View Full Version : unwanted desktop items and nonesense homepage address change
hubavaiK
2006-02-15, 22:50
Hello,
Please read my original post here (http://forums.spybot.info/showthread.php?t=2450)
I've followed the instructions of Tashi and so here I am with my HJT log.
Thanks very much for your help in advance!
Hubavai
____________________________________
Logfile of HijackThis v1.99.1
Scan saved at 1:42:28 PM, on 2/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\msvcmm32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
E:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Windows Defender\MSASCui.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\hubavai\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ljotzyvsesutzdzveov.net/ytd80z2v8h4cPEcmVrfuW1mnhDbadeMBk1EB_bZ_VK3FKlxlL1P8SLIga0uRrFKm.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xjiziuhkjayhwprmtudxkbvb.com/ytd80z2v8h7oYPex/KynrOkQOmb83dqU94eIWI3ouWc.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE6A10DC-E9B0-F3AD-B6BE-4F650CBE768D} - C:\DOCUME~1\hubavai\APPLIC~1\AUDIOT~1\ooze htm.exe
O2 - BHO: (no name) - {F5A9E57A-746E-F7F5-E087-5483C86BEE41} - C:\DOCUME~1\hubavai\APPLIC~1\AUDIOT~1\ooze htm.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Body File Warn Meta] C:\Documents and Settings\All Users\Application Data\BIKE PILE BODY FILE\Helpgram.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\System32\msvcmm32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [loglinkblehcopy] C:\Documents and Settings\All Users\Application Data\BITSDENTLOGLINK\audio remote.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [locks ref] C:\DOCUME~1\hubavai\APPLIC~1\CDROML~1\Dupe Remote Download.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
steamwiz
2006-02-16, 00:12
Hi
First put hijackthis into a permanent folder... here's how :-
PLease do this first - go to C: and create a new permanent folder (call it hijackthis) ...Then put (or download - choose "save" not "run") the hijackthis.exe file in it (You must unzip it if it's zipped)...... so you have C:\hijackthis\hijackthis.exe.....then run hijackthis by clicking this .exe file -that way you will have backups if you accidentally remove the wrong item ( running from a temporary folder it will not be able to create backups ) click Do a system scan and save a logfile
Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ljotzyvsesutzdzveov.net/y...Iga0uRrFKm.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xjiziuhkjayhwprmtudxkbvb....4eIWI3ouWc.htm
O2 - BHO: (no name) - {AE6A10DC-E9B0-F3AD-B6BE-4F650CBE768D} - C:\DOCUME~1\hubavai\APPLIC~1\AUDIOT~1\ooze htm.exe
O2 - BHO: (no name) - {F5A9E57A-746E-F7F5-E087-5483C86BEE41} - C:\DOCUME~1\hubavai\APPLIC~1\AUDIOT~1\ooze htm.exe
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\BIKE PILE BODY FILE\Helpgram.exe
O4 - HKLM\..\Run: [loglinkblehcopy] C:\Documents and Settings\All Users\Application Data\BITSDENTLOGLINK\audio remote.exe
O4 - HKCU\..\Run: [locks ref] C:\DOCUME~1\hubavai\APPLIC~1\CDROML~1\Dupe Remote Download.exe
[b]Reboot then delete the following folders (if found) :-
C:\Documents and Settings\hubavai\Application Data\AUDIOT~1 ... folder (These are just the first 6 letters of this folder - I have no way of knowing it's full name )
C:\Documents and Settings\All Users\Application Data\BIKE PILE BODY FILE ... folder
C:\Documents and Settings\All Users\Application Data\BITSDENTLOGLINK ... folder
C:\Documents and Settings\hubavai\Application Data\CDROML~1 ... folder (These are just the first 6 letters of this folder - I have no way of knowing it's full name )
THEN...
HI
Please download and run these :-
Download CCleaner from :-
http://www.filehippo.com/download_ccleaner/ (click the download tab)
doubleclick the ccsetup.exe file and install the program...
After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Make sure the "windows" tab is selected
Under "internet explorer" tick...
Temporary internet files
Cookies* > see Note below
History
Recently typed URL's (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history
under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"
Other explorer MRU's (leave this unticked if you DON'T want to clear lists such as the start\run list)
under "System"
Tick ALL these ...
under "Advanced"
no need to tick any of these (but you can if you want, and realise what they do)
Applications tab...
These will mostly clean out old log files for these applications...
Clean:- (if you use them)
Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm
...
Personally I clean everything in the applications tab... but you tick what you want...
Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your passward when you next visit that site) ... click options > cookies > then keep the cookies you want.
click "analyse" if you want to see a list of what is going to be removed, before it is removed.
Or
click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up
"This process will permanently delete files from your system. Are you sure you wish to proceed?"
click OK.
THEN........
Download ewido security suite (http://www.ewido.net/en/download/)install, update and run it.
Please set up as :-
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. Run Ewido --- When you run it for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful")
5. You may need to manually update the definitions which you can get HERE (http://www.ewido.net/en/download/updates/)
6. Exit Ewido. DO NOT scan yet.
Boot into safemode...and scan with Ewido
7. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
8. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
9. Once the ewido scan has completed, there will be a button located on the bottom of the screen called Save report.
Important - You need to click "Save report" and Save it to your desktop, or you wont have a log
reboot
post a new hijackthis log + the ewido log
cheers
steam
hubavaiK
2006-02-16, 03:33
Thanks Steam,
Besides step 2, I did everything. (delete folders if found) --I didnt find any folders at these locations.
Here is my reprt for evido:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 6:09:04 PM, 2/15/2006
+ Report-Checksum: F9074A9A
+ Scan result:
:mozilla.14:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.15:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.16:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.17:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.18:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.19:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.20:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.21:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.22:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.23:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.24:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.25:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.26:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.27:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.29:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned without backup
:mozilla.50:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.51:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.52:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.53:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.54:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.55:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.56:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.58:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.59:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.60:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.61:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
:mozilla.93:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned without backup
:mozilla.113:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned without backup
:mozilla.119:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned without backup
:mozilla.126:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Addynamix : Cleaned without backup
:mozilla.127:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Addynamix : Cleaned without backup
:mozilla.132:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.133:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.134:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.135:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.136:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.137:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.138:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.139:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.142:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned without backup
:mozilla.143:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned without backup
:mozilla.144:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned without backup
:mozilla.145:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned without backup
:mozilla.147:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned without backup
:mozilla.155:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.156:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.157:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.158:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.191:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned without backup
:mozilla.192:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned without backup
:mozilla.193:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned without backup
:mozilla.194:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned without backup
:mozilla.196:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.197:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.198:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.199:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.200:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.201:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.202:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.203:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.204:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.205:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
:mozilla.212:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned without backup
:mozilla.213:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned without backup
:mozilla.214:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned without backup
:mozilla.216:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned without backup
:mozilla.220:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.221:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.222:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.223:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.224:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.225:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.226:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.228:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.230:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
:mozilla.240:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned without backup
:mozilla.241:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned without backup
:mozilla.242:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned without backup
:mozilla.243:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned without backup
:mozilla.244:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned without backup
:mozilla.245:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.246:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.247:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.248:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.249:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.250:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.257:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.258:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.259:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.274:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
:mozilla.275:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.276:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.277:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.278:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.279:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.280:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
:mozilla.281:C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned without backup
::Report End
hubavaiK
2006-02-16, 03:34
here is my reprt from Hjck:
Logfile of HijackThis v1.99.1
Scan saved at 6:23:41 PM, on 2/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\msvcmm32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
E:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\hubavai\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hyjaisubmseeuvetnspdx.uk/ytd80z2v8h4cPEcmVrfuW1mnhDbadeMBk1EB_bZ_VK2DwW0LjngBWLIga0uRrFKm.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\hubavai\Application Data\Mozilla\Profiles\default\xl8g5sbd.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\System32\msvcmm32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
hubavaiK
2006-02-16, 03:36
I am afraid that I didn't do something right because the main Spybot page where I choose the language looks all weird, charachters are all over the place...also my browser screen started jumping and shaking weirdly...oh, Gosh...hope I didn't screw up too bad.
hubavaiK
2006-02-16, 03:41
yep, when I scroll at both places in my email application and here in the browser is acting weird...like an auto scroll is happening....
hubavaiK
2006-02-16, 22:50
Please help, asap! Anyone.
Some of my apps are not functioning normally!
steamwiz
2006-02-16, 23:53
Hi
Sorry to hear about your problems....
I've just checked back over the posts in this thread, and I don't see anything you did which could cause this...
You didn't put hijackthis into a permanent folder, so you wont have any backups of what you removed, however you don't appear to have removed anything wrongly...
ewido only deleted cookies ... that couldn't cause a problem
Which leaves Ccleaner, and if you only checked what I told you to, that shouldn't cause a problem either...
I think the best thing you could try is to use system restore to restore your computer to a point just before you started the cleanup.
Hello, this topic will now be archived.
If you need the topic re-opened please send me a pm and provide a link to the topic. Thanks.