crazyman Posted July 26, 2006 Share Posted July 26, 2006 i need good help i virus scanned my computer so many times, I defregmented it.........still no better tryed system restore it not help so i thk it might be adware/spyware i got dial up so i cant download big files and was wonderin if anyone knows a good(safe!) spyware remove thing? :-k *found 200 pieces of spyware* but still the same please it been like this for about a week and is really annoying i have to restart my computer every like 20 mins to keep me from gettin 2 flustrated and doin somthing bad O:) My computer is windows XP Dell Dimension DIM3000 Intel® Celeron® CPU 2.66GHz 2.66 GHz,512 MB Of Ram Link to comment Share on other sites More sharing options...
Chris Posted July 26, 2006 Share Posted July 26, 2006 Adaware SE Personal Spybot Search & Destroy 1.4 Update both, on a 56K I reckon it'd still take about an hour to get everything downloaded and updated. It can't be helped. Do a scan with both and remove what they say. Download HijackThis and post your log file, DO NOT REMOVE EVERYTHING IT PICKS UP. Someone on here will help you with what to remove. Notoriously Trollish. Link to comment Share on other sites More sharing options...
crazyman Posted July 26, 2006 Author Share Posted July 26, 2006 kk Ty i almost have spybot downloaded(found it before i made the topic) i download the the rest then...i updated my message with some system info Link to comment Share on other sites More sharing options...
crazyman Posted July 26, 2006 Author Share Posted July 26, 2006 hijackthis link does not work Link to comment Share on other sites More sharing options...
blade995 Posted July 26, 2006 Share Posted July 26, 2006 hijackthis link does not work Here you go :) http://www.spywareinfo.com/~merijn/downloads.html Link to comment Share on other sites More sharing options...
crazyman Posted July 26, 2006 Author Share Posted July 26, 2006 ok i downloaded HIJackThis and heres the log: Logfile of HijackThis v1.99.1 Scan saved at 01:48:24, on 26/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: Executable File] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon[Caution: Executable File] C:\WINDOWS\system32\hkcmd[Caution: Executable File] C:\WINDOWS\system32\igfxpers[Caution: Executable File] C:\Program Files\Dell Support\DSAgnt[Caution: Executable File] C:\Program Files\WinZip\WZQKPICK[Caution: Executable File] C:\Program Files\Internet Explorer\iexplore[Caution: Executable File] C:\Documents and Settings\Kevin\Desktop\spybotsd14[Caution: Executable File] C:\DOCUME~1\Kevin\LOCALS~1\Temp\is-EFFPR.tmp\is-7H7V7.tmp C:\Documents and Settings\Kevin\Desktop\HijackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.eircom.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: Executable File] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM[Caution: Executable File] -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File]" -start O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr[Caution: Executable File]" O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray[Caution: Executable File] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd[Caution: Executable File] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers[Caution: Executable File] O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TsAdBot[Caution: Executable File]" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt[Caution: Executable File]" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK[Caution: Executable File] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA1D1C4-962E-415D-87EA-107331F83F1D}: NameServer = 213.94.190.235 213.94.190.195 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: Executable File] Link to comment Share on other sites More sharing options...
crazyman Posted July 26, 2006 Author Share Posted July 26, 2006 ok so there was another thing i downloaded when i was downladin hijackthis i created a report RUN: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] RUN: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] RUN: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: Executable File] RUN: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]" RUN: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] RUN: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM[Caution: Executable File] -startup RUN: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File]" -start RUN: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr[Caution: Executable File]" RUN: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16 RUN: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] /STARTUP RUN: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] RUN: [igfxtray] C:\WINDOWS\system32\igfxtray[Caution: Executable File] RUN: [igfxhkcmd] C:\WINDOWS\system32\hkcmd[Caution: Executable File] RUN: [igfxpers] C:\WINDOWS\system32\igfxpers[Caution: Executable File] RUN: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TsAdBot[Caution: Executable File]" RUN: [DellSupport] "C:\Program Files\Dell Support\DSAgnt[Caution: Executable File]" /startup RUN: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background **** Browser Helper Objects **** BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll BHO: [DriveLetterAccess] C:\WINDOWS\system32\dla\tfswshx.dll BHO: [sSVHelper Class] C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar2.dll **** IE Toolbars **** TOOLBAR: [&Google] c:\program files\google\googletoolbar2.dll **** IE Extensions **** IEExt: [] IEExt: [Messenger] C:\Program Files\Messenger\msmsgs[Caution: Executable File] **** Hosts File Entries **** HOSTS: 127.0.0.1 localhost HOSTS: 127.0.0.1 localhost **** IE Settings **** Default Page: http://www.euro.dell.com/ Default Search: http://www.microsoft.com/isapi/redir.dl ... r=iesearch Local Page: C:\WINDOWS\system32\blank.htm Search Page: http://www.microsoft.com/isapi/redir.dl ... r=iesearch **** IE Context Menu (Right click) **** **** Layered Service Providers **** LSP: MSAFD Tcpip [TCP/IP] LSP: MSAFD Tcpip [uDP/IP] LSP: RSVP UDP Service Provider LSP: RSVP TCP Service Provider LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ED128D97-B254-463C-B52B-63D8855C16F4}] SEQPACKET 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ED128D97-B254-463C-B52B-63D8855C16F4}] DATAGRAM 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{38EF3365-07A8-4FB1-B605-1B4D6A77CE65}] SEQPACKET 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{38EF3365-07A8-4FB1-B605-1B4D6A77CE65}] DATAGRAM 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CCA1D1C4-962E-415D-87EA-107331F83F1D}] SEQPACKET 4 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CCA1D1C4-962E-415D-87EA-107331F83F1D}] DATAGRAM 4 **** Blocked Control Panel Items **** BLOCKED: [ncpa.cpl] No BLOCKED: [odbccp32.cpl] No **** Downloaded Program Files **** {8AD9C840-044E-11D1-B3E9-00805F499D93} [http] {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [http] {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [http] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http] **** Windows Services **** [Alerter] %SystemRoot%\system32\svchost[Caution: Executable File] -k LocalService [ALG] %SystemRoot%\System32\alg[Caution: Executable File] [AppMgmt] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state[Caution: Executable File] [AudioSrv] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [Avg7Alrt] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] [Avg7UpdSvc] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] [bITS] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [browser] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [CiSvc] %SystemRoot%\system32\cisvc[Caution: Executable File] [ClipSrv] %SystemRoot%\system32\clipsrv[Caution: Executable File] [COMSysApp] C:\WINDOWS\system32\dllhost[Caution: Executable File] /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [CryptSvc] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch [Dhcp] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [dlbt_device] C:\WINDOWS\system32\dlbtcoms[Caution: Executable File] -service [dmadmin] %SystemRoot%\System32\dmadmin[Caution: Executable File] /com [dmserver] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [Dnscache] %SystemRoot%\system32\svchost[Caution: Executable File] -k NetworkService [ERSvc] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [Eventlog] %SystemRoot%\system32\services[Caution: Executable File] [EventSystem] C:\WINDOWS\system32\svchost[Caution: Executable File] -k netsvcs [FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [Fax] %systemroot%\system32\fxssvc[Caution: Executable File] [helpsvc] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [HidServ] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [HTTPFilter] %SystemRoot%\System32\svchost[Caution: Executable File] -k HTTPFilter [iDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]" [imapiService] C:\WINDOWS\system32\imapi[Caution: Executable File] [lanmanserver] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [lanmanworkstation] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [LmHosts] %SystemRoot%\system32\svchost[Caution: Executable File] -k LocalService [Messenger] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [mnmsrvc] C:\WINDOWS\system32\mnmsrvc[Caution: Executable File] [MSDTC] C:\WINDOWS\system32\msdtc[Caution: Executable File] [MSIServer] C:\WINDOWS\system32\msiexec[Caution: Executable File] /V [NetDDE] %SystemRoot%\system32\netdde[Caution: Executable File] [NetDDEdsdm] %SystemRoot%\system32\netdde[Caution: Executable File] [Netlogon] %SystemRoot%\system32\lsass[Caution: Executable File] [Netman] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [NetSvc] C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: Executable File] [Nla] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [NtLmSsp] %SystemRoot%\system32\lsass[Caution: Executable File] [NtmsSvc] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [PlugPlay] %SystemRoot%\system32\services[Caution: Executable File] [PolicyAgent] %SystemRoot%\system32\lsass[Caution: Executable File] [ProtectedStorage] %SystemRoot%\system32\lsass[Caution: Executable File] [RasAuto] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [RasMan] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [RDSessMgr] C:\WINDOWS\system32\sessmgr[Caution: Executable File] [RemoteAccess] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [RpcLocator] %SystemRoot%\system32\locator[Caution: Executable File] [RpcSs] %SystemRoot%\system32\svchost -k rpcss [RSVP] %SystemRoot%\system32\rsvp[Caution: Executable File] [samSs] %SystemRoot%\system32\lsass[Caution: Executable File] [sCardSvr] %SystemRoot%\System32\SCardSvr[Caution: Executable File] [schedule] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [seclogon] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [sENS] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [sharedAccess] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [shellHWDetection] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [spooler] %SystemRoot%\system32\spoolsv[Caution: Executable File] [srservice] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [sSDPSRV] %SystemRoot%\system32\svchost[Caution: Executable File] -k LocalService [stisvc] %SystemRoot%\system32\svchost[Caution: Executable File] -k imgsvc [swPrv] C:\WINDOWS\system32\dllhost[Caution: Executable File] /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4} [sysmonLog] %SystemRoot%\system32\smlogsvc[Caution: Executable File] [TapiSrv] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [TermService] %SystemRoot%\System32\svchost -k DComLaunch [Themes] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [TrkWks] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [upnphost] %SystemRoot%\system32\svchost[Caution: Executable File] -k LocalService [uPS] %SystemRoot%\System32\ups[Caution: Executable File] [VSS] %SystemRoot%\System32\vssvc[Caution: Executable File] [w32time] %SystemRoot%\system32\svchost[Caution: Executable File] -k netsvcs [WebClient] %SystemRoot%\system32\svchost[Caution: Executable File] -k LocalService [winmgmt] %systemroot%\system32\svchost[Caution: Executable File] -k netsvcs [WmdmPmSN] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv[Caution: Executable File] [wscsvc] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [wuauserv] %systemroot%\system32\svchost[Caution: Executable File] -k netsvcs [WZCSVC] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs [xmlprov] %SystemRoot%\System32\svchost[Caution: Executable File] -k netsvcs **** Custom IE Search Items **** SEARCH: [searchAssistant] http://www.google.com/ie SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm **** Complete IE Options **** IEOPT: [NoUpdateCheck] IEOPT: [NoJITSetup] IEOPT: [Disable Script Debugger] yes IEOPT: [show_ChannelBand] No IEOPT: [Anchor Underline] yes IEOPT: [Cache_Update_Frequency] Once_Per_Session IEOPT: [Display Inline Images] yes IEOPT: [Do404Search] IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm IEOPT: [save_Session_History_On_Exit] no IEOPT: [show_FullURL] no IEOPT: [show_StatusBar] yes IEOPT: [show_ToolBar] yes IEOPT: [show_URLinStatusBar] yes IEOPT: [show_URLToolBar] yes IEOPT: [start Page] http://home.eircom.net/ IEOPT: [use_DlgBox_Colors] yes IEOPT: [search Page] http://www.microsoft.com/isapi/redir.dl ... r=iesearch IEOPT: [Default_Page_URL] http://www.euro.dell.com/ IEOPT: [Window_Placement] , IEOPT: [use FormSuggest] no IEOPT: [AddToFavoritesExpanded] IEOPT: [NotifyDownloadComplete] yes IEOPT: [FullScreen] no IEOPT: [use Search Asst] no IEOPT: [Default_Page_URL] http://www.euro.dell.com/ IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dl ... r=iesearch IEOPT: [search Page] http://www.microsoft.com/isapi/redir.dl ... r=iesearch IEOPT: [Enable_Disk_Cache] yes IEOPT: [Cache_Percent_of_Disk] IEOPT: [Delete_Temp_Files_On_Exit] yes IEOPT: [Local Page] %SystemRoot%\system32\blank.htm IEOPT: [Anchor_Visitation_Horizon] IEOPT: [use_Async_DNS] yes IEOPT: [Placeholder_Width] IEOPT: [Placeholder_Height] IEOPT: [start Page] http://www.euro.dell.com/ IEOPT: [CompanyName] Microsoft Corporation IEOPT: [Custom_Key] MICROSO IEOPT: [Wizard_Version] 6.0.2600.0000 IEOPT: [FullScreen] no IEOPT: [use_DlgBox_Colors] yes for that aswell dont know if it is any use Link to comment Share on other sites More sharing options...
crazyman Posted July 26, 2006 Author Share Posted July 26, 2006 everything is installed and updated(well almost all updated) what next? Link to comment Share on other sites More sharing options...
crazyman Posted July 26, 2006 Author Share Posted July 26, 2006 ok i gota go 2 bed,thanks for the help these things found stuff Link to comment Share on other sites More sharing options...
crazyman Posted July 26, 2006 Author Share Posted July 26, 2006 ok this a log after i removed all the spyware i could find Logfile of HijackThis v1.99.1 Scan saved at 10:38:04, on 26/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: Executable File] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr[Caution: Executable File] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] C:\WINDOWS\system32\hkcmd[Caution: Executable File] C:\WINDOWS\system32\igfxpers[Caution: Executable File] C:\Program Files\Dell Support\DSAgnt[Caution: Executable File] C:\Program Files\WinZip\WZQKPICK[Caution: Executable File] C:\Program Files\Internet Explorer\iexplore[Caution: Executable File] C:\WINDOWS\system32\igfxsrvc[Caution: Executable File] C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File] C:\Documents and Settings\Kevin\Desktop\My Anti Virus and spyware stuff\HijackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.eircom.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: Executable File] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM[Caution: Executable File] -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File]" -start O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr[Caution: Executable File]" O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray[Caution: Executable File] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd[Caution: Executable File] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers[Caution: Executable File] O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt[Caution: Executable File]" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK[Caution: Executable File] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA1D1C4-962E-415D-87EA-107331F83F1D}: NameServer = 213.94.190.235 213.94.190.195 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: Executable File] Link to comment Share on other sites More sharing options...
crazyman Posted July 26, 2006 Author Share Posted July 26, 2006 anyone help? Link to comment Share on other sites More sharing options...
Sinkhan Posted July 26, 2006 Share Posted July 26, 2006 Go to http://www.hijackthis.de to check out the processes. As for spyware, try out MS Defender Beta 2 from the Microsoft website. Also, you might want to try http://www.pctools.com/registry-mechanic/. There's a shareware version of the software that'll let you clean out some of your registry. TweakNow RegCleaner also does the same thing, but scans faster and detects other parts of your registry and lets you remove some of the stuff that the Registry Mechanic shareware didn't fix. http://www.tweaknow.com/RegCleaner.html Something to fill my sig with until I find a replacement.Also check out my blug Link to comment Share on other sites More sharing options...
blade995 Posted July 26, 2006 Share Posted July 26, 2006 Way to go with the 6th post in a row. Theres something called the edit button. :wink: Link to comment Share on other sites More sharing options...
crazyman Posted July 26, 2006 Author Share Posted July 26, 2006 edit buttom where do i find it :lol: messin i do that next time Entry Kind (Safe, Nasty, Unknown) Description Tip Logfile of HijackThis v1.99.1 Safe. Shows the version of HijackThis an. The newest version is: v1.99.1! This should be the newest version. (v1.99.1) Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2900.2180! This should be the newest version. (6.00.2900.2180) C:\WINDOWS\System32\smss.e3e (CAUTION - executable file) Unknown running process. (smss.e3e(CAUTION-executablefile)) This is a unknown process. C:\WINDOWS\system32\winlogon.e3e (CAUTION - executable file) Unknown running process. (winlogon.e3e(CAUTION-executablefile)) This is a unknown process. C:\WINDOWS\system32\services.e3e (CAUTION - executable file) Unknown running process. (services.e3e(CAUTION-executablefile)) This is a unknown process. C:\WINDOWS\system32\lsass.e3e (CAUTION - executable file) Unknown running process. (lsass.e3e(CAUTION-executablefile)) This is a unknown process. C:\WINDOWS\system32\svchost.e3e (CAUTION - executable file) Unknown running process. (svchost.e3e(CAUTION-executablefile)) This is a unknown process. C:\WINDOWS\System32\svchost.e3e (CAUTION - executable file) Unknown running process. (svchost.e3e(CAUTION-executablefile)) This is a unknown process. C:\WINDOWS\system32\spoolsv.e3e (CAUTION - executable file) Unknown running process. (spoolsv.e3e(CAUTION-executablefile)) This is a unknown process. C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.e3e (CAUTION - executable file) Unknown running process. (avgamsvr.e3e(CAUTION-executablefile)) This is a unknown process. C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.e3e (CAUTION - executable file) Unknown running process. (avgupsvc.e3e(CAUTION-executablefile)) This is a unknown process. C:\WINDOWS\system32\svchost.e3e (CAUTION - executable file) Unknown running process. (svchost.e3e(CAUTION-executablefile)) This is a unknown process. C:\WINDOWS\Explorer.e3e (CAUTION - executable file) Unknown running process. (Explorer.e3e(CAUTION-executablefile)) This is a unknown process. C:\Program Files\Analog Devices\Core\smax4pnp.e3e (CAUTION - executable file) Unknown running process. (smax4pnp.e3e(CAUTION-executablefile)) This is a unknown process. C:\Program Files\Java\jre1.5.0_06\bin\jusched.e3e (CAUTION - executable file) Unknown running process. (jusched.e3e(CAUTION-executablefile)) This is a unknown process. C:\Program Files\Intel\Modem Event Monitor\IntelMEM.e3e (CAUTION - executable file) Unknown running process. (IntelMEM.e3e(CAUTION-executablefile)) This is a unknown process. C:\Program Files\CyberLink\PowerDVD\DVDLauncher.e3e (CAUTION - executable file) Unknown running process. (DVDLauncher.e3e(CAUTION-executablefile)) This is a unknown process. C:\WINDOWS\system32\dla\tfswctrl.e3e (CAUTION - executable file) Unknown running process. (tfswctrl.e3e(CAUTION-executablefile)) This is a unknown process. C:\Program Files\Common Files\InstallShield\UpdateService\issch.e3e (CAUTION - executable file) Unknown running process. (issch.e3e(CAUTION-executablefile)) This is a unknown process. C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.e3e (CAUTION - executable file) Unknown running process. (dlbtbmgr.e3e(CAUTION-executablefile)) This is a unknown process. C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.e3e (CAUTION - executable file) Unknown running process. (avgcc.e3e(CAUTION-executablefile)) This is a unknown process. C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e3e (CAUTION - executable file) Unknown running process. (avgemc.e3e(CAUTION-executablefile)) This is a unknown process. C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.e3e (CAUTION - executable file) Unknown running process. (dlbtbmon.e3e(CAUTION-executablefile)) This is a unknown process. C:\WINDOWS\system32\hkcmd.e3e (CAUTION - executable file) Unknown running process. (hkcmd.e3e(CAUTION-executablefile)) This is a unknown process. C:\WINDOWS\system32\igfxpers.e3e (CAUTION - executable file) Unknown running process. (igfxpers.e3e(CAUTION-executablefile)) This is a unknown process. C:\Program Files\Dell Support\DSAgnt.e3e (CAUTION - executable file) Unknown running process. (DSAgnt.e3e(CAUTION-executablefile)) This is a unknown process. C:\Program Files\WinZip\WZQKPICK.e3e (CAUTION - executable file) Unknown running process. (WZQKPICK.e3e(CAUTION-executablefile)) This is a unknown process. C:\Program Files\Internet Explorer\iexplore.e3e (CAUTION - executable file) Unknown running process. (iexplore.e3e(CAUTION-executablefile)) This is a unknown process. C:\Documents and Settings\Kevin\Desktop\spybotsd14.e3e (CAUTION - executable file) Unknown running process. (spybotsd14.e3e(CAUTION-executablefile)) This is a unknown process. C:\Documents and Settings\Kevin\Desktop\HijackThis.e3e (CAUTION - executable file) Unknown running process. (HijackThis.e3e(CAUTION-executablefile)) This is a unknown process. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ Safe. This page has been identified as safe. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.eircom.net/ Safe. This page has been identified as safe. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ Safe. This page has been identified as safe. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ Safe. This page has been identified as safe. O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 100,00% O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll Safe. Entries found in this registry zone are potentially nasty. This application ([5CA3D70E-1895-11CF-8E15-001234567890] - Result: 5CA3D70E-1895-11CF-8E15-001234567890) has been checked. Hit rate: 100,00% O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll Safe. Entries found in this registry zone are potentially nasty. This application ([AA58ED58-01DD-4d91-8333-CF10577473F7] - Result: AA58ED58-01DD-4d91-8333-CF10577473F7) has been checked. Hit rate: 100,00% O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll Safe. Entries found in this registry zone are potentially nasty. This application ([2318C2B1-4965-11d4-9B18-009027A5CD4F] - Result: 2318C2B1-4965-11D4-9B18-009027A5CD4F) has been checked. Hit rate: 97,22% O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.e3e (CAUTION - executable file) Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.e3e (CAUTION - executable file) Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.e3e (CAUTION - executable file) Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.e3e (CAUTION - executable file)" Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.e3e (CAUTION - executable file) Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.e3e (CAUTION - executable file) -startup Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.e3e (CAUTION - executable file)" -start Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.e3e (CAUTION - executable file)" Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16 Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.e3e (CAUTION - executable file) /STARTUP Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e3e (CAUTION - executable file) Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.e3e (CAUTION - executable file) Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.e3e (CAUTION - executable file) Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.e3e (CAUTION - executable file) Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TsAdBot.e3e (CAUTION - executable file)" Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.e3e (CAUTION - executable file)" /startup Unknown Hit rate: 0,00 % (result) Unknown application. O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.e3e (CAUTION - executable file)" /background Unknown Hit rate: 0,00 % (result) Unknown application. O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.e3e (CAUTION - executable file) Unknown Hit rate: 0,00 % (result) Unknown application. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll Safe. The entry has been identified as safe. If the entry '' is not needed anymore, it should be fixed. O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll Safe. The entry Sun Java Console has been identified as safe. If the entry 'Sun Java Console ' is not needed anymore, it should be fixed. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.e3e (CAUTION - executable file) Safe. The entry Messenger has been identified as safe. If the entry 'Messenger ' is not needed anymore, it should be fixed. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.e3e (CAUTION - executable file) Safe. The entry Windows Messenger has been identified as safe. If the entry 'Windows Messenger ' is not needed anymore, it should be fixed. O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll Safe. Most of the entries present in this registry area are safe. Only OnFlow adds an unwanted plugins can be found here. OnFlow-Plugins have the following extension *.ofb. O17 - HKLM\System\CCS\Services\Tcpip\..\{CCA1D1C4-962E-415D-87EA-107331F83F1D}: NameServer = 213.94.190.235 213.94.190.195 Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '213.94.190.235 213.94.190.195'? If not, fix this entry. O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll Safe. This entry was classified from our visitors as good. Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way. O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.e3e (CAUTION - executable file) Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (avgamsvr.e3e (CAUTION - executable file)) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.e3e (CAUTION - executable file) Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (avgupsvc.e3e (CAUTION - executable file)) O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.e3e (CAUTION - executable file) Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (dlbtcoms.e3e (CAUTION - executable file)) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.e3e (CAUTION - executable file) Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (IDriverT.e3e (CAUTION - executable file)) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.e3e (CAUTION - executable file) Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (NetSvc.e3e (CAUTION - executable file)) This log has been checked automatically. Check your log file automatically at http://www.hijackthis.de. Link to comment Share on other sites More sharing options...
Sinkhan Posted July 27, 2006 Share Posted July 27, 2006 C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.e3e (CAUTION - executable file) Unknown running process. (avgamsvr.e3e(CAUTION-executablefile)) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.e3e (CAUTION - executable file) Unknown running process. (avgupsvc.e3e(CAUTION-executablefile)) C:\Program Files\Java\jre1.5.0_06\bin\jusched.e3e (CAUTION - executable file) Unknown running process. (jusched.e3e(CAUTION-executablefile)) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.e3e (CAUTION - executable file) Unknown running process. (avgcc.e3e(CAUTION-executablefile)) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.e3e (CAUTION - executable file) Unknown running process. (avgemc.e3e(CAUTION-executablefile)) C:\Documents and Settings\Kevin\Desktop\spybotsd14.e3e (CAUTION - executable file) Unknown running process. (spybotsd14.e3e(CAUTION-executablefile)) C:\Documents and Settings\Kevin\Desktop\HijackThis.e3e (CAUTION - executable file) Unknown running process. (HijackThis.e3e(CAUTION-executablefile)) If you paid 3 seconds of your attention to the log, then you'd realize that these "unknown processes" are actually safe programs that pose no threat to your system. A few of those above entries are from AVG, HijackThis!, Spybot, and Java Runtime Environment (the thing you need to play RS) Something to fill my sig with until I find a replacement.Also check out my blug Link to comment Share on other sites More sharing options...
crazyman Posted July 27, 2006 Author Share Posted July 27, 2006 ................. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now