format? or can i be helped? (HJT log file)

[iMeR]

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 4:24:27 PM, on 5/5/2005

 

 

 

Platform: Windows XP SP1 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss.e3e (CAUTION - executable file)

 

 

 

C:\WINDOWS\system32\winlogon.e3e (CAUTION - executable file)

 

 

 

C:\WINDOWS\system32\services.e3e (CAUTION - executable file)

 

 

 

C:\WINDOWS\system32\lsass.e3e (CAUTION - executable file)

 

 

 

C:\WINDOWS\system32\svchost.e3e (CAUTION - executable file)

 

 

 

C:\WINDOWS\System32\svchost.e3e (CAUTION - executable file)

 

 

 

C:\WINDOWS\system32\spoolsv.e3e (CAUTION - executable file)

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.e3e (CAUTION - executable file)

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.e3e (CAUTION - executable file)

 

 

 

C:\WINDOWS\System32\svchost.e3e (CAUTION - executable file)

 

 

 

C:\WINDOWS\Explorer.e3e (CAUTION - executable file)

 

 

 

C:\WINDOWS\System32\igfxtray.e3e (CAUTION - executable file)

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.e3e (CAUTION - executable file)

 

 

 

C:\WINDOWS\System32\wuauclt.e3e (CAUTION - executable file)

 

 

 

C:\Program Files\Mozilla Firefox\firefox.e3e (CAUTION - executable file)

 

 

 

C:\Program Files\MSN Messenger\msnmsgr.e3e (CAUTION - executable file)

 

 

 

C:\Program Files\WinRAR\WinRAR.e3e (CAUTION - executable file)

 

 

 

C:\DOCUME~1\Ben\LOCALS~1\Temp\Rar$EX00.367\HijackThis.e3e (CAUTION - executable file)

 

 

 

C:\Documents and Settings\Ben\Desktop\runescape-1.e3e (CAUTION - executable file)

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hkcu

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.3.56.10:8080

 

 

 

R3 - Default URLSearchHook is missing

 

 

 

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.e3e (CAUTION - executable file),

 

 

 

O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll

 

 

 

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (file missing)

 

 

 

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

 

 

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

 

 

 

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL__SpybotSDDisabled (file missing)

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll

 

 

 

O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC43337F} - C:\WINDOWS\system32\quknvdbc.dll__SpybotSDDisabled (file missing)

 

 

 

O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC87872F} - C:\WINDOWS\system32\msudp32.dll__SpybotSDDisabled (file missing)

 

 

 

O2 - BHO: jimmyhelp.CBrowserHelper - {2B04D05B-50D4-488C-B5CD-337007511109} - C:\WINDOWS\nmzfjrfx.dll

 

 

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

 

 

O2 - BHO: (no name) - {7315355C-2D13-A2B3-942C-AC4FA57B27BA} - C:\WINDOWS\Eohwqphx.dll

 

 

 

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

 

 

 

O2 - BHO: Body open - {CB4FDB5C-EBBD-D0C1-E121-7AD290312F47} - C:\PROGRA~1\SIGNMO~1\1grim.dll__SpybotSDDisabled (file missing)

 

 

 

O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf.dll

 

 

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.e3e (CAUTION - executable file)

 

 

 

O4 - HKLM\..\Run: [DeadAIM] rundll32.e3e (CAUTION - executable file) "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs

 

 

 

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.e3e (CAUTION - executable file)"

 

 

 

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.e3e (CAUTION - executable file) /STARTUP

 

 

 

O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.e3e (CAUTION - executable file)

 

 

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

 

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

 

 

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

 

 

 

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.e3e (CAUTION - executable file)/3000

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.e3e (CAUTION - executable file)

 

 

 

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

 

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

 

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.e3e (CAUTION - executable file)

 

 

 

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.e3e (CAUTION - executable file)

 

 

 

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.e3e (CAUTION - executable file)

 

 

 

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.e3e (CAUTION - executable file)

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.e3e (CAUTION - executable file)

 

 

 

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.e3e (CAUTION - executable file)

 

 

 

O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll

 

 

 

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

 

 

 

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

 

 

 

O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB

 

 

 

O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/toolbar/webinstall.cab

 

 

 

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2 ... sSetup.e3e (CAUTION - executable file)

 

 

 

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab

 

 

 

O16 - DPF: {A3499961-A717-4C45-B08D-3D3B8B068AB5} (ADSLPlugin Class) - http://195.219.113.67/629/ADSLPlugin.cab

 

 

 

O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} - http://www.No Click-War Links Allowed.com/includes/Download_UL.cab

 

 

 

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

 

 

 

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

 

 

 

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

 

 

 

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab

 

 

 

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_7.cab

 

 

 

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.230.146.33/EPlugin.cab

 

 

 

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... owdown.cab

 

 

 

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

 

 

 

O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.e3e (CAUTION - executable file)" --ntservice (file missing)

 

 

 

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.e3e (CAUTION - executable file)

 

 

 

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.e3e (CAUTION - executable file)

 

 

 

 

 

 

 

 

 

 

 

some people tell me just to reformat...but i dont have much time to do so....so i need more opinions

 

 

 

 

 

 

 

i dont use IE anyone...so i dont worry about all the toolbars for it

 

 

 

 

 

 

 

and i know i really need to get SP2...but im having problems installing it at this moment...im going to have one of my tech friends come over and have a look

 

 

 

 

 

 

 

if anything big...please PM me about it...instead of posting it

 

 

 

 

 

 

 

thanks in advanced

[Vape]

Download Ad-Aware SE and Spybot S&D (google for them.) Run them and ensure they are up to date. Then resart your computer and repeatedly press f8 during startup. Select "safe mode" from the list and your computer will only start the required windows processes. Then run Ad-Aware and Spybot scans. Then restart your computer and do the f8 thing again, then select safe mode with networking, go to http://www.windowsupdate.com and download all the avaliable updates.

 

 

 

 

 

 

 

Then post a new hijackthis log.

 

 

 

 

 

 

 

Btw formatting won't really help, you need to PROTECT your pc, otherwise it'll just fill up with junk again.

[iMeR]

Download Ad-Aware SE and Spybot S&D (google for them.) Run them and ensure they are up to date. Then resart your computer and repeatedly press f8 during startup. Select "safe mode" from the list and your computer will only start the required windows processes. Then run Ad-Aware and Spybot scans. Then restart your computer and do the f8 thing again, then select safe mode with networking, go to http://www.windowsupdate.com and download all the avaliable updates.

 

 

 

 

 

 

 

Then post a new hijackthis log.

 

 

 

 

 

 

 

Btw formatting won't really help, you need to PROTECT your pc, otherwise it'll just fill up with junk again.

 

 

 

 

 

 

 

thanks alot for the help...i do have spybot S&D fully updated...but when i run it...it says alot of things cant be fixed cause they are being used...so i let it run when i reboot...and it still does the same thing...hopefully doing it in safe mode will fix that problem

 

 

 

 

 

 

 

also i cant even use my IE...everytime it opens it just freezes and i get mass pop ups...except when i use it to go to windowsupdate.com...im thinking it has to do with my homepage being changed from spyware...which brings me to another problem...i dont have all the tabs in my IE options(ill post a screenie) so i cant change my homepage that way

 

 

 

 

 

 

 

i used to always use housecall to scan my comp but now that i cant use IE...it wont let me scan (i heard mozilla can use the netscape patch they had but i dont know where to extact the files)

 

 

 

 

 

 

 

ill go ahead and do what you said in safe mode...and see the results

 

 

 

 

 

 

 

thanks again :)

 

 

 

 

 

 

 

heres the screenie of my internet options menu...

 

 

 

 

 

 

 

http://img229.echo.cx/my.php?image=pic0oe.png

[zonda]

Startup in safemode to delete things that are in use.... to do this restart your computer and repeatedly hit F8 untill you come to a screen asking which method you would like to use to start up. Use the up and down arrows to seoect "safe mode" and then hit enter. When it asks you which accout you would like to use, choose the administrator

 

 

 

 

 

 

 

Now rescan with adaware and spybot to get rid of all those nasties

[iMeR]

i scanned with a few programs....here are the new results

 

 

 

 

 

 

 

hope its better :\

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 8:28:21 PM, on 5/8/2005

 

 

 

Platform: Windows XP SP1 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

 

 

 

C:\Program Files\Messenger Plus! 2\MsgPlus[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\Program Files\WinRAR\WinRAR[Caution: ExecutableFile]

 

 

 

C:\DOCUME~1\Ben\LOCALS~1\Temp\Rar$EX00.761\HijackThis[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\notepad[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.3.56.10:8080

 

 

 

R3 - Default URLSearchHook is missing

 

 

 

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit[Caution: ExecutableFile]

 

 

 

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (file missing)

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC43337F} - C:\WINDOWS\system32\quknvdbc.dll__SpybotSDDisabled (file missing)

 

 

 

O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC87872F} - C:\WINDOWS\system32\msudp32.dll__SpybotSDDisabled (file missing)

 

 

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

 

 

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

 

 

 

O2 - BHO: Body open - {CB4FDB5C-EBBD-D0C1-E121-7AD290312F47} - C:\PROGRA~1\SIGNMO~1\1grim.dll__SpybotSDDisabled (file missing)

 

 

 

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (file missing)

 

 

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [DeadAIM] rundll32[Caution: ExecutableFile] "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs

 

 

 

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

 

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

 

 

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

 

 

 

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

 

 

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim[Caution: ExecutableFile]

 

 

 

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll

 

 

 

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

 

 

 

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

 

 

 

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]

 

 

 

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

[Vape]

Rightio then Ben, first of all we've got to put hijackthis in its own directory so it'll create backups incase we mess something up:P Move the exe file to C:\Program Files\Hijackthis or similar.

 

 

 

 

 

 

 

Now, what happens when you try to go to windowsupdate.com? :-?

 

 

 

 

 

 

 

Okay it looks like you're using Flashget, which from a little googling appears to be a download manager, but it also contains spyware! I suggest uninstalling it via add/remove programs and finding yourself a new download manager. If you really do insist on using Flashget, it may be possible to delete the spyware without affecting it, but you should be aware that this is probably against flashget's terms of use... anyway... once you've moved hijackthis to it's new location run it and fix the following entries:

 

 

 

 

 

 

 

R3 - Default URLSearchHook is missing

 

 

 

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (file missing)

 

 

 

O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC43337F} - C:\WINDOWS\system32\quknvdbc.dll__SpybotSDDisabled (file missing)

 

 

 

O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC87872F} - C:\WINDOWS\system32\msudp32.dll__SpybotSDDisabled (file missing)

 

 

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

 

 

 

O2 - BHO: Body open - {CB4FDB5C-EBBD-D0C1-E121-7AD290312F47} - C:\PROGRA~1\SIGNMO~1\1grim.dll__SpybotSDDisabled (file missing)

 

 

 

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (file missing)

 

 

 

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

 

 

 

 

 

 

 

Then restart your pc and post a new log.

[zonda]

If you want another download manager, search download.com for "aligators"

 

 

 

 

 

 

 

It works for me and is great. You can pause and restart downloads and well... manage your downloads. Might wanna give it a try :wink: