HJT log and step 3 log
jimbo1406
Maine
im not sure if this is in the right area, but i know u guys know everything. i just got a laptop from a friend that is a mess and im in the process of cleaning out and am going to post a log in a few . i have norton on my pc is there ne way to use the same subscription on my new laptop w/o purchasing a new one???ne help is greatly appreciated.
0
Comments
HJt
Logfile of HijackThis v1.99.1
Scan saved at 1:39:36 AM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3a84255fa53bf624e6efd81d8d5d3ebf\update\update.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D9DC81D-7DFB-2778-80FA-524047EAAE9E} - C:\WINDOWS\system32\qojm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {80A3CBDB-246B-7AB3-4A26-5FF07DCE6B97} - C:\WINDOWS\System32\ywp.dll (file missing)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [1X.exe] C:\documents and settings\sophie\local settings\temp\1X.exe
O4 - HKLM\..\Run: [wp2xym.exe] C:\documents and settings\sophie\local settings\temp\wp2xym.exe
O4 - HKLM\..\Run: [OebKo25o8.exe] C:\documents and settings\sophie\local settings\temp\OebKo25o8.exe
O4 - HKLM\..\Run: [1X] C:\documents and settings\sophie\local settings\temp\1X.exe
O4 - HKLM\..\Run: [wp2xym] C:\documents and settings\sophie\local settings\temp\wp2xym.exe
O4 - HKLM\..\Run: [OebKo25o8] C:\documents and settings\sophie\local settings\temp\OebKo25o8.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1772e40946375fa4ba05/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104625714295
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Panda
Incident Status Location
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@ads.pointroll[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@atdmt[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@com[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@fastclick[1].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@mysearch[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@tribalfusion[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@www.myaffiliateprogram[2].txt
Adware:Adware/WinTools Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0CC27C7C-DE60-4C21-B0A3-825FE9\46E29A8B-A9CB-4225-AAFE-FB5058
Adware:Adware/WinTools Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0CC27C7C-DE60-4C21-B0A3-825FE9\CB722FA2-4F30-4AE2-B143-F09631
Adware:Adware/eZula Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3167267F-5EE1-4800-B943-767E47\E05C04E9-0F4A-4E01-800E-000367
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B436A92A-4F6A-4CE4-8A64-30E9E4\244CD0EE-7F52-4AEC-BF5B-A19D42
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B436A92A-4F6A-4CE4-8A64-30E9E4\6A269875-88B1-4001-A5C3-205FA5
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B436A92A-4F6A-4CE4-8A64-30E9E4\C7A6A1CF-D673-4F1D-BA2F-CCAEAE
Adware:Adware/nCase Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BFE31C0A-03C7-4A75-B9A1-BFC96C\4B94A85A-4B7A-4353-B8C9-75A398
Adware:Adware/nCase Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BFE31C0A-03C7-4A75-B9A1-BFC96C\8D881BC7-E5A7-41D8-936F-F58F6D
Potentially unwanted tool:Application/Zango Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BFE31C0A-03C7-4A75-B9A1-BFC96C\EA185C75-B693-48FE-8DD1-081A66
Adware:Adware/WinTools Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\EF2C880B-11BA-4529-8966-C775EA\336FF3B4-7504-4A5A-A5F2-75628A
Adware:Adware/WinTools Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\EF2C880B-11BA-4529-8966-C775EA\3B3E8DA7-7573-4E6F-A1CD-1934A3
Adware:Adware/PurityScan Not disinfected C:\Program Files\rdso\eetu.exe
Adware:Adware/eZula Not disinfected C:\Program Files\TopText\CHCON.dll
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_98.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\r?ndll32.exe
Adware:adware/ezula Not disinfected C:\WINDOWS\woinstall.exe
THANKS GUYS!!!!!!!!!!!!!!!!!
THIS PANDA LOG IS SCARING THE HELL OUT OF ME!!!!!!!!!!!
===============
Scan with HiJackThis, then check(tick) the following, if present:
O2 - BHO: (no name) - {1D9DC81D-7DFB-2778-80FA-524047EAAE9E} - C:\WINDOWS\system32\qojm.dll (file missing)
O2 - BHO: (no name) - {80A3CBDB-246B-7AB3-4A26-5FF07DCE6B97} - C:\WINDOWS\System32\ywp.dll (file missing)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1772e40946375fa...p/RdxIE601.cab
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
Search for...
98D0CE0C16B1
D0CE0C16B1
...using "Start | Search...".
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear use arrow up to highlight
Select the first option, to run Windows in Safe Mode hit enter.-
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
Download CCleaner and install, then run it.
===============
Please download and install ewido anti-spyware tool
- Close all other Applications Select language click Ok
- Click I Agree
- Click next
- Click Install
- Click Finish
- Wait and Ewido will open to the main screen automatically.
- Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
- This is very important to get updates
- When updating has finished. Close Ewido.
If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.- Next, please reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear use arrow up to highlight
- Select the first option, to run Windows in Safe Mode hit enter.
- For additional help in booting into Safe Mode, see the following site: HERE
Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!You MUST manage to get into Safe Mode for the fix to work.
- Open Ewido
- Click on scanner top of Ewido sceen
- Click on Settings
- Under How to Act click on Recommended Action choose Quarantine
- Under How to scan all boxes should be selected
- Under Possibly unwanted software all boxes should be selected
- On right side under Reports: click on Automatically generate report after every scan.
- Under What to scan select scan every file
- Click On scan Tab
- Click on Complete system scan
- Let the program scan the machine It can take awhile give it time.
- When scan has finished At bottom of screen click Apply all Actions
- Click Save report
- Click Save Report as (Save as window's screen should pop up.)
- Click desktop
- Click Save
- Exit ewido
Reboot back to normal mode after doing the above, rescan with hijackthis, then post that log here please.==============
HJT
Logfile of HijackThis v1.99.1
Scan saved at 10:57:44 AM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sherdog.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {1D9DC81D-7DFB-2778-80FA-524047EAAE9E} - C:\WINDOWS\system32\qojm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [1X.exe] C:\documents and settings\sophie\local settings\temp\1X.exe
O4 - HKLM\..\Run: [wp2xym.exe] C:\documents and settings\sophie\local settings\temp\wp2xym.exe
O4 - HKLM\..\Run: [OebKo25o8.exe] C:\documents and settings\sophie\local settings\temp\OebKo25o8.exe
O4 - HKLM\..\Run: [1X] C:\documents and settings\sophie\local settings\temp\1X.exe
O4 - HKLM\..\Run: [wp2xym] C:\documents and settings\sophie\local settings\temp\wp2xym.exe
O4 - HKLM\..\Run: [OebKo25o8] C:\documents and settings\sophie\local settings\temp\OebKo25o8.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104625714295
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I dont know if you need this, but this is the Ewido log
ewido anti-spyware - Scan Report
+ Created at: 10:52:22 AM 8/9/2006
+ Scan result:
C:\Program Files\Microsoft AntiSpyware\Quarantine\BFE31C0A-03C7-4A75-B9A1-BFC96C\4B94A85A-4B7A-4353-B8C9-75A398 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BFE31C0A-03C7-4A75-B9A1-BFC96C\8D881BC7-E5A7-41D8-936F-F58F6D -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3167267F-5EE1-4800-B943-767E47\E05C04E9-0F4A-4E01-800E-000367 -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\TopText\CHCON.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rυndll32.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B436A92A-4F6A-4CE4-8A64-30E9E4\244CD0EE-7F52-4AEC-BF5B-A19D42 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B436A92A-4F6A-4CE4-8A64-30E9E4\6A269875-88B1-4001-A5C3-205FA5 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B436A92A-4F6A-4CE4-8A64-30E9E4\C7A6A1CF-D673-4F1D-BA2F-CCAEAE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\rdso\eetu.exe -> Downloader.PurityScan.at : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\libby.MOMSLAPTOP\Cookies\libby@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
::Report end
Also do you know anything about the Norton question i asked????Can i use my PC subscriptio or do i have to buy a new one?????
Did you run Ccleaner?
Can you please do the following.
===============
Scan with HiJackThis, then check(tick) the following, if present:
O2 - BHO: (no name) - {1D9DC81D-7DFB-2778-80FA-524047EAAE9E} - C:\WINDOWS\system32\qojm.dll (file missing)
O4 - HKLM\..\Run: [1X.exe] C:\documents and settings\sophie\local settings\temp\1X.exe
O4 - HKLM\..\Run: [wp2xym.exe] C:\documents and settings\sophie\local settings\temp\wp2xym.exe
O4 - HKLM\..\Run: [OebKo25o8.exe] C:\documents and settings\sophie\local settings\temp\OebKo25o8.exe
O4 - HKLM\..\Run: [1X] C:\documents and settings\sophie\local settings\temp\1X.exe
O4 - HKLM\..\Run: [wp2xym] C:\documents and settings\sophie\local settings\temp\wp2xym.exe
O4 - HKLM\..\Run: [OebKo25o8] C:\documents and settings\sophie\local settings\temp\OebKo25o8.exe
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\documents and settings\sophie\local settings\temp\1X.exe
C:\documents and settings\sophie\local settings\temp\wp2xym.exe
C:\documents and settings\sophie\local settings\temp\OebKo25o8.exe
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear use arrow up to highlight
Select the first option, to run Windows in Safe Mode hit enter.-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Logfile of HijackThis v1.99.1
Scan saved at 9:46:47 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sherdog.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104625714295
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I'm not seeing anything bad there now. Have you defragmented your hard drive lately? If not, then you should give that a go.