View Full Version : online and hjt log/report
Donnie_DarkO
2006-11-28, 19:26
Incident Status Location
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.xiti.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.webpower.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.888.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dell\Cookies\dell@2o7[2].txt
Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\Dell\Cookies\dell@66.246.209[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Dell\Cookies\dell@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Dell\Cookies\dell@888[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dell\Cookies\dell@ad.yieldmanager[1].txt
Spyware:Cookie/BannerBank Not disinfected C:\Documents and Settings\Dell\Cookies\dell@ad10.bannerbank[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dell\Cookies\dell@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dell\Cookies\dell@adrevolver[4].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Dell\Cookies\dell@ads.addynamix[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Dell\Cookies\dell@adserver.filefront[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Dell\Cookies\dell@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dell\Cookies\dell@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dell\Cookies\dell@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dell\Cookies\dell@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dell\Cookies\dell@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Dell\Cookies\dell@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Dell\Cookies\dell@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dell\Cookies\dell@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Dell\Cookies\dell@bluestreak[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Dell\Cookies\dell@bravenet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dell\Cookies\dell@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Dell\Cookies\dell@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Dell\Cookies\dell@ccbill[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dell\Cookies\dell@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dell\Cookies\dell@cgi-bin[5].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dell\Cookies\dell@cgi-bin[7].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dell\Cookies\dell@cgi-bin[9].txt
Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\Dell\Cookies\dell@counter.sexsuche[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Dell\Cookies\dell@ct.360i[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Dell\Cookies\dell@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dell\Cookies\dell@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dell\Cookies\dell@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dell\Cookies\dell@drivecleaner[2].txt
Donnie_DarkO
2006-11-28, 19:28
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Dell\Cookies\dell@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Dell\Cookies\dell@errorsafe[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dell\Cookies\dell@fastclick[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Dell\Cookies\dell@fortunecity[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dell\Cookies\dell@hc2.humanclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dell\Cookies\dell@hitbox[1].txt
Spyware:Cookie/Inet-Traffic Not disinfected C:\Documents and Settings\Dell\Cookies\dell@inet-traffic[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Dell\Cookies\dell@landing.domainsponsor[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Dell\Cookies\dell@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dell\Cookies\dell@mediaplex[1].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Dell\Cookies\dell@metriweb[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dell\Cookies\dell@overture[1].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Dell\Cookies\dell@pacificpoker[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dell\Cookies\dell@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dell\Cookies\dell@realmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Dell\Cookies\dell@searchportal.information[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dell\Cookies\dell@statcounter[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dell\Cookies\dell@stats.drivecleaner[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Dell\Cookies\dell@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dell\Cookies\dell@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dell\Cookies\dell@tribalfusion[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Dell\Cookies\dell@webpower[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Dell\Cookies\dell@winantivirus[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dell\Cookies\dell@www.drivecleaner[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Dell\Cookies\dell@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dell\Cookies\dell@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dell\Cookies\dell@zedo[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Cookies\dell@atwola[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Cookies\dell@realmedia[1].txt
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BF3A411\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BF3A411\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\3CNXAATW\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\3CNXAATW\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\6LUW8ORG\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\6LUW8ORG\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\AHT1AEVF\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXCTIN0T\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\VF9RF10W\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\WZ2NATID\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\YF4HCL23\popup[3].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\YF4HCL23\popup[4].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\YF4HCL23\popup[5].htm
Donnie_DarkO
2006-11-28, 19:29
Logfile of HijackThis v1.99.1
Scan saved at 1:20:38 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1136914198\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1136914198\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\1136914198\ee\SSCEvtHdlr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1136914198\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\1136914198\ee\aolsoftware.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0a\shellmon.exe
c:\program files\common files\aol\1136914198\ee\anotify.exe
C:\AntiSpyWare\HijackThis.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Donnie_DarkO
2006-11-28, 19:30
Logfile of HijackThis v1.99.1
Scan saved at 1:20:38 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1136914198\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1136914198\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\waol.exe
Donnie_DarkO
2006-11-28, 19:31
C:\Program Files\Common Files\AOL\1136914198\ee\SSCEvtHdlr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1136914198\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\1136914198\ee\aolsoftware.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0a\shellmon.exe
c:\program files\common files\aol\1136914198\ee\anotify.exe
C:\AntiSpyWare\HijackThis.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
Donnie_DarkO
2006-11-28, 19:31
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFEXE] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136914198\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1136914198\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1136914198\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
Donnie_DarkO
2006-11-28, 19:32
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131909619918
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1136914198\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Donnie_DarkO
2006-11-28, 19:46
sorry about the ways its posted if you guys need me to ill try to put it all in one post sorry the post reply buttoon wasnt working for me before:oops:
Donnie_DarkO
2006-11-28, 19:52
i think i might have a pop ups problem an spyware cause my comp runs very slow and sometimes ill get pop-ups usually the same one's saying ive won something.
Incident Status Location
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt[.xiti.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dell\Cookies\dell@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Dell\Cookies\dell@888[1].txt
Spyware:Cookie/BannerBank Not disinfected C:\Documents and Settings\Dell\Cookies\dell@ad10.bannerbank[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Dell\Cookies\dell@ads.addynamix[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Dell\Cookies\dell@adserver.filefront[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Dell\Cookies\dell@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Dell\Cookies\dell@adultfriendfinder[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dell\Cookies\dell@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Dell\Cookies\dell@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dell\Cookies\dell@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Dell\Cookies\dell@bravenet[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Dell\Cookies\dell@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Dell\Cookies\dell@ccbill[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dell\Cookies\dell@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dell\Cookies\dell@cgi-bin[5].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dell\Cookies\dell@cgi-bin[7].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dell\Cookies\dell@cgi-bin[9].txt
Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\Dell\Cookies\dell@counter.sexsuche[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Dell\Cookies\dell@ct.360i[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Dell\Cookies\dell@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dell\Cookies\dell@dist.belnk[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dell\Cookies\dell@drivecleaner[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Dell\Cookies\dell@entrepreneur[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Dell\Cookies\dell@fortunecity[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dell\Cookies\dell@hc2.humanclick[2].txt
Spyware:Cookie/Inet-Traffic Not disinfected C:\Documents and Settings\Dell\Cookies\dell@inet-traffic[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Dell\Cookies\dell@landing.domainsponsor[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Dell\Cookies\dell@maxserving[2].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Dell\Cookies\dell@metriweb[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dell\Cookies\dell@overture[1].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Dell\Cookies\dell@pacificpoker[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dell\Cookies\dell@questionmarket[2].txt
Donnie_DarkO
2006-11-28, 19:53
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dell\Cookies\dell@realmedia[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Dell\Cookies\dell@searchportal.information[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dell\Cookies\dell@stats.drivecleaner[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dell\Cookies\dell@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dell\Cookies\dell@tribalfusion[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Dell\Cookies\dell@webpower[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dell\Cookies\dell@www.drivecleaner[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Dell\Cookies\dell@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dell\Cookies\dell@xiti[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Cookies\dell@atwola[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Cookies\dell@realmedia[1].txt
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BF3A411\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BF3A411\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\3CNXAATW\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\3CNXAATW\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\6LUW8ORG\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\6LUW8ORG\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\AHT1AEVF\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXCTIN0T\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temp\Temporary Internet Files\Content.IE5\VF9RF10W\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\WZ2NATID\popup[2].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\YF4HCL23\popup[3].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\YF4HCL23\popup[4].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\YF4HCL23\popup[5].htm
Donnie_DarkO
2006-11-28, 19:54
This is the hjt log thanks for the help
Logfile of HijackThis v1.99.1
Scan saved at 1:20:38 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1136914198\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1136914198\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\1136914198\ee\SSCEvtHdlr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1136914198\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\1136914198\ee\aolsoftware.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0a\shellmon.exe
c:\program files\common files\aol\1136914198\ee\anotify.exe
C:\AntiSpyWare\HijackThis.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Donnie_DarkO
2006-11-28, 19:54
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFEXE] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136914198\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1136914198\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1136914198\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Donnie_DarkO
2006-11-28, 19:55
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131909619918
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1136914198\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Donnie_DarkO
2006-11-28, 19:56
Sorry about all my other posts before when i hit the reply to post button it wouldnt let me do it so thats why i made so many topics for one problem sorry..:oops:
steamwiz
2006-11-28, 21:02
I've merged all your posts...
& your problem is ?
All I see are a lot of spyware cookies & temp files & your java is out of date...
--
Download CCleaner from :-
http://www.filehippo.com/download_ccleaner/ (click the download tab)
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.
doubleclick the ccsetup.exe file and install the program...
After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Make sure the "windows" tab is selected
Under "internet explorer" tick...
Temporary internet files
Cookies* > see Note below
History
Recently typed URL's (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history
under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"
Other explorer MRU's (leave this unticked if you DON'T want to clear lists such as the start\run list)
under "System"
Tick ALL these ...
under "Advanced"
no need to tick any of these (but you can if you want, and realise what they do)
Applications tab...
These will mostly clean out old log files for these applications...
Clean:- (if you use them)
Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm
...
Personally I clean everything in the applications tab... but you tick what you want...
Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.
click "analyse" if you want to see a list of what is going to be removed, before it is removed.
Or
click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up
"This process will permanently delete files from your system. Are you sure you wish to proceed?"
click OK.
--
Check to make sure the cookies have been deleted from these folders :-
C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\z60hwcpf.default\cookies.txt
&
C:\Documents and Settings\Dell\Cookies
--
Then if you still have concerns ... repost the logs (try to fit them in one post)
steam
Donnie_DarkO
2006-11-28, 21:24
An attempt to connect to your computer was blocked.
A computer at address 202.97.238.199 has attempted to access one of your system ports (Port 1027)
^^this keeps popping up on my aol safety will this go away once you guys help me?
steamwiz
2006-11-30, 18:38
Hi
Did you run Ccleaner ?
The Ip address you posted is in China ...
Hei Long Jiang province education committee...
country: CN
Do you surf Chinese sites ?
--
Go to add/remove programs and uninstall any earlier versions of Java...
Then You can go here and install the latest version of Java.
http://java.sun.com/javase/downloads/index.jsp
Scroll down the page to 'Java Runtime Environment (JRE) 5.0 Update 9 and press the 'Download' button.
Running an out-of-date version of java is an infection risk.
steam
Donnie_DarkO how is it going?
This topic has been archived due to lack of a response.
If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.