| rainbow24 |
| (new user) |
| Tue May 09 2006 04:19 AM |
hijack log please check
|
I am experiencing the following: about blank pop ups (my home page is not affected), cannot access daily sites I used to be able too all the time with no problem, windows XP freezing up, pop up alerts with no pop ups present and also sites ie. game sites which require a new window to open now will not open for me. Previously I never had any of these problems so I'm not sure what's going on?
Logfile of HijackThis v1.99.1
Scan saved at 11:09:43 PM, on 5/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
C:\Program Files\COGECO Security Services\Common\FSMB32.EXE
C:\Program Files\COGECO Security Services\Common\FCH32.EXE
C:\Program Files\COGECO Security Services\Common\FAMEH32.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\fsrw.exe
C:\Program Files\COGECO Security Services\FSPC\fspc.exe
C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\COGECO Security Services\Common\FSM32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe
C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Survey Alerts Manager\skinkers.exe
C:\PROGRA~1\COGECO~1\ANTI-S~1\fsaw.exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Program Files\COGECO Security Services\FSGUI\fsguidll.exe
C:\Program Files\COGECO Security Services\backweb\9867844\Program\fspex.exe
C:\WINDOWS\MDG\MDGnotify.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ca\bin\WindowsSearch.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ca\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mdg.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\COGECO Security Services\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [LFM] C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\Anonymizer\sk\SpyWareKiller.exe /BOOT
O4 - HKCU\..\Run: [SAMCluster] C:\Program Files\Survey Alerts Manager\skinkers.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [PromptCast] C:\Program Files\PromptCast\PromptCast.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
O4 - Global Startup: COGECO Security Services.lnk = C:\Program Files\COGECO Security Services\backweb\9867844\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
O4 - Global Startup: Shortcut to MDGnotify.lnk = C:\WINDOWS\MDG\MDGnotify.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ca\bin\WindowsSearch.exe
O4 - Global Startup: ZDConfig.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\COGECO Security Services\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll/229?d3b1171cb434a8cbcabce3f38109d38
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll/230?d3b1171cb434a8cbcabce3f38109d38
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\Anti-Spyware\ieshield.dll
O9 - Extra button: FiveDogsPoker.net Poker - {331C9AA1-4DFF-44ed-A63C-67434F37D09C} - C:\Program Files\fivedogsguestMPP\MPPoker.exe
O9 - Extra button: AbsolutePoker.net - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\AbsolutePoker NET\AbsolutePoker NET.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.net - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\AbsolutePoker NET\AbsolutePoker NET.lnk
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28911fa862ced91eb817/netzip/RdxIE601.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40/freecell/freecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144638876375
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68/ePlayer/2_0/ACNePlayer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4409/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - BackWeb Technologies Inc. - C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
| John_McKenna |
| (HijackThis Helper) |
| Tue May 09 2006 11:32 PM |
|
|
Re: hijack log please check
|
Hi and welcome to Webuser.
Is this machine a commercial workstation?
Post a HijackThis Uninstall List please:
- Open HijackThis and click 'Config' (bottom right)
- Click 'Misc Tools' and then 'Open Uninstall Manager'
- A list of the entries in Add/remove programs will appear.
- Click on Save List...
- The list will be saved as 'Uninstall_list.txt'
- Copy & Paste the contents in your next reply.
| rainbow24 |
| (new user) |
| Wed May 10 2006 05:24 AM |
|
Re: hijack log please check
|
Hello,
No this not a commercial workstation. It is my home use computer, running windows xp, home addition.
Below is the hijackthis uninstall list as requested:
AbsolutePoker NET
Adobe Acrobat - Reader 6.0.2 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Anonymizer SpyWare Killer + Privacy Manager
ArcSoft Software Suite
Bejeweled 2 Deluxe
BingoLiner
COGECO Security Services
Ebates Moe Money Maker
FiveDogsPoker.net Poker
Geisha Bingo
GraphicView 32
HijackThis 1.99.1
Home Improvement 1-2-3
HyperLoad
Intel Application Accelerator
Intel(R) Extreme Graphics Driver Software
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Jigsaw Puzzle Player
Leapfrog Messenger
Lexmark X1100 Series
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Picture It! Photo Premium 9
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSN Messenger 7.0
MSN Music Assistant
MSN Search Toolbar
Nero OEM
ParadisePoker.net
PartyPoker
Playtime Bingo
PokerStars.net
PromptCast
QuickTime
RealPlayer
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Survey Alerts Manager (remove only)
Tiger Gaming
Uninstall JL2005A Toy Camera
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Viewpoint Manager (Remove Only)
Viewpoint Toolbar V35 (Remove Only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Office 11
Yahoo! Toolbar
ZyDAS Wireless LAN - USB
| John_McKenna |
| (HijackThis Helper) |
| Wed May 10 2006 09:09 AM |
|
|
|
Re: hijack log please check
|
You may wish to save these instructions to notepad or print them out for use while in Safe Mode.
Step # 1
Configure Windows to Show all hidden files & folders:
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/50/
Ensure you're familiar with rebooting into Safe Mode:
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/54/
Download and install Ewido Anti-Malware from here:
http://www.ewido.net/en/download/
- When installing Ewido, under "Additonal Options" uncheck "Install Background Guard" and "Install Scan Via Context Menu".
- Launch Ewido by double-clicking the desktop icon and click 'OK' at the "Database could not be found!" warning.
- Click "Update" on the left side of the main screen to update the definitions file.
- Then click "Start Update".
- When you receive the "Update successful" prompt, close the program for use later.
Step # 2
Go to Start > Control Panel > Add/Remove Programs and remove the following:
Ebates Moe Money Maker
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Viewpoint Manager (Remove Only)
Viewpoint Toolbar V35 (Remove Only)
* versions of Sun Java older than v1.5.6 are vulnerable to infection whether you have the latest version installed or not.
Step # 3
Reboot into Safe Mode now please.
Scan with HijackThis again and place a checkmark in the boxes before the following entries:-
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28911fa862ced91eb817/netzip/RdxIE601.cab
Close ALL OTHER OPEN WINDOWS (inc. this one) and click the "Fix Checked" button.
Step # 4
Use Windows Explorer to locate & delete the following files/folders in bold:
C:\Program Files\MyWebSearch\
C:\Program Files\Viewpoint\
C:\Program Files\Ebates_MoeMoneyMaker\
*Right click the file or folder and select delete.
Step # 5
Clean your Cache and Cookies in IE:
Go to Control Panel > Internet Options > General tab.
Click the "Delete Cookies" button and then the "Delete Files" button nest to it.
When prompted, place a check in: "Delete all offline content", click OK.
Clean your Cache and Cookies in Firefox (if you also have Firefox installed):
Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking "Clear All".
A confirmation dialog box will be shown before clearing the information.
Clean other Temporary files + Recycle bin
Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.
Step # 6
Now open Ewido Anti-Malware.
Click on Scanner.
Click on Complete System Scan and the scan will begin.
Warning: Do NOT open any other windows or your Control Panel while scanning as it may prevent scan completion!!
At the first infection, select "Remove" and checkmark the boxes beside "Perform action on all infections" and "Create encrypted backup in the quarantine" in the left corner.
Upon scan completion, click the Save report button and save the report.txt to your desktop.
Step # 7
Reboot and run either of the following online virus scans with Internet Explorer (saving the scan report when complete):
Kaspersky On-line Scanner
- Accept the Active X object and download the latest definitions.
- When the scanner is ready, click Scan Settings.
- Select the Extended anti-virus database.
- Select Scan Archives & Scan Mail Bases and then ok.
- Click My Computer to run a full system scan.
- When complete, choose Save as Text and save the log to your desktop.
Panda ActiveScan
- Once on the Panda site click the Scan your PC button and then the Check Now button on the next screen.
- Enter your details in the required fields.
- Then click the big Scan Now button.
- Allow the Active X component to install and download the necessary files. (Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan.
- Upon scan completion, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Step # 8
Then post the following in your next reply please:
- New HijackThis log.
- Ewido scan results.
- Online scan results.
- Any problems you encountered.
| rainbow24 |
| (new user) |
| Thu May 11 2006 03:00 AM |
|
Re: hijack log please check
|
Everything went well with instruction below is the new hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 9:56:51 PM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COGECO Security Services\Common\FSMB32.EXE
C:\Program Files\COGECO Security Services\Common\FCH32.EXE
C:\Program Files\COGECO Security Services\Common\FAMEH32.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\fsrw.exe
C:\Program Files\COGECO Security Services\FSPC\fspc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\COGECO Security Services\Common\FSM32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe
C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Survey Alerts Manager\skinkers.exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Program Files\COGECO Security Services\backweb\9867844\Program\fspex.exe
C:\WINDOWS\MDG\MDGnotify.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ca\bin\WindowsSearch.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ca\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mdg.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\COGECO Security Services\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LFM] C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\Anonymizer\sk\SpyWareKiller.exe /BOOT
O4 - HKCU\..\Run: [SAMCluster] C:\Program Files\Survey Alerts Manager\skinkers.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [PromptCast] C:\Program Files\PromptCast\PromptCast.exe
O4 - Global Startup: COGECO Security Services.lnk = C:\Program Files\COGECO Security Services\backweb\9867844\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Shortcut to MDGnotify.lnk = C:\WINDOWS\MDG\MDGnotify.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ca\bin\WindowsSearch.exe
O4 - Global Startup: ZDConfig.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\COGECO Security Services\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll/229?d3b1171cb434a8cbcabce3f38109d38
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-ca\msntabres.dll/230?d3b1171cb434a8cbcabce3f38109d38
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\Anti-Spyware\ieshield.dll
O9 - Extra button: FiveDogsPoker.net Poker - {331C9AA1-4DFF-44ed-A63C-67434F37D09C} - C:\Program Files\fivedogsguestMPP\MPPoker.exe
O9 - Extra button: AbsolutePoker.net - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\AbsolutePoker NET\AbsolutePoker NET.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.net - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\AbsolutePoker NET\AbsolutePoker NET.lnk
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40/freecell/freecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144638876375
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68/ePlayer/2_0/ACNePlayer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4409/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - BackWeb Technologies Inc. - C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
Ewido scan results:
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:35:05 PM, 5/10/2006
+ Report-Checksum: CA733468
+ Scan result:
HKLM\SOFTWARE\Classes\VoiceIPDll.VoiceIPDllObj.1 -> Adware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-3909097746-49781990-4101956904-1005\Software\VoiceIP -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Jim LaBelle\Local Settings\Temp\THI468.tmp\VoiceIP.cab/VoiceIp.dll -> Adware.BiSpy : Cleaned with backup
C:\Documents and Settings\Jim LaBelle\Local Settings\Temp\THI468.tmp\VoiceIp.dll -> Adware.BiSpy : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\200062.dat\EGGCEngine.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\200062.dat\egIEEngine.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\200062.dat\EGIEProcess.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\200062.dat\EGNSEngine.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\200062.dat\GatorRes.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\200062.dat\GatorStubSetup.exe -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\200062.dat\GUninstaller.exe -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\3734109.dat\EGGCEngine.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\3734109.dat\egIEEngine.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\3734109.dat\EGIEProcess.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\3734109.dat\EGNSEngine.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\3734109.dat\GatorRes.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\3734109.dat\GatorStubSetup.exe -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\3734109.dat\GUninstaller.exe -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8451765.dat\CMEIIAPI.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8451765.dat\GAppMgr.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8451765.dat\GController.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8451765.dat\GIocl.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8451765.dat\GMTProxy.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8451765.dat\GObjs.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8451765.dat\GStoreServer.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8451765.dat\Gtools.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8452796.dat\EGGCEngine.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8452796.dat\egIEEngine.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8452796.dat\EGIEProcess.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8452796.dat\EGNSEngine.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8452796.dat\GatorRes.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8452796.dat\GatorStubSetup.exe -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Lorri LaBelle\Application Data\spweng\8452796.dat\GUninstaller.exe -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Tina LaBelle\Cookies\tina labelle@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tina LaBelle\Cookies\tina labelle@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Tina LaBelle\Cookies\tina labelle@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tina LaBelle\Cookies\tina labelle@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Tina LaBelle\Cookies\tina labelle@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Tina LaBelle\Cookies\tina labelle@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Tina LaBelle\Cookies\tina labelle@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Tina LaBelle\Cookies\tina labelle@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tina LaBelle\Cookies\tina labelle@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Tina LaBelle\Cookies\tina labelle@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Program Files\COGECO Security Services\FWES\program\fsdfwd.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\SearchRelevant\SearchRelevant.dll -> Adware.Relevance : Cleaned with backup
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
::Report End
Online scan results:
Incident Status Location
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@belnk[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@dist.belnk[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Jim LaBelle\Cookies\jim labelle@i.screensavers[2].txt
Adware:Adware Program
| John_McKenna |
| (HijackThis Helper) |
| Thu May 11 2006 09:31 AM |
|
|
|
Re: hijack log please check
|
Apart from a few cookies which Panda picked up, everything seems to be in order.
How's the machine running now?
| rainbow24 |
| (new user) |
| Sun May 14 2006 04:43 AM |
|
Re: hijack log please check
|
It is running better but I am still experiencing problems. About Blank still pops up. Also, some of the sites I go to, won't come up because it says there is a pop-up, but there is no pop-up when I click on it to see what the pop-up might be. There are a couple of games I go it that up until 2 weeks worked great, but now they are very slow or I can't get into them at all. I don't know if any of this is related to my original problem, but I thought I would ask anyway. This is home computer, used primarily for fun. Thanks for any help you can give me.
| John_McKenna |
| (HijackThis Helper) |
| Sun May 14 2006 11:32 AM |
|
|
|
Re: hijack log please check
|
I missed an entry in your log which needs to go:
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
Fix that entry and reboot.
Download WinPFind.zip and unzip it to your C:\ folder. to create C:\WinPFind.
- Important! Reboot in Safe Mode
- Double-click WinPFind.exe inside c:\WinPFind to launch the program.
- Then click on the Start Scan button and wait for it to finish.
- This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.
- When it is done, it will show the results of the scan.
- Click on the Copy to Clipboard button and save them to notepad for posting.
| rainbow24 |
| (new user) |
| Wed May 24 2006 08:47 PM |
|
Re: hijack log please check
|
Deleted the file and ran this as requested.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
PEC2 3/31/2003 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 2/14/2006 9:20:14 AM 550120 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 5/4/2006 12:26:22 AM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/4/2006 12:26:22 AM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 3/31/2003 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
5/24/2006 2:37:02 PM S 2048 C:\WINDOWS\bootstat.dat
4/10/2006 11:28:18 PM H 0 C:\WINDOWS\inf\oem32.inf
3/30/2006 6:03:56 AM S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
5/24/2006 2:36:58 PM H 8192 C:\WINDOWS\system32\config\default.LOG
5/24/2006 2:37:10 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
5/24/2006 2:37:04 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
5/24/2006 2:37:10 PM H 65536 C:\WINDOWS\system32\config\software.LOG
5/24/2006 2:37:06 PM H 942080 C:\WINDOWS\system32\config\system.LOG
5/12/2006 2:41:54 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
4/9/2006 11:10:02 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\5d64b5f9-24cf-454d-8036-25c502b1e8d1
4/9/2006 11:10:02 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
5/23/2006 2:53:32 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\d7744352-d499-4563-82f0-ae6a43d73519
5/23/2006 2:53:38 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
5/24/2006 2:35:56 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 4/24/2003 4:53:22 PM 6842880 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
5/11/2001 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 10/16/2002 3:12:44 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel(R) Corporation 10/23/2002 2:06:36 PM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
Apple Computer, Inc. 4/11/2001 1:22:06 PM 287232 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 10/16/2002 3:12:44 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
3/24/2004 3:25:48 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
3/24/2004 3:44:02 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
3/21/2003 10:01:16 AM 602 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to MDGnotify.lnk
10/11/2005 9:41:18 PM 2169 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
5/28/2004 2:38:32 PM 1827 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDConfig.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
3/24/2004 7:21:50 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
3/24/2004 3:25:48 PM HS 84 C:\Documents and Settings\Lorri LaBelle\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
3/24/2004 7:21:50 AM HS 62 C:\Documents and Settings\Lorri LaBelle\Application Data\desktop.ini
5/27/2004 10:37:44 PM 0 C:\Documents and Settings\Lorri LaBelle\Application Data\dm.ini
1/9/2005 3:58:10 PM 83248 C:\Documents and Settings\Lorri LaBelle\Application Data\GDIPFONTCACHEV1.DAT
5/29/2004 7:22:54 PM 12358 C:\Documents and Settings\Lorri LaBelle\Application Data\PFP110JCM.{PB
5/29/2004 7:22:54 PM 61678 C:\Documents and Settings\Lorri LaBelle\Application Data\PFP110JPR.{PB
5/12/2006 10:41:48 PM 3170 C:\Documents and Settings\Lorri LaBelle\Application Data\wklnhst.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
FunWebProducts =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{23814B80-52A2-11d0-BC1A-004095606CB9}
F-Secure = C:\Program Files\COGECO Security Services\Common\fpshx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{23814B80-52A2-11d0-BC1A-004095606CB9}
F-Secure = C:\Program Files\COGECO Security Services\Common\fpshx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} = C:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSN Search Toolbar Helper = C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Search Toolbar : C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{200DB664-75B5-47c0-8B45-A44ACCF73C00}
ButtonText = Web Filter :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{200DB664-75B5-47c0-8B45-A44ACCF73F01}
MenuText = Web Filter : C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{200DB664-75B5-47c0-8B45-A44ACCF73F02}
MenuText = &Suspend Webpage Filter : C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{200DB664-75B5-47c0-8B45-A44ACCF73F03}
MenuText = &Deny this website : C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{200DB664-75B5-47c0-8B45-A44ACCF73F04}
MenuText = &Allow this website : C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{300DB664-75B5-47c0-8B45-A44ACCF73C00}
ButtonText = IE Shield :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{331C9AA1-4DFF-44ed-A63C-67434F37D09C}
ButtonText = FiveDogsPoker.net Poker : C:\Program Files\fivedogsguestMPP\MPPoker.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5}
ButtonText = AbsolutePoker.net : C:\Documents and Settings\All Users\Start Menu\Programs\AbsolutePoker NET\AbsolutePoker NET.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
ButtonText = PartyPoker.com : C:\PartyGaming\PartyPoker\RunApp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Search Toolbar : C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Search Toolbar : C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
SoundMan SOUNDMAN.EXE
PRONoMgr.exe c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
Lexmark X1100 Series "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
QuickFinder Scheduler "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
F-Secure Manager "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
F-Secure TNB "C:\Program Files\COGECO Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
F-Secure Startup Wizard "C:\Program Files\COGECO Security Services\FSGUI\FSSW.EXE" /reboot
News Service "C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe"
LFM C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MoneyAgent "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
PRIVANAL
ANONYMIZER_SPYWAREKILLER C:\Program Files\Anonymizer\sk\spywarekiller.exe /BOOT
SAMCluster C:\Program Files\Survey Alerts Manager\skinkers.exe
MSKAGENTEXE C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
PromptCast C:\Program Files\PromptCast\PromptCast.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 5/24/2006 2:40:59 PM
| John_McKenna |
| (HijackThis Helper) |
| Wed May 24 2006 10:16 PM |
|
|
|
Re: hijack log please check
|
Fix this entry with HijackThis:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Open Notepad, (Start | Run, type Notepad)
Copy the text between the code lines below to Notepad.
Click File | Save As
Change the Save as type to *All Files*
Save it to your desktop as fix.reg
Code:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"FunWebProducts"=-
Double click fix.reg and confirm you wish to add the contents to the registry.
Reboot and post a fresh HJT log please.
Any change?