View Full Version : fakemsn8beta?
Hi, I’ve used spybot with my computer in safemode to clear a persistent object fakemsn8beta. I’ve also used adaware and AVG to clean some malware, Trojans and viruses.
Here’s a list of what was cleaned.
Spybot -
Fakemsn8beta
AVG -
Trojan horse:
Generic.UVC
BackDoor. Small. 19.AV
DownLoader.Zlob.AOJ
Virus:
Worm/VB.CC – winupdates.exe
Spybot took care of fakemsn8beta , AVG took care of everything but Generic.UVC. The real problem now is when I try running regedit a dos box pops up and the computer beeps three times. Registry Mechanic doesn’t show any problems spybot shows no problems and AVG only shows GenericUVC.
Hijack log
Logfile of HijackThis v1.99.1
Scan saved at 2:18:13 PM, on 6/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\wuauclt.exe
G:\PortableFirefox\App\firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.thedaily.com/bikini.html"); (C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1.1\save.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.1\save.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
cont...
Panda scan seems to have turned up more, but mostly tracking cookies...
Panda scan
Incident Status Location
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\Cache\C3273FB5d01[install.exe]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.adtech.de/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.burstnet.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.revenue.net/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.spylog.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt[ad.yieldmanager.com/]
cont...
cont...
Spyware:Cookie/2o7 Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.2o7.net/]
Spyware:Cookie/QuestionMarket Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Adserver Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/FastClick Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.advertising.com/]
Spyware:Cookie/Hitbox Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/BurstNet Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tribalfusion Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstNet Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.targetnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Falkag Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/WebtrendsLive Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected
last...
G:\PortableFirefox\Data\profile\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Xmts Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.xmts.net/]
Spyware:Cookie/Go Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.realmedia.com/]
Spyware:Cookie/QkSrv Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.apmebf.com/]
Spyware:Cookie/Zedo Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.zedo.com/]
Spyware:Cookie/Bluestreak Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Statcounter Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.statcounter.com/]
Spyware:Cookie/Yadro Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.yadro.ru/]
Spyware:Cookie/Clickbank Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.clickbank.net/]
Spyware:Cookie/Overture Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.overture.com/]
Spyware:Cookie/Valueclick Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.valueclick.com/]
Spyware:Cookie/NewMedia Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Ccbill Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.ccbill.com/]
Spyware:Cookie/bravenetA Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.bravenet.com/]
Spyware:Cookie/Belnk Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.belnk.com/]
Spyware:Cookie/Com.com Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.com.com/]
Spyware:Cookie/Adrevolver Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tradedoubler Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Xiti Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/RealMedia Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Hitslink Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Maxserving Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.maxserving.com/]
Spyware:Cookie/WUpd Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.revenue.net/]
Spyware:Cookie/HotLog Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.spylog.com/]
Spyware:Cookie/PayCounter Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.paycounter.com/]
Spyware:Cookie/Enhance Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[c.enhance.com/]
Spyware:Cookie/Overture Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Adtech Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.adtech.de/]
Spyware:Cookie/Searchportal Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Entrepreneur Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/Coremetrics Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Bfast Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[.bfast.com/]
Spyware:Cookie/Clicktracks Not disinfected G:\PortableFirefox\Data\profile\cookies.txt[stats1.clicktracks.com/]
LonnyRJones
2006-06-12, 17:26
Set windows to show hiddenfiles/folders and extensions
for XP systems Open any folder, Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Apply to confirm. Click OK.
1. Please download Ewido Anti-Malware (http://www.ewido.net/en/download/)
Install ewido anti-malware
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Exit Ewido, do not run the scan yet!If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates (http://download.ewido.net/ewido-signatures-full-current.exe)
2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As")
save as text Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
If it was saved as alcanshorty.bfu.txt, rename to alcanshorty.bfu
Do not do anything with these yet!
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
4. Once in Safe Mode, Open Ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.Close ewido anti-malware.
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:42:48 PM, 6/12/2006
+ Report-Checksum: C807E6F1
+ Scan result:
C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\Cache\C3273FB5d01/install.exe -> Hijacker.Small : Cleaned with backup
C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\Cache\C3273FB5d01/crack.exe -> Downloader.Adload.bo : Cleaned with backup
:mozilla.10:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.20:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.31:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.32:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.88:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.97:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.100:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.101:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.102:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.105:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.109:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.114:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.115:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.116:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.117:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.119:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.120:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.121:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.122:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.124:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.129:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.130:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.131:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.132:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.133:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.135:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.136:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.78:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookiesnew.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookiesnew.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.107:C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\cookiesnew.txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\s\Cookies\s@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Downloads\Bagatrix.net.zip/Basic Math Solved!2003/ -> Heuristic.Suspicious-Zip : Cleaned with backup
C:\Downloads\Bagatrix.net.zip/Pre-Algebra Solved!2003/ -> Heuristic.Suspicious-Zip : Cleaned with backup
C:\Downloads\SteganosIA.Pro.Patch.rar/Steganos-patch.exe -> Trojan.Agent.jh : Cleaned with backup
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 5:54:01 PM, on 6/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s
C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://www.thedaily.com/bikini.html"); (C:\Documents and
Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWe
b_01.src"); (C:\Documents and Settings\s\Application
Data\Mozilla\Profiles\default\nt4tto31.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common
Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver -
C:\PROGRA~1\FLASHS~1.1\save.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program
Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} -
C:\PROGRA~1\FLASHS~1.1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver -
{09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.1\save.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program
Files\ewido anti-malware\ewidoguard.exe
LonnyRJones
2006-06-13, 00:23
Thanks
Please post an entire Hijackthis log without its formating being broken up.
Also use the pc for half a day or so and let us know of any problems.
Logfile of HijackThis v1.99.1
Scan saved at 10:13:28 PM, on 6/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.thedaily.com/bikini.html"); (C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1.1\save.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.1\save.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
This is the full log.
By the way regedit works again. :)
Thanks for the speedy help and replies, I'll work the pc as you directed and let you know. :bigthumb:
LonnyRJones
2006-06-13, 04:42
Did you have panda installed at any time ?
Yes I did, trial.
Things seem to be working ok, just one thing that's popped up for a couple months that I don't know what it is. On shutdown a pop-up window titled shellhiddenIcon holds things till it shuts down, or I end it. Something to do with musicmatch?
LonnyRJones
2006-06-14, 03:59
A trial ? is it uninstalled ?
Have hijackthis fix this item
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
=============
Restart your PC and let me know if you see that "pop-up window titled shellhiddenIcon" again ?
Ok I see, I had a Panda antivirus software trial, that's uninstalled. Then I used the Panda scan and that's shows it's installed. I thought the Pandascan was an online temp thing.
Pop-up window is still there, sorry I got the title wrong, it's shelliconhiddenwindow.
Logfile of HijackThis v1.99.1
Scan saved at 1:28:06 PM, on 6/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.thedaily.com/bikini.html"); (C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1.1\save.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
Logfile of HijackThis v1.99.1
Scan saved at 1:42:23 PM, on 6/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\wuauclt.exe
G:\PortableFirefox\App\firefox\firefox.exe
C:\hijackthis\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.thedaily.com/bikini.html"); (C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\s\Application Data\Mozilla\Profiles\default\nt4tto31.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1.1\save.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
LonnyRJones
2006-06-15, 02:51
On shutdown a pop-up window titled shellhiddenIcon holds things till it shuts down, or I end it. Something to do with musicmatch?
Apperently so, if you dont use it uninstall it, quicktime and realplayer to as far at that goes.
Why havent you updated windows ?
Your Sun java is quite old to
I'd updated with sp2 once and the computer ran slower. If I remember it also came with something from mcafee and it conflicted with an anti-virus software I already had. I hadn't thought of it since but I'll try it again.
Removing musicmatch settled the pop-up at shutdown and I installed al the security updates. Thanks for the help everything seems to work now. :)
LonnyRJones
2006-06-17, 02:23
Id love to see a log after you get all those updates :)
As the problem appears to be resolved this topic will be archived.
If you need it re-opened please send me a pm and provide a link to the thread.