Popup Help! (with hjt log)

  1. 08-01-2007  #1
    J-T
    J-T is offline Newbie

    Popup Help! (with hjt log)

    Hi

    I've tried to search the entries on my log myself, but they seem to be coming up ok, but i still get popups every 2 minutes. I have spybot and ntl antivirus installed, which i keep updated, but it got round them! here is my log, any help is much appreciated

    Logfile of HijackThis v1.99.1
    Scan saved at 14:12:42, on 08/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ntl\ntl Netguard\fws.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\S3tray2.exe
    C:\Program Files\ntl\ntl Netguard\RPS.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\hijackthis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1127497943045
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1127497371343
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bal...webinstall.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/c...jolauncher.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/gho...sis/axhost.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.bigfishgames.com/online/f...utLauncher.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Network Client (nwclntd) - Unknown owner - C:\WINDOWS\system32\netclnd.exe (file missing)
  2. 09-01-2007  #2
    J-T
    J-T is offline Newbie
    anyone?
  3. 10-01-2007  #3
    VopThis
    VopThis is offline Senior Member (Canada)
    You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and/or potential lost backup issues.

    It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.
    • Create a new folder in your C: Drive.
    • Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and move the HijackThis.exe file into it.
    • Run HJT from there (and revise your shortcut accordingly).




    Additionally, please rename 'HijackThis.exe' to 'foolyou.exe' because some infections may hide themselves in the first instance.


    We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.




    Download and install AVG Anti-Spyware 7.5 (AVG AS - formally known as Ewido anti-spyware 4.0 - uninstall any previous version first).
    • Click the Download BUTTON. On the next page click the Download now BUTTON.
    • Save and then install (Run) from the save location.
    • Open/Run AVG Anti-Spyware
    • Wait a few moments and AVG Anti-Spyware should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:

    • Click on the Update now LINK at the top of the window
      • Click on the Start update button
      • Wait for the update to download and install
  4. This is very important to get the LATEST updates.
  5. Click on the Status ICON
    • Under "Your computers Security"
      Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
  6. Click on the Scanner ICON at the top of the window
  7. Click on the Settings tab then select Recommended Actions and choose Quarantine
  8. When updating has finished. Close AVG Anti-Spyware.



    9. We will be using this tool in a later step.




    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    ______________________________


    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware , and run a full scan:
    • Click on the default Status ICON and select the Scan now LINK.

      OR

    • Click on the Scanner ICON . Select the Scan TAB.

      • Select Complete System Scan. AVG Anti-Spyware will now begin to scan your system.

    • If AVG Anti-Spyware finds anything it will list them in the Preview WINDOW:
      • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
      • Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).

    • When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
    • Copy and paste the AVG Anti-Spyware scan results into your next post.
    • Close AVG Anti-Spyware.


    REBOOT and Post your latest HijackThis log (using foolyou.exe). And, let us know how your PC is now behaving – any changes in behavior.
  • 12-01-2007  #4
    J-T
    J-T is offline Newbie
    Hi

    Thanks for taking the time to do that!!
    Ok, followed the instructions. No real change in my PC's behaviour (other than taking a bit longer to startup). The popups are still there (don't know if they're meant to be or not ). Here is the what the AVG scan found:



    Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 16:40:37 12/01/2007

    + Scan result:



    HKLM\SOFTWARE\backup\EliteSideBar -> Adware.EliteBar : Cleaned with backup (quarantined).
    C:\Downloads\PSamNoNeed-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22} -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422} -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422} -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier.1 -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier.1\CL SID -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier\CLSI D -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier\CurV er -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\wasfsd -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\wasfsd\Enum -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\wasfsd\Secu rity -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
    C:\eied_s7.cab/eied_s7_c_200.exe -> Downloader.Mediket.bc : Cleaned with backup (quarantined).
    :mozilla.38:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.39:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.100:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.101:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.102:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.103:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.104:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.105:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.98:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.99:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.68:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.69:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.35:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.36:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.37:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.156:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned.
    :mozilla.158:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned.
    :mozilla.159:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned.
    :mozilla.54:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.70:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.257:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@ads.guardian.co[2].txt -> TrackingCookie.Co : Cleaned.
    :mozilla.34:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
    :mozilla.109:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.129:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.139:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.140:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.141:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.146:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.168:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.176:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.186:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.203:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.218:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.241:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.272:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.273:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.277:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.96:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@e-2dj6wfk4wnajcgq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@e-2dj6wfkiupdzkgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@www.etracker[1].txt -> TrackingCookie.Etracker : Cleaned.
    :mozilla.74:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.56:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.47:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2B.tmp -> TrackingCookie.Goclick : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ38.tmp -> TrackingCookie.Goclick : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@server.iad.livepers on[2].txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.55:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.57:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.162:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.163:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.143:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.144:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@stats1.reliablestat s[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.270:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.213:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.197:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.198:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.199:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.200:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.269:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.164:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.237:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.263:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
    :mozilla.193:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.194:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.195:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.196:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ12.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1B.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ23.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ25.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2E.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3A.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3B.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ3D.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ40.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ44.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ45.tmp -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.134:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.122:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.138:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.219:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ43.tmp -> TrackingCookie.Weborama : Cleaned.
    :mozilla.148:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.149:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.150:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.151:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.152:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.153:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.154:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.155:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.166:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.167:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.173:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.174:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.175:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.240:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.67:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.73:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\duncan\Cookies\duncan@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ11.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ17.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1A.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ1E.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ26.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ28.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2C.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ2F.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ31.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ33.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ34.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ35.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ36.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ41.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ46.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ47.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ49.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4C.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4D.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ4F.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ51.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ55.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ57.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ58.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ5B.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ5D.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ5E.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ62.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ63.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.210:C:\Documents and Settings\duncan\Application Data\Mozilla\Firefox\Profiles\tccs8sm5.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
    C:\WINDOWS\ncat902.exe -> Trojan.Agent.fk : Cleaned with backup (quarantined).


    ::Report end



    Here is the lastes HJT log:

    Logfile of HijackThis v1.98.0
    Scan saved at 16:51:48, on 12/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ntl\ntl Netguard\fws.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\S3tray2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\HijackThis\foolyou.exe.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1127497943045
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1127497371343
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bal...webinstall.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/c...jolauncher.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/gho...sis/axhost.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.bigfishgames.com/online/f...utLauncher.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"



    and thanks again for your help!!
  • 13-01-2007  #5
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    See if the following helps control your popups:

    A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
    • Run the HiJackThis tool and select ‘Open the Misc Tools section’.
    • Next select ‘Open host file manager’ button.
    • Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
    • Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.

      EXCERPT:
      #start of lines added by WinHelp2002
      # [Misc A - Z]
      127.0.0.1 phpadsnew.abac.com
      127.0.0.1 a.abnad.net
      127.0.0.1 e.abnad.net
      127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
      .
      .
      .
      #end of lines added by WinHelp2002



    Let us see what is loaded on your PC:
    • Run HijackThis and Click ‘Open the Misc Tools section’ button.
    • Then click the ‘Open Uninstall Manager…’ button.
    • Click the ‘Save list…’ button. Save uninstall_list to your desktop.

    • Open the Uninstall list file and post in your next reply please.


    Logfile of HijackThis v1.98.0
    Your latest HijackThis LOG was run under an older version. Please re-run under v1.99.1.
    • + Reply to Thread
    « Spyware | Attacked by trojan!! Help!! »

    Similar Threads