PDA

View Full Version : Please help me :(


LostinAsia
2006-12-14, 17:04
To whom it may concern,

I am having some problems with possible malware or adware or a virus?? I have read some of the other posts, and have installed and run AVG Anti-Spyware, Spybot S&D, and HiJackThis. I continue to get various tracking cookies (and perhaps other threats) when I scan with AVG. They just don't seem to stop.

I would greatly appreciate it if someone could help me to fix these problems once and for all. Below are the log files from the various scans.

Thank you in advance.

Logfile of HijackThis v1.99.1
Scan saved at 11:16:31 PM, on 12/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\Rar$EX00.562\HijackThis.exe

R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Mike\Local Settings\Temp\{F52924BD-9422-458D-9D0D-69D314B096CA}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - d:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - D:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - D:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?738143df2d654e4993f90aea3497ca8b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?738143df2d654e4993f90aea3497ca8b
O8 - Extra context menu item: Send picture by MMS - D:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - d:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - D:\Tencent\QQ\AddToNetDisk.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] SOSO AddressBar Search
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162555012046
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

-----------------------------------------------------------------------

These are the logs from AVG Anti-Spyware:

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:33:36 PM 12/14/2006

+ Scan result:



C:\Documents and Settings\Mike\Cookies\mike@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@cnetasiapacific.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@cnetaustralia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:14:32 PM 11/19/2006

+ Scan result:



C:\WINDOWS\system32\ineptpui.dll -> Downloader.Agent.ayo : Cleaned with backup (quarantined).


::Report end

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:30:43 PM 12/12/2006

+ Scan result:



C:\Documents and Settings\Mike\Cookies\mike@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:32:13 PM 12/14/2006

+ Scan result:



C:\Documents and Settings\Mike\Cookies\mike@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:47:51 PM 11/10/2006

+ Scan result:



C:\WINDOWS\system32\qproecss.exe -> Downloader.Agent.ayo : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike\Application Data\winantispyware2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.


::Report end

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:10:44 PM 11/25/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{bf1ced2c-4b3f-4079-a330-864eda5a4cff} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1390067357-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1FC4ADE1-15D3-057E-81D5-DD934DE6542E} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{04DA0CE8-87C6-4379-9CBD-5D6E93C919E8} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{0678CAB9-7825-467E-9310-CDD2DCA855D0} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{1386F568-F1AB-477D-B69E-31D66B6E4DAA} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{210E3B48-776B-4F4B-B80A-2BB59F1A676D} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{2E3C5BE8-3EA7-48A7-97FA-7E2AB0A88392} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{576BB1E3-B26D-4BCB-A0BD-B49FF2469936} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{5F8BD6DC-6D30-4A6F-9D07-3822DFA605D7} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{694E0F65-5EF7-40FB-9412-48AFCE704720} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{74878382-B258-484B-A614-475D8DCF104B} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{7B8A51F7-0700-4CEB-978E-E0A3C88CB4B4} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{87FF9647-1710-4EB6-97C9-65484F9C61E9} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{A7358DCF-6343-45AE-930D-5C2BB96B9116} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{B4BFACA9-37BA-45BC-8EE6-6F9910651B0B} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{BE18EBF9-4F98-4333-8DD2-AEBA2911A80B} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{DDC17036-3DE8-4FEB-948E-D225CF5BCC95} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{E8194604-B6D1-4D63-ABC7-8C2D89E6D497} -> Adware.MalwareWiper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{96467F12-0518-4E85-AC6A-4858017F1400} -> Adware.MalwareWiper : Cleaned with backup (quarantined).


::Report end

--------------------------------------------------------------------------
LostinAsia
2006-12-14, 17:04
These are the logs from Spybot S&D:

10.11.2006 20:49:07 - ##### check started #####
10.11.2006 20:49:07 - ### Version: 1.4
10.11.2006 20:49:07 - ### Date: 11/10/2006 8:49:07 PM
10.11.2006 20:49:07 - ##### checking bots #####
10.11.2006 20:50:30 - found: PestTrap User settings
10.11.2006 20:50:50 - found: Tencent Settings
10.11.2006 20:50:50 - found: Tencent Class ID
10.11.2006 20:50:50 - found: Tencent Class ID
10.11.2006 20:50:50 - found: Tencent Class ID
10.11.2006 20:50:50 - found: Tencent Settings
10.11.2006 20:50:50 - found: Tencent Root class
10.11.2006 20:50:50 - found: Tencent Root class
10.11.2006 20:50:50 - found: Tencent Class ID
10.11.2006 20:50:50 - found: Tencent Type library
10.11.2006 20:50:50 - found: Tencent Program directory
10.11.2006 20:50:52 - found: Microsoft.WindowsSecurityCenter_disabled Settings
10.11.2006 20:51:11 - found: Caishow Settings
10.11.2006 20:51:35 - found: IEHelper.e Class ID
10.11.2006 20:52:42 - ##### check finished #####


--- Report generated: 2006-11-10 20:52 ---

Service check.: The Services.sbs file is missing. Please use the update to get a new copy! ()


PestTrap: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1390067357-746137067-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\pmsngr.exe

Tencent: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1390067357-746137067-725345543-1003\Software\Tencent

Tencent: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0C7C23EF-A848-485B-873C-0ED954731014}

Tencent: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{90B1ECB2-FC3B-49AE-A6BD-F5F11BF5C4AD}

Tencent: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9}

Tencent: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Tencent

Tencent: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\TCtrl.TWeb

Tencent: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\TCtrl.TWeb.1

Tencent: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{90B1ECB2-FC3B-49AE-A6BD-F5F11BF5C4AD}

Tencent: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{B1A7C2CF-BF40-4597-8142-7615D74D0CC3}

Tencent: Program directory (Directory, nothing done)
C:\Program Files\TENCENT\Adplus\

Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

Caishow: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1390067357-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C7C23EF-A848-485B-873C-0ED954731014}

IEHelper.e: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A57E074F-56D8-4A33-8112-AAC9693AA909}


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-13 Includes\Dialer.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-03 Includes\Trojans.sbi (*)

11.11.2006 23:59:59 - ##### check started #####
11.11.2006 23:59:59 - ### Version: 1.4
11.11.2006 23:59:59 - ### Date: 11/11/2006 11:59:59 PM
11.11.2006 23:59:59 - ##### checking bots #####
12.11.2006 00:06:24 - ##### check finished #####


--- Report generated: 2006-11-12 00:06 ---

Service check.: The Services.sbs file is missing. Please use the update to get a new copy! ()


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-13 Includes\Dialer.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-03 Includes\Trojans.sbi (*)

14.12.2006 20:55:57 - ##### check started #####
14.12.2006 20:55:57 - ### Version: 1.4
14.12.2006 20:55:57 - ### Date: 12/14/2006 8:55:57 PM
14.12.2006 20:55:57 - ##### checking bots #####
14.12.2006 21:00:55 - ##### check finished #####


--- Report generated: 2006-12-14 21:00 ---

Service check.: The Services.sbs file is missing. Please use the update to get a new copy! ()


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-08 Includes\Dialer.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-03 Includes\Trojans.sbi (*)

14.12.2006 21:10:52 - ##### check started #####
14.12.2006 21:10:52 - ### Version: 1.4
14.12.2006 21:10:52 - ### Date: 12/14/2006 9:10:52 PM
14.12.2006 21:10:52 - ##### checking bots #####
14.12.2006 21:13:17 - found: Zlob.HomepageMonitor User settings
14.12.2006 21:16:04 - ##### check finished #####


--- Report generated: 2006-12-14 21:16 ---

Zlob.HomepageMonitor: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1390067357-746137067-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\isamonitor.exe


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-08 Includes\Cookies.sbi
2006-12-08 Includes\Dialer.sbi (*)
2006-12-08 Includes\DialerC.sbi
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-08 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-08 Includes\KeyloggersC.sbi
2006-12-08 Includes\Malware.sbi (*)
2006-12-08 Includes\MalwareC.sbi
2006-10-20 Includes\PUPS.sbi (*)
2006-12-08 Includes\PUPSC.sbi
2006-12-08 Includes\Revision.sbi
2006-12-08 Includes\Security.sbi (*)
2006-12-08 Includes\SecurityC.sbi
2006-10-13 Includes\Spybots.sbi (*)
2006-12-08 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2006-12-08 Includes\TrojansC.sbi


--- Report generated: 2006-11-10 20:53 ---

Service check.: The Services.sbs file is missing. Please use the update to get a new copy! ()


PestTrap: User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-1390067357-746137067-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\pmsngr.exe

Tencent: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1390067357-746137067-725345543-1003\Software\Tencent

Tencent: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{0C7C23EF-A848-485B-873C-0ED954731014}

Tencent: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{90B1ECB2-FC3B-49AE-A6BD-F5F11BF5C4AD}

Tencent: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9}

Tencent: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Tencent

Tencent: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\TCtrl.TWeb

Tencent: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\TCtrl.TWeb.1

Tencent: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{90B1ECB2-FC3B-49AE-A6BD-F5F11BF5C4AD}

Tencent: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{B1A7C2CF-BF40-4597-8142-7615D74D0CC3}

Tencent: Program directory (Directory, fixed)
C:\Program Files\TENCENT\Adplus\

Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

Caishow: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1390067357-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C7C23EF-A848-485B-873C-0ED954731014}

IEHelper.e: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A57E074F-56D8-4A33-8112-AAC9693AA909}


--- Report generated: 2006-12-14 21:16 ---

Zlob.HomepageMonitor: User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-1390067357-746137067-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\isamonitor.exe


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-08 Includes\Cookies.sbi
2006-12-08 Includes\Dialer.sbi (*)
2006-12-08 Includes\DialerC.sbi
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-08 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-08 Includes\KeyloggersC.sbi
2006-12-08 Includes\Malware.sbi (*)
2006-12-08 Includes\MalwareC.sbi
2006-10-20 Includes\PUPS.sbi (*)
2006-12-08 Includes\PUPSC.sbi
2006-12-08 Includes\Revision.sbi
2006-12-08 Includes\Security.sbi (*)
2006-12-08 Includes\SecurityC.sbi
2006-10-13 Includes\Spybots.sbi (*)
2006-12-08 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2006-12-08 Includes\TrojansC.sbi

11/10/2006 7:48:34 PM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
11/10/2006 7:49:14 PM downloaded update Advanced detection library
11/10/2006 7:49:14 PM - URL: http://downloads.planetmirror.com/pub/spybot/advcheck.zip
11/10/2006 7:49:14 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\advcheck.zip
11/10/2006 7:49:20 PM downloaded update Detection rules: Dialers
11/10/2006 7:49:20 PM - URL: http://downloads.planetmirror.com/pub/spybot/includes.dialer.zip
11/10/2006 7:49:20 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip
11/10/2006 7:49:27 PM downloaded update Detection rules: Hijackers
11/10/2006 7:49:27 PM - URL: http://downloads.planetmirror.com/pub/spybot/includes.hijackers.zip
11/10/2006 7:49:27 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.hijackers.zip
11/10/2006 7:49:30 PM downloaded update Detection rules: Keyloggers
11/10/2006 7:49:30 PM - URL: http://downloads.planetmirror.com/pub/spybot/includes.keyloggers.zip
11/10/2006 7:49:30 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.keyloggers.zip
11/10/2006 7:49:38 PM downloaded update Detection rules: Malware
11/10/2006 7:49:38 PM - URL: http://downloads.planetmirror.com/pub/spybot/includes.malware.zip
11/10/2006 7:49:38 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip
11/10/2006 7:49:42 PM downloaded update Detection rules: PUPS
11/10/2006 7:49:42 PM - URL: http://downloads.planetmirror.com/pub/spybot/includes.pups.zip
11/10/2006 7:49:42 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip
11/10/2006 7:49:44 PM downloaded update Detection rules: Security
11/10/2006 7:49:44 PM - URL: http://downloads.planetmirror.com/pub/spybot/includes.security.zip
11/10/2006 7:49:44 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.security.zip
11/10/2006 7:49:50 PM downloaded update Detection rules: Spybots
11/10/2006 7:49:50 PM - URL: http://downloads.planetmirror.com/pub/spybot/includes.spybots.zip
11/10/2006 7:49:50 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip
11/10/2006 7:49:56 PM downloaded update Detection rules: Trojans
11/10/2006 7:49:56 PM - URL: http://downloads.planetmirror.com/pub/spybot/includes.trojans.zip
11/10/2006 7:49:56 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip
11/10/2006 7:50:10 PM downloaded update Detection rules: Update
11/10/2006 7:50:10 PM - URL: http://downloads.planetmirror.com/pub/spybot/includes.zip
11/10/2006 7:50:10 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
11/10/2006 7:50:10 PM - FILE REJECTED because of bad checksum
11/10/2006 7:50:18 PM downloaded update Detection support library
11/10/2006 7:50:18 PM - URL: http://downloads.planetmirror.com/pub/spybot/tools.zip
11/10/2006 7:50:18 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\tools.zip
11/10/2006 7:50:25 PM downloaded update English descriptions
11/10/2006 7:50:25 PM - URL: http://downloads.planetmirror.com/pub/spybot/desc.english.zip
11/10/2006 7:50:25 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\desc.english.zip
11/10/2006 7:50:25 PM - FILE REJECTED because of bad checksum
11/10/2006 7:50:32 PM downloaded update English help
11/10/2006 7:50:32 PM - URL: http://downloads.planetmirror.com/pub/spybot/help.english.zip
11/10/2006 7:50:32 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\help.english.zip
11/10/2006 7:50:36 PM downloaded update English help for TeaTimer
11/10/2006 7:50:36 PM - URL: http://downloads.planetmirror.com/pub/spybot/helpres.english.zip
11/10/2006 7:50:36 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\helpres.english.zip
11/10/2006 7:50:39 PM downloaded update English language
11/10/2006 7:50:39 PM - URL: http://downloads.planetmirror.com/pub/spybot/lang.english.zip
11/10/2006 7:50:39 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
11/10/2006 7:50:54 PM downloaded update Immunization database
11/10/2006 7:50:54 PM - URL: http://downloads.planetmirror.com/pub/spybot/clsid.zip
11/10/2006 7:50:54 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
11/10/2006 7:50:55 PM downloaded update Main skins
11/10/2006 7:50:55 PM - URL: http://downloads.planetmirror.com/pub/spybot/skins.main.zip
11/10/2006 7:50:55 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\skins.main.zip
11/10/2006 7:51:07 PM downloaded update Startup info
11/10/2006 7:51:07 PM - URL: http://downloads.planetmirror.com/pub/spybot/startup.zip
11/10/2006 7:51:07 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\startup.zip
12/14/2006 8:41:14 PM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
12/14/2006 8:42:16 PM downloaded update Detection rules: Dialers
12/14/2006 8:42:16 PM - URL: http://ftp.rz.tu-bs.de/pub/mirror/spybot.info/sbsdupdates/includes.dialer.zip
12/14/2006 8:42:16 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip
12/14/2006 9:01:35 PM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
12/14/2006 9:02:24 PM downloaded update Detection rules: Dialers
12/14/2006 9:02:24 PM - URL: http://www.xteq.de/spybot/updates/includes.dialer.zip
12/14/2006 9:02:24 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip
12/14/2006 9:04:05 PM downloaded update Detection rules: Hijackers
12/14/2006 9:04:05 PM - URL: http://www.xteq.de/spybot/updates/includes.hijackers.zip
12/14/2006 9:04:05 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.hijackers.zip
12/14/2006 9:05:08 PM downloaded update Detection rules: Malware
12/14/2006 9:05:08 PM - URL: http://www.xteq.de/spybot/updates/includes.malware.zip
12/14/2006 9:05:08 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip
12/14/2006 9:05:10 PM downloaded update Detection rules: Security
12/14/2006 9:05:10 PM - URL: http://www.xteq.de/spybot/updates/includes.security.zip
12/14/2006 9:05:10 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.security.zip
12/14/2006 9:08:02 PM downloaded update Detection rules: Trojans
12/14/2006 9:08:02 PM - URL: http://www.xteq.de/spybot/updates/includes.trojans.zip
12/14/2006 9:08:02 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip
12/14/2006 9:09:42 PM downloaded update Detection rules: Update
12/14/2006 9:09:42 PM - URL: http://www.xteq.de/spybot/updates/includes.zip
12/14/2006 9:09:42 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
12/14/2006 9:10:20 PM downloaded update English descriptions
12/14/2006 9:10:20 PM - URL: http://www.xteq.de/spybot/updates/desc.english.zip
12/14/2006 9:10:20 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\desc.english.zip

END END END END
tashi
2006-12-20, 15:45
Hello.

Please see "BEFORE you POST" (http://forums.spybot.info/showthread.php?t=288) to for the procedure and logs requested. Did you run the on-line anti-virus scanner?

C:\DOCUME~1\Mike\LOCALS~1\Temp\Rar$EX00.562\HijackThis.exe shows that HJT is not in the correct folder and this delays assistance.

If you have waited three days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)
shelf life
2006-12-20, 22:31
hi LostinAsia,

please delete that copy of hjt in the temp dir. and reinstall a new copy like this:

* Downloads:
* Please make sure you have the latest version. HJT 1.99.1
* http://www.downloads.subratam.org/hijackthis.zip
* If you are unfamiliar with zip programs get HijackThis.exe here:
* http://www.merijn.org/files/HijackThis.exe

* First put hijackthis into a permanent folder.
* Do this first - go to C: and create a new permanent folder.
Example C:\AntiSpyWare or C:\hijackthis
* This is necessary to ensure you have backups should anything go wrong.
* Then put (or download - choose "save" not "run") the hijackthis.exe file in this folder.
If you downloaded a zipped HJT file unzip it to the permanent folder so you have C:\hijackthis\hijackthis.exe.
* Example of the wrong way:
C:\DOCUME~1\Name\LOCALS~1\Temp\Temporary Directory for hijackthis.zip\HijackThis.exe
* Running hjt from the wrong folder may delay assistance as your helper will have to ask for a new log.

If in doubt use this link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.

* Double click HijackThis.exe.
* Hit None Of The Above, just start the program.
* Hit Scan.
* When the scan is finished, the "Scan" button will change into a "Save Log" button.
* Click that, save the log somewhere, and copy/paste into this thread
a) The HJT log
-------------------------------------
did you add those ip's to your host file?
cookies really arent much to worry about.

shelf life
tashi
2006-12-27, 12:02
This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original topic starter.