacme.exe/reg.vxd Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip/pcacme.exe/hook.dll Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip/pcacme.exe Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Archives\PC Activity Monitor v6.4.zip Infected: not-a-virus:Monitor.Win32.PCAcme.61
    G:\Downloads\Programs\CE-DP Stealer v4.0.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewDotNet
    G:\Downloads\Programs\CE-DP Stealer v4.0.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.180Solutions
    G:\Downloads\Programs\CE-DP Stealer v4.0.exe/stream/data0006/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351
    G:\Downloads\Programs\CE-DP Stealer v4.0.exe/stream/data0006/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CE-DP Stealer v4.0.exe/stream/data0006/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CE-DP Stealer v4.0.exe/stream/data0006/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CE-DP Stealer v4.0.exe/stream/data0006/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CE-DP Stealer v4.0.exe/stream/data0006/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CE-DP Stealer v4.0.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CE-DP Stealer v4.0.exe/stream Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CE-DP Stealer v4.0.exe Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CEDP-Stealer-Setup.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewDotNet
    G:\Downloads\Programs\CEDP-Stealer-Setup.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.180Solutions
    G:\Downloads\Programs\CEDP-Stealer-Setup.exe/stream/data0006/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351
    G:\Downloads\Programs\CEDP-Stealer-Setup.exe/stream/data0006/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CEDP-Stealer-Setup.exe/stream/data0006/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CEDP-Stealer-Setup.exe/stream/data0006/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CEDP-Stealer-Setup.exe/stream/data0006/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CEDP-Stealer-Setup.exe/stream/data0006/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CEDP-Stealer-Setup.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CEDP-Stealer-Setup.exe/stream Infected: not-a-virus:AdWare.Win32.WebHancer
    G:\Downloads\Programs\CEDP-Stealer-Setup.exe Infected: not-a-virus:AdWare.Win32.WebHancer

    Scan process completed.
  9. 19-01-2006  #8
    ThuG_PoeT
    ThuG_PoeT is offline Elite Member
    Logfile of HijackThis v1.99.1
    Scan saved at 2:02:47 AM, on 20/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Warez P2P Client\warez.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\BitLord\BitLord.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\interMute\AdSubtract\AdSub.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\EvilLyrics\EvilLyrics.exe
    C:\Program Files\FlashGet\flashget.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mess.be/windows-live-messenger-invites.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:1100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhaps ody_app*.listen.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
    O2 - BHO: YSIGet Browser Helper Object - {248B131E-01EA-4587-8EFE-1D915E143D5E} - C:\Program Files\YSIGet\YSIGet.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
    O2 - BHO: YSIGet Browser Helper Object - {FCF9FD72-694D-411f-A322-D002CB13735F} - C:\Program Files\YSIGet\YSIGet.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp 5a.exe" /source=HKLM
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MSF_Monitor] RunDll32.exe C:\PROGRA~1\MySecretFolder\MSF32.dll,Start
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
    O4 - Startup: MSNP13 Downgrader.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
    O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
    O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: YSIGet it! - C:\Program Files\YSIGet\wgbho.js
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://officeint.microsoft.com/offic...tent/opuc3.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1121540730156
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCX...lientNoMFC.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/...x/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F7006435-6D08-48BF-A8B3-9E14E662340C}: NameServer = 202.188.0.133,202.188.1.5
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  10. 19-01-2006  #9
    VopThis
    VopThis is offline Senior Member (Canada)
    Download and run the freeware system optimization and privacy tool:
    CCleaner (Crap Cleaner)
    http://www.ccleaner.com/ccdownload.asp

    It removes unnecessary junk from your computer allowing it to run more efficiently and securely.

    You may get more optimal cleaning if you run it in SAFEMODE – while rebooting and at the beep keep tapping the F8 key.


    Once installed, you will notice an Online Help link at the bottom left. An Updates checking link is provided at the bottom right. When first run in its DEFAULT opening setup – Cleaner Settings (Windows TAB is selected) :
    • Uncheck ‘Cookies’ option (advisable)
    • Click the ‘Analyse’ button.
    • Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.








    Boot onto SAFE MODE (tapping F8 key when you hear the beep)


    Cleanup the quarantine areas for SpyBot and Norton AV - recommended.


    DELETE FILES:
    C:\Program Files\Canon\MP Navigator 1.1\mpn.exe


    DELETE FOLDERS:
    C:\Program Files\PC Acme

    G:\Downloads\Archives\MSN Pass.zip

    G:\Downloads\Archives\PC Acme Net v6.4.zip

    G:\Downloads\Archives\PC Activity Monitor v6.4.zip

    G:\Downloads\Programs\CE-DP Stealer v4.0.exe

    G:\Downloads\Programs\CEDP-Stealer-Setup.exe



    POST A REVISED HIJACKTHIS LOG for review:
    Re-run Kaspersky and post the current log.

    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
  11. 21-01-2006  #10
    ThuG_PoeT
    ThuG_PoeT is offline Elite Member
    Save 20% on AVG Internet Security 2012 Suite!
    thanx 4 da help first but well after i restarted my PC i got a new problem, this appears when da pc switches on:

    "Pri Master Hard Disk: S.M.A.R.T. Status BAD, Backup & Replace"
    Press "F4" to resume

    Then after sometime the mouse disappears, i dont know if its related, but i cant post the log since i cant see my mouse....any help?? is it serious?
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« please help me clean up my computer(RESOLVED) | Dl.exe Hijack This File »