kRaZyPsYkO

Members
  • Content Count

    16
  • Joined

  • Last visited

About kRaZyPsYkO

  • Rank
    Member
  1. Logfile of HijackThis v1.99.1 Scan saved at 12:44:26 PM, on 2/26/2005 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\hkcmd.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\loadqm.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe C:\WINNT\System32\internat.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Internet Explorer\iexplore.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Capital Canada R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe It stopped screwing with my default page, so Im ok now. But, my CD drive still wont read CDs and I know it isnt the CD drive itself.
  2. Good God... I have MORE spyware and now they're f***ing with my computer even worse. My default page has been changed, and SpySweeper is going insane with alerts to change it back. I can't stand this. I may just have to call an expert in here to fix this. It's getting worse each day. Oh, and I can't get those sites to open, ActiveX isn't working. This is ridiculous.
  3. Tons. I can't install a lot of things, like, the install option will show up, I'll choose it, and nothing will happen. The box just won't come up. It's getting REALLY annoying, and I just want this crap off my computer. Is there anyway to just go into the system32 file, and delete these? Or...would that just mess me up even more? I hate this
  4. I already had it, so I scanned again. Deleted one problem called DS Exploit, which goes through IE. Here's the HJT log: Logfile of HijackThis v1.99.0 Scan saved at 3:15:00 PM, on 2/6/2005 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\hkcmd.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\loadqm.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe C:\WINNT\System32\internat.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Capital Canada R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
  5. Nope, it just closes the install wizard, after it goes through all the steps of where to put it and such. It sucks.
  6. I can't install it, the virus must be interfering or something.
  7. BTW, I went back to that Kaspersky Lab site, and decided to enter the infected files I stated in my first post: C:\WINNT\System32\mac80ex.idf And it brought up this: mac80ex.idf/C:/WINNT/System32/vx1.nls - OK mac80ex.idf/C:/WINNT/System32/vx1x.nls - OK mac80ex.idfC:/WINNT/System32/msbe.dll - infected by not-a-virus:AdWare.BargainBuddy.l mac80ex.idfC:/Program Files/BullsEye Network/Uninstall.exe/stream/data0001 - OK mac80ex.idfC:/Program Files/BullsEye Network/Uninstall.exe/stream/data0002 - OK mac80ex.idfC:/Program Files/BullsEye Network/Uninstall.exe/stream/data0003 - OK mac80ex.idfC:/Program Files/BullsEye Network/Uninstall.exe/stream/data0004 - OK mac80ex.idfC:/Program Files/BullsEye Network/Uninstall.exe/stream/data0005 - OK mac80ex.idfC:/Program Files/BullsEye Network/Uninstall.exe/stream/data0006 - OK mac80ex.idfC:/Program Files/BullsEye Network/Uninstall.exe/stream/data0007 - OK mac80ex.idfC:/Program Files/BullsEye Network/Uninstall.exe/stream - OK mac80ex.idf/C:/Program Files/BullsEye Network/Uninstall.exe - OK ~s/BullsEye Network/bin/bargains.exe - infected by not-a-virus:AdWare.BargainBuddy.n ~ Files/BullsEye Network/bin/adv.exe - infected by not-a-virus:AdWare.BargainBuddy.n ~ Files/BullsEye Network/bin/adx.exe - infected by not-a-virus:AdWare.BargainBuddy.n And for the second one: C:\WINNT\System32\netut80ex.vxd It brought up this: netut80ex.vxd/C:/WINNT/System32/vx0.nls - OK netut80ex.vxdC:/WINNT/System32/exdl.exe - infected by not-a-virus:AdWare.BargainBuddy.n netut80ex.vxdC:/WINNT/System32/mqexdlm.srg - infected by not-a-virus:AdWare.BargainBuddy.n netut80ex.vxdC:/WINNT/System32/exul.exe - infected by not-a-virus:AdWare.BargainBuddy.q netut80ex.vxdC:/WINNT/System32/javexulm.vxd - infected by not-a-virus:AdWare.BargainBuddy.q netut80ex.vxd/C:/WINNT/System32/bbchk.exe - OK netut80ex.vxd/C:/WINNT/System32/msexreg.exe - OK ~/WINNT/System32/instsrv.exe - infected by not-a-virus:RiskWare.Tool.ServiceRunner.f netut80ex.vxd/C:/WINNT/System32/exclean.exe/stream - OK netut80ex.vxd/C:/WINNT/System32/exclean.exe - OK netut80ex.vxd/C:/WINNT/System32/basexinfo.txt - OK The mac80ex one seems like I can uninstall it if you look at what was scanned. I'm not going to do it until recommended by one of you 'professionals' ;D. So, please do let me know what I should do about these ones, and maybe what I did was smart Let me know
  8. Ok, that website said I was clean, so I guess that file is fine. Here's the log before I deleted those things: Logfile of HijackThis v1.99.0 Scan saved at 10:42:04 PM, on 1/23/2005 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\hkcmd.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\loadqm.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe C:\WINNT\System32\internat.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Capital Canada R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 3.120.88.*;3.120.92.*;3.120.96.*;3.120.196.*;3.120.252.*;3.58.248.*;*.capital.ge .com;localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe (file missing) --------------------------------------------------------------------------------------------------------- And after: Logfile of HijackThis v1.99.0 Scan saved at 10:59:18 PM, on 1/23/2005 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\hkcmd.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\loadqm.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe C:\WINNT\System32\internat.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Capital Canada R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe -------------------------------------------------------------------------------------------------------------- Hope that did something Thanks again
  9. O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present I bought my computer from General Electric, my aunt's company, so they probably had restrictions on Internet Explorer so that the employees wouldn't fool around when they should be working or so the employees could cover their tracks when they were fooling around. Anyways, I'm in the process of doing what you said. Thanks a lot for the help.
  10. The instructions are fine, whatever you need to figure it out Im willing to do. Here's the new HiJackThis log. ------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.0 Scan saved at 8:21:49 AM, on 1/21/2005 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\hkcmd.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\loadqm.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe C:\WINNT\System32\internat.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINNT\System32\MsiExec.exe D:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Capital Canada R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 3.120.88.*;3.120.92.*;3.120.96.*;3.120.196.*;3.120.252.*;3.58.248.*;*.capital.ge .com;localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe (file missing) ------------------------------------------------------------------------------------------------------ Anyways, Hope that's enough.
  11. Scanned again, Here's the newer log file. ------------------------------------------------------------------------------------------------ Ad-Aware SE Build 1.05 Logfile Created on:Thursday, January 20, 2005 11:06:27 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R25 11.01.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):23 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 1-20-2005 11:06:27 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\office\9.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-1497578746-523591631-1555591014-500\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : D:\Documents and Settings\Administrator\recent Description : list of recently opened documents MRU List Object Recognized! Location: : D:\Documents and Settings\Administrator\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 160 ThreadCreationTime : 1-20-2005 7:03:22 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINNT\system32\ ProcessID : 184 ThreadCreationTime : 1-20-2005 7:03:31 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINNT\SYSTEM32\ ProcessID : 204 ThreadCreationTime : 1-20-2005 7:03:33 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINNT\system32\ ProcessID : 232 ThreadCreationTime : 1-20-2005 7:03:34 PM BasePriority : Normal FileVersion : 5.00.2195.2780 ProductVersion : 5.00.2195.2780 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINNT\system32\ ProcessID : 244 ThreadCreationTime : 1-20-2005 7:03:34 PM BasePriority : Normal FileVersion : 5.00.2195.2964 ProductVersion : 5.00.2195.2964 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : LSA Executable and Server DLL (Export Version) InternalName : lsasrv.dll and lsass.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : lsasrv.dll and lsass.exe #:6 [svchost.exe] FilePath : C:\WINNT\system32\ ProcessID : 408 ThreadCreationTime : 1-20-2005 7:03:38 PM BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : svchost.exe #:7 [spoolsv.exe] FilePath : C:\WINNT\system32\ ProcessID : 456 ThreadCreationTime : 1-20-2005 7:03:40 PM BasePriority : Normal FileVersion : 5.00.2161.1 ProductVersion : 5.00.2161.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolss.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : spoolss.exe #:8 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 492 ThreadCreationTime : 1-20-2005 7:03:43 PM BasePriority : Normal FileVersion : 7,1,0,299 ProductVersion : 7.1.0.299 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:9 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 524 ThreadCreationTime : 1-20-2005 7:03:45 PM BasePriority : Normal FileVersion : 7,1,0,285 ProductVersion : 7.1.0.285 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:10 [svchost.exe] FilePath : C:\WINNT\System32\ ProcessID : 544 ThreadCreationTime : 1-20-2005 7:03:45 PM BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : svchost.exe #:11 [ewidoctrl.exe] FilePath : C:\Program Files\ewido\security suite\ ProcessID : 560 ThreadCreationTime : 1-20-2005 7:03:45 PM BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:12 [regsvc.exe] FilePath : C:\WINNT\system32\ ProcessID : 620 ThreadCreationTime : 1-20-2005 7:03:47 PM BasePriority : Normal FileVersion : 5.00.2195.2104 ProductVersion : 5.00.2195.2104 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Remote Registry Service InternalName : regsvc LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : REGSVC.EXE #:13 [mstask.exe] FilePath : C:\WINNT\system32\ ProcessID : 636 ThreadCreationTime : 1-20-2005 7:03:48 PM BasePriority : Normal FileVersion : 4.71.2195.1 ProductVersion : 4.71.2195.1 ProductName : Microsoft® Windows® Task Scheduler CompanyName : Microsoft Corporation FileDescription : Task Scheduler Engine InternalName : TaskScheduler LegalCopyright : Copyright © Microsoft Corp. 1997 OriginalFilename : mstask.exe #:14 [vsmon.exe] FilePath : C:\WINNT\system32\ZoneLabs\ ProcessID : 704 ThreadCreationTime : 1-20-2005 7:03:49 PM BasePriority : Normal FileVersion : 5.5.062.004 ProductVersion : 5.5.062.004 ProductName : TrueVector Service CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : vsmon.exe #:15 [winmgmt.exe] FilePath : C:\WINNT\System32\WBEM\ ProcessID : 828 ThreadCreationTime : 1-20-2005 7:04:03 PM BasePriority : Normal FileVersion : 1.50.1085.0029 ProductVersion : 1.50.1085.0029 ProductName : Windows Management Instrumentation CompanyName : Microsoft Corporation FileDescription : Windows Management Instrumentation InternalName : WINMGMT LegalCopyright : Copyright © Microsoft Corp. 1995-1999 #:16 [mspmspsv.exe] FilePath : C:\WINNT\System32\ ProcessID : 848 ThreadCreationTime : 1-20-2005 7:04:05 PM BasePriority : Normal FileVersion : 7.01.00.3055 ProductVersion : 7.01.00.3055 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:17 [explorer.exe] FilePath : C:\WINNT\ ProcessID : 960 ThreadCreationTime : 1-20-2005 7:04:14 PM BasePriority : Normal FileVersion : 5.00.3315.2846 ProductVersion : 5.00.3315.2846 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : EXPLORER.EXE #:18 [hkcmd.exe] FilePath : C:\WINNT\System32\ ProcessID : 1068 ThreadCreationTime : 1-20-2005 7:04:29 PM BasePriority : Normal FileVersion : 3,0,0,1517 ProductVersion : 7,0,0,1517 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2001, Intel Corporation OriginalFilename : HKCMD.EXE #:19 [zlclient.exe] FilePath : C:\Program Files\Zone Labs\ZoneAlarm\ ProcessID : 1084 ThreadCreationTime : 1-20-2005 7:04:29 PM BasePriority : Normal FileVersion : 5.5.062.004 ProductVersion : 5.5.062.004 ProductName : Zone Labs Client CompanyName : Zone Labs Inc. FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : zlclient.exe #:20 [loadqm.exe] FilePath : C:\WINNT\ ProcessID : 1096 ThreadCreationTime : 1-20-2005 7:04:29 PM BasePriority : Normal FileVersion : 5.4.1103.3 ProductVersion : 5.4.1103.3 ProductName : QMgr Loader CompanyName : Microsoft Corporation FileDescription : Microsoft QMgr InternalName : LOADQM.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : LOADQM.EXE #:21 [winampa.exe] FilePath : C:\Program Files\Winamp\ ProcessID : 1108 ThreadCreationTime : 1-20-2005 7:04:30 PM BasePriority : Normal #:22 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1120 ThreadCreationTime : 1-20-2005 7:04:30 PM BasePriority : Normal FileVersion : 7,1,0,298 ProductVersion : 7.1.0.298 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:23 [msnappau.exe] FilePath : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\ ProcessID : 316 ThreadCreationTime : 1-20-2005 7:04:31 PM BasePriority : Normal #:24 [internat.exe] FilePath : C:\WINNT\System32\ ProcessID : 1128 ThreadCreationTime : 1-20-2005 7:04:31 PM BasePriority : Normal FileVersion : 5.00.2920.0000 ProductVersion : 5.00.2920.0000 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Keyboard Language Indicator Applet InternalName : INTERNAT LegalCopyright : Copyright © Microsoft Corp. 1994-1999 OriginalFilename : INTERNAT.EXE #:25 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 1136 ThreadCreationTime : 1-20-2005 7:04:32 PM BasePriority : Normal FileVersion : 6.2.0137 ProductVersion : Version 6.2 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:26 [em_exec.exe] FilePath : C:\Program Files\Logitech\MouseWare\system\ ProcessID : 1148 ThreadCreationTime : 1-20-2005 7:04:33 PM BasePriority : Normal FileVersion : 9.80.019 ProductVersion : 9.80.019 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Logitech Events Handler Application InternalName : Em_Exec LegalCopyright : © 1987-2004 Logitech. All rights reserved. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : Em_Exec.exe Comments : Created by the MouseWare team #:27 [backweb-8876480.exe] FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ ProcessID : 1184 ThreadCreationTime : 1-20-2005 7:04:35 PM BasePriority : Normal #:28 [spysweeper.exe] FilePath : C:\Program Files\Webroot\Spy Sweeper\ ProcessID : 1216 ThreadCreationTime : 1-20-2005 7:04:36 PM BasePriority : Normal FileVersion : 3.0.0.129 ProductVersion : 3.0i ProductName : Spy Sweeper CompanyName : Webroot Software, Inc. FileDescription : Spy Sweeper LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc. LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc. #:29 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1468 ThreadCreationTime : 1-21-2005 4:05:50 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 23 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 23 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 23 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 23 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 23 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 23 Scanning Hosts file...... Hosts file location:"C:\WINNT\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 710 entries scanned. New critical objects:0 Objects found so far: 23 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 23 11:08:13 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:01:46.142 Objects scanned:58040 Objects identified:0 Objects ignored:0 New critical objects:0 ------------------------------------------------------------------------------------------------ There you go :\ Thanks
  12. Ok, Got it. Here's the log: Logfile of HijackThis v1.99.0 Scan saved at 9:53:13 PM, on 1/20/2005 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\hkcmd.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\loadqm.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe C:\WINNT\System32\internat.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Capital Canada R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 3.120.88.*;3.120.92.*;3.120.96.*;3.120.196.*;3.120.252.*;3.58.248.*;*.capital.ge .com;localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe (file missing) Hope you can do it again :\
  13. Thanks a lot. I'm really glad you're helping me. Thanks again!
  14. I got HijackThis, and I have a log in the HijackThis Log Board, so check it out, and let me know what's up. I really appreciate it.
  15. POST HAS BEEN MERGED Logfile of HijackThis v1.99.0 Scan saved at 10:24:29 PM, on 1/19/2005 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\hkcmd.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\loadqm.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe C:\WINNT\System32\internat.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Ares\Ares.exe D:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Capital Canada R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 3.120.88.*;3.120.92.*;3.120.96.*;3.120.196.*;3.120.252.*;3.58.248.*;*.capital.ge .com;localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYS O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe (file missing) Hope you can help me! Thanks