Skip to content
View in the app

A better way to browse. Learn more.
Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

aurora and other spyware problem XP home hijackthis included

magictv
in Tech and Computers

Featured Replies

i have win xp home

 

 

 

i have zone alarm security suite

 

 

 

i also have loads of spyware which i suddenly got yesterday while i just left my computer on for 30 mins to play xbox live. :twisted: :twisted: :twisted: :twisted: :twisted:

 

 

 

 

 

 

 

i have tried the latest version of ad-aware it removed something but doesnt seem to have done anything...

 

 

 

 

 

 

 

here is a hijackthis log

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 09:55:41, on 10/08/2005

 

 

 

Platform: Windows XP (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\ZoneLabs\isafe[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\jre1.5.0_01\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\mappc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\telcom[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\g9ue1gr3[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\ctfmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem[Caution: ExecutableFile]

 

 

 

C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile]

 

 

 

C:\Program Files\BT Yahoo\BT Yahoo Help\bin\mpbtn[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\hgloehn[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Tom\Desktop\hijackthis\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband

 

 

 

R3 - Default URLSearchHook is missing

 

 

 

F2 - REG:system.ini: Shell=Explorer[Caution: ExecutableFile] C:\WINDOWS\Nail[Caution: ExecutableFile]

 

 

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

 

 

 

O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: ExecutableFile]" /icon

 

 

 

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb[Caution: ExecutableFile] /AllUsers

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [g9ue1gr3] C:\WINDOWS\System32\g9ue1gr3[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [oljiiv] C:\WINDOWS\System32\hgloehn[Caution: ExecutableFile] r

 

 

 

O4 - HKLM\..\RunServices: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager[Caution: ExecutableFile] -quiet

 

 

 

O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\System32\ctfmon[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo\BT Yahoo Help\bin\matcli[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

 

 

 

O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll

 

 

 

O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll

 

 

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Homepage - {70EBE42D-070E-4D0B-9F5E-FF75F48CDB9C} - http://bt.yahoo.com (file missing) (HKCU)

 

 

 

O9 - Extra button: BT - {DD74C8BD-9AC1-49C4-BCC8-F5FF98789D12} - http://www.bt.com (file missing) (HKCU)

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409

 

 

 

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

 

 

 

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/min ... Loader.dll

 

 

 

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

 

 

 

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - ]http://appldnld.m7z.net/content.info.ap ... sSetup[Caution: ExecutableFile]

 

 

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29976192984 ... xIE601.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7445187124

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C23615E-8A40-4910-AFC5-54990356D975}: NameServer = 194.72.9.44 194.74.65.86

 

 

 

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv[Caution: ExecutableFile]

 

 

 

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1[Caution: ExecutableFile]

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

thankyou in advance

oversized.jpg[/bads]

Well you have an infection because you have neglected to keep your windows up to date.

 

 

 

 

 

 

 

The current version of Internet Explorer is 6.00.2800.1106 on Windows XP Service Pack 2. You are running XP Standard on IE 6.00.2600.0000

 

 

 

Its likely that maybe your computer is being exploited to send spam

 

 

 

 

 

 

 

Press Ctrl + Alt + Delete and end the following process.

 

 

 

C:\WINDOWS\System32\g9ue1gr3[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\hgloehn[Caution: ExecutableFile]

 

 

 

 

 

 

 

Then tick the box next to the following items and "fix"

 

 

 

R3 - Default URLSearchHook is missing

 

 

 

F2 - REG:system.ini: Shell=Explorer[Caution: ExecutableFile] C:\WINDOWS\Nail[Caution: ExecutableFile]

 

 

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

 

 

 

O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [g9ue1gr3] C:\WINDOWS\System32\g9ue1gr3[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [oljiiv] C:\WINDOWS\System32\hgloehn[Caution: ExecutableFile] r

 

 

 

O9 - Extra button: Homepage - {70EBE42D-070E-4D0B-9F5E-FF75F48CDB9C} - http://bt.yahoo.com (file missing) (HKCU)

 

 

 

O9 - Extra button: BT - {DD74C8BD-9AC1-49C4-BCC8-F5FF98789D12} - http://www.bt.com (file missing) (HKCU)

 

 

 

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc[Caution: ExecutableFile]

 

 

 

 

 

 

 

Fix those, restart and post a fresh log.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

  • Author

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 10:22:13, on 10/08/2005

 

 

 

Platform: Windows XP (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\ZoneLabs\isafe[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\jre1.5.0_01\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\mappc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\telcom[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\ctfmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem[Caution: ExecutableFile]

 

 

 

C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile]

 

 

 

C:\Program Files\BT Yahoo\BT Yahoo Help\bin\mpbtn[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\kmllspu[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Tom\Desktop\hijackthis\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband

 

 

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: ExecutableFile]" /icon

 

 

 

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb[Caution: ExecutableFile] /AllUsers

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [bacnmcv] C:\WINDOWS\System32\kmllspu[Caution: ExecutableFile] r

 

 

 

O4 - HKLM\..\RunServices: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager[Caution: ExecutableFile] -quiet

 

 

 

O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\System32\ctfmon[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo\BT Yahoo Help\bin\matcli[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

 

 

 

O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll

 

 

 

O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll

 

 

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409

 

 

 

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

 

 

 

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/min ... Loader.dll

 

 

 

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

 

 

 

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - ]http://appldnld.m7z.net/content.info.ap ... sSetup[Caution: ExecutableFile]

 

 

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29976192984 ... xIE601.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7445187124

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C23615E-8A40-4910-AFC5-54990356D975}: NameServer = 194.72.9.44 194.74.65.86

 

 

 

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv[Caution: ExecutableFile]

 

 

 

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1[Caution: ExecutableFile]

 

 

 

 

 

 

 

^^there's the new log

 

 

 

 

 

 

 

ill go and update my windows now, also whats that "telcom" entry thats started popping up in my ZASS connecting to internet type thingy box since the spyware started?

 

 

 

 

 

 

 

thanks.

oversized.jpg[/bads]

You havnt removed everyhting I asked you to. Can you do that please before posting a new log.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

  • Author

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 11:15:55, on 10/08/2005

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\ZoneLabs\isafe[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lqpuuz[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\msiexec[Caution: ExecutableFile]

 

 

 

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\jre1.5.0_01\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\mappc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\telcom[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\ctfmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem[Caution: ExecutableFile]

 

 

 

C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile]

 

 

 

C:\Program Files\BT Yahoo\BT Yahoo Help\bin\mpbtn[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Tom\Desktop\hijackthis\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband

 

 

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll

 

 

 

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: ExecutableFile]" /icon

 

 

 

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb[Caution: ExecutableFile] /AllUsers

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [xkyake] C:\WINDOWS\system32\lqpuuz[Caution: ExecutableFile] r

 

 

 

O4 - HKLM\..\RunServices: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager[Caution: ExecutableFile] -quiet

 

 

 

O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo\BT Yahoo Help\bin\matcli[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

 

 

 

O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll

 

 

 

O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll

 

 

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409

 

 

 

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

 

 

 

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/min ... Loader.dll

 

 

 

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

 

 

 

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - ]http://appldnld.m7z.net/content.info.ap ... sSetup[Caution: ExecutableFile]

 

 

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29976192984 ... xIE601.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7445187124

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C23615E-8A40-4910-AFC5-54990356D975}: NameServer = 194.72.9.44 194.74.65.86

 

 

 

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv[Caution: ExecutableFile]

 

 

 

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1[Caution: ExecutableFile]

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

theres the new log the one highlighted in red wont go away and now ive downloaded and installed sp2 from windowsupdate.com

oversized.jpg[/bads]
  • Author

hmmm do you have any idea why it wont let me remove that svc thing?

oversized.jpg[/bads]

Try this

 

 

 

 

 

 

 

http://www.mypctuneup.com/evaluate.php

 

 

 

 

 

 

 

dont download and run anything else from that site except the removal tool.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

  • Author
Try this

 

 

 

 

 

 

 

http://www.mypctuneup.com/evaluate.php

 

 

 

 

 

 

 

dont download and run anything else from that site except the removal tool.

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 17:17:11, on 10/08/2005

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\ZoneLabs\isafe[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\jre1.5.0_01\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\mappc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\telcom[Caution: ExecutableFile]

 

 

 

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem[Caution: ExecutableFile]

 

 

 

C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\Program Files\BT Yahoo\BT Yahoo Help\bin\mpbtn[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Tom\Desktop\hijackthis\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband

 

 

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll

 

 

 

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag[Caution: ExecutableFile]" /icon

 

 

 

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb[Caution: ExecutableFile] /AllUsers

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager[Caution: ExecutableFile] -quiet

 

 

 

O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Microsoft Application Center] mappc[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Microsoft Telecom Center] telcom[Caution: ExecutableFile]

 

 

 

O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo\BT Yahoo Help\bin\matcli[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

 

 

 

O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll

 

 

 

O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll

 

 

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409

 

 

 

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

 

 

 

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/min ... Loader.dll

 

 

 

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

 

 

 

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - ]http://appldnld.m7z.net/content.info.ap ... sSetup[Caution: ExecutableFile]

 

 

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29976192984 ... xIE601.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7445187124

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C23615E-8A40-4910-AFC5-54990356D975}: NameServer = 194.72.9.44 194.74.65.86

 

 

 

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv[Caution: ExecutableFile]

 

 

 

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1[Caution: ExecutableFile]

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

i think its gone but im not sure if aurora has gone i think ill run ad-aware again.

 

 

 

 

 

 

 

thanks for telling me that website also.

oversized.jpg[/bads]

Create an account or sign in to comment
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.