Results 1 to 6 of 6

Thread: Please check my hijackthis log

  1. 08-28-2006, 12:37 PM #1
    Iloo
    Iloo is offline Junior Member
    Join Date
    Aug 2006
    Posts
    5

    Please check my hijackthis log

    I am having problems with viruses and spyware. I have followed your instructions on the Read me first before posting for help and here is my hijackthis log and my ewido log report.
    ps Once my computer boots into wincows XP Desktop it seems to be loading a huge program in the background becuses it stops responding for a while(5mins or so). Also I had problems attaching the hijackthis log and the ewido report so I pasted it into the thread.
    Thank you for your help and consideration.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:53:41 PM, on 8/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...oo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...oo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\Lance Richards\Application Data\Mozilla\Profiles\default\81g0pdce.slt\prefs.j s)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5 Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lance Richards\Application Data\Mozilla\Profiles\default\81g0pdce.slt\prefs.j s)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
    O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.2...maha-en_US.cab
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.2...aces-en_US.cab
    O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.5...-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.7.0.3...mmon-en_US.cab
    O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.4.2.2...-ob-assets.cab
    O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.7.0.4...cade-en_US.cab
    O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.3.3...ling-en_US.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab
    O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.7.2.2...asta-en_US.cab
    O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab
    O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.3.3.2...-ob-assets.cab
    O16 - DPF: DigiChat Applet - http://fanclubchat.musictoday.com/Di.../Client_IE.cab
    O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.7.2.3...mino-en_US.cab
    O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.5.2.2...chre-en_US.cab
    O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.5.3.3...ngoe-en_US.cab
    O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.3...ingo-en_US.cab
    O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.0.4...-ob-assets.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.4.2.2...-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.2...arts-en_US.cab
    O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.6.5.2...oker-en_US.cab
    O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.2.5.2...-ob-assets.cab
    O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.3.4.6...-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.2.21/...-ob-assets.cab
    O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.4.1.4...-ob-assets.cab
    O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.5.3...oker-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.3...ttso-en_US.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.3...jong-en_US.cab
    O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.6.4.2...lots-en_US.cab
    O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.7.1.2...cell-en_US.cab
    O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.3...uins-en_US.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.5.1.2...heel-en_US.cab
    O16 - DPF: Perfect Passer by pogo - http://game1.pogo.com/applet-6.4.4.3...-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.3...nger-en_US.cab
    O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.7.2.3...chle-en_US.cab
    O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.7.2.2...gold-en_US.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.2...opfu-en_US.cab
    O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.5.2.3...oppa-en_US.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.4.3...-ob-assets.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.4.2...reak-en_US.cab
    O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.5.4.3...ares-en_US.cab
    O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.4...ride-en_US.cab
    O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.com/applet-6.4.4.3...-ob-assets.cab
    O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
    O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.3...puck-en_US.cab
    O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.4.4.3...-ob-assets.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.2...ider-en_US.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.2...hies-en_US.cab
    O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.2...stax-en_US.cab
    O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.7.2.3...eper-en_US.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.2...ldem-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.0.3...eaks-en_US.cab
    O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.5.3.4...mbee-en_US.cab
    O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.6.4.2...bo21-en_US.cab
    O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.2.2...bo22-en_US.cab
    O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.3.4.6...-ob-assets.cab
    O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.7.2.2...ries-en_US.cab
    O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.7.2.3...omp2-en_US.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.7.2.2...down-en_US.cab
    O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.6.5.3...jong-en_US.cab
    O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.1.3...lass-en_US.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
    O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et2_x.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0537a08c...p/RdxIE601.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pogo.com/online2/po...h.1.0.0.80.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://playweb01.pogo.com/game/delux...ploader_v6.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:45:02 PM 8/27/2006

    + Scan result:



    C:\WINDOWS\system32\BO2802040113.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\PgTools -> Adware.Delfin : Cleaned with backup (quarantined).
    C:\Program Files\MediaLoads\v1\ML.exe -> Adware.DownloadWare : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\Mx0n11n3.dll -> Adware.F1Organizer : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1015.dll -> Adware.Gator : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1015.dll -> Adware.Gator : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1015.dll -> Adware.Gator : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\Companion\ycomp5_0_2_7.dll -> Adware.Yahoo : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\in9bAs.dll -> Dropper.Agent.of : Cleaned with backup (quarantined).
    C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Ignored.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.7:C:\Documents and Settings\Lance Richards\Application Data\Mozilla\Profiles\default\81g0pdce.slt\cookies .txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@vip2.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@com[1].txt -> TrackingCookie.Com : Cleaned.
    :mozilla.10:C:\Documents and Settings\Lance Richards\Application Data\Mozilla\Profiles\default\81g0pdce.slt\cookies .txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wfk4sjazcao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wfk4smd5ogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wfk4wkcjwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wfkiqnajkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wfl4ohdpsfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wfl4oodpwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wflioocpogo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wflycoc5efp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wflyomcpclp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wgkiaod5sbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wgkocoazofo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wgkoukdpakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wgl4cld5kco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wgl4qmazwcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wgliciazchp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wglikgdzwgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wgliomczkbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wgloqkd5akp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wgmisodjodq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wgmyeldpglo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wgmyogazklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6whk4glc5mfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6whkiepajohp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6whkigpczsdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6whlogjdjaap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6whlysmc5ihq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjk4gicpgdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjk4qndjifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjkochdpakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjkygoazmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjkyogcpcfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjkyqidjgcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjkysgdzeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjl4endzaeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjl4uhajifo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjliwhcjeap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjloolcpefo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjlowjcpgcq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjmiclcjofo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjmiwhdzmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjmyaic5ekp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjmyogc5afp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjnyeiajogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjnyuiajacq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@e-2dj6wjnyukdzedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@e-2dj6wfk4gjdzchp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@e-2dj6wfmywmcpseq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@e-2dj6wjkycodzokp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@e-2dj6wjkyogcpcfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@e-2dj6wjkyqocjalp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@e-2dj6wjlicndjmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@e-2dj6wjloandzwcq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@e-2dj6wjny-1idzab.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@e-2dj6wjnyelazwhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@e-2dj6wjnyokcjsfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.11:C:\Documents and Settings\Lance Richards\Application Data\Mozilla\Profiles\default\81g0pdce.slt\cookies .txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.13:C:\Documents and Settings\Lance Richards\Application Data\Mozilla\Profiles\default\81g0pdce.slt\cookies .txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.14:C:\Documents and Settings\Lance Richards\Application Data\Mozilla\Profiles\default\81g0pdce.slt\cookies .txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Lance Richards\Application Data\Earthlink\6.0\laner8rn@earthlink.net\Cookies\ lance richards@ads.trafficvenue[1].txt -> TrackingCookie.Trafficvenue : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
    C:\Documents and Settings\Lance Richards\Local Settings\Temp\Cookies\lance richards@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Lance Richards\Cookies\lance richards@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end
    Reply With Quote Reply With Quote
  2. 08-28-2006, 03:03 PM #2
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    First of all go to Add/Remove and uninstall the following programs if present;
    Conflict2
    DIGStream
    Follow prompts to remove them.
    Then open My Computer. Double Click "C" drive.
    Go first to Windows\Program Files and double click.
    Look for DigStream and delete.
    Next go to Downloaded Program Files and look for Conflict2 and delete.
    Reboot.

    There are a huge number of O16 entries in your log. While all of them are not necessarily bad files these ARE downloaded program files. Do you play ALL of these games often? I would recommend that you remove those 69 downloaded games you do not play. You can download them again if you feel you wish to play them. It is just that this is the most I have ever seen in one HJT log.

    Run HiJackThis again and place checkmarks next to the following entries;
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    And also any of those O16 entries that you can.
    Once you have placed the checkmarks then click the FIX button.
    Exit HJT.

    Now boot to SAFE MODE
    Again run your AVG, Ewido(save the log), AdAwareSE and Spybot. Have each program fix everything found.
    Reboot to normal mode and run a new HJT scan and post that new log and also the new Ewido logs here.
    Reply With Quote Reply With Quote
  3. 08-28-2006, 09:03 PM #3
    Iloo
    Iloo is offline Junior Member
    Join Date
    Aug 2006
    Posts
    5

    question about 016 listings

    Hi JHolland1964,
    Thanks for the help with my Hijackthis log. I do have a question about the 016 listings though. The games are from a website called pogo.com and are supposed to be adware free and safe for your computer. These are games my wife and kids play online so it is a little difficult to get rid of them. Do you think these games could cause problems with other software and have hidden spyware or viruses in them?
    Reply With Quote Reply With Quote
  4. 08-28-2006, 10:38 PM #4
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Quote Originally Posted by Iloo View Post
    Hi JHolland1964,
    Thanks for the help with my Hijackthis log. I do have a question about the 016 listings though. The games are from a website called pogo.com and are supposed to be adware free and safe for your computer. These are games my wife and kids play online so it is a little difficult to get rid of them. Do you think these games could cause problems with other software and have hidden spyware or viruses in them?
    No, I just noticed there were so many. If these are used all the time then leave them for now. Many times people will try out many of these games and never use them again. If they aren't used, remove them, but otherwise they are fine
    Reply With Quote Reply With Quote
  5. 08-29-2006, 12:41 PM #5
    Iloo
    Iloo is offline Junior Member
    Join Date
    Aug 2006
    Posts
    5
    I have rerun avg,spybot,adaware,windows defender,ewido, and here are my Hijackthis log and ewido report. Thanks again for your help

    Logfile of HijackThis v1.99.1
    Scan saved at 1:31:54 PM, on 8/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...oo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\Lance Richards\Application Data\Mozilla\Profiles\default\81g0pdce.slt\prefs.j s)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5 Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lance Richards\Application Data\Mozilla\Profiles\default\81g0pdce.slt\prefs.j s)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
    O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.2...maha-en_US.cab
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.2...aces-en_US.cab
    O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.5...-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.7.0.3...mmon-en_US.cab
    O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.4.2.2...-ob-assets.cab
    O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.7.0.4...cade-en_US.cab
    O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.3.3...ling-en_US.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab
    O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.7.2.2...asta-en_US.cab
    O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab
    O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.3.3.2...-ob-assets.cab
    O16 - DPF: DigiChat Applet - http://fanclubchat.musictoday.com/Di.../Client_IE.cab
    O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.7.2.3...mino-en_US.cab
    O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.5.2.2...chre-en_US.cab
    O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.5.3.3...ngoe-en_US.cab
    O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.3...ingo-en_US.cab
    O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.0.4...-ob-assets.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.4.2.2...-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.2...arts-en_US.cab
    O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.6.5.2...oker-en_US.cab
    O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.2.5.2...-ob-assets.cab
    O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.3.4.6...-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.2.21/...-ob-assets.cab
    O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.4.1.4...-ob-assets.cab
    O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.5.3...oker-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.0.3...ttso-en_US.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.3...jong-en_US.cab
    O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.6.4.2...lots-en_US.cab
    O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.7.1.2...cell-en_US.cab
    O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.3...uins-en_US.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.5.1.2...heel-en_US.cab
    O16 - DPF: Perfect Passer by pogo - http://game1.pogo.com/applet-6.4.4.3...-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.3...nger-en_US.cab
    O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.7.2.3...chle-en_US.cab
    O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.7.2.2...gold-en_US.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.2...opfu-en_US.cab
    O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.5.2.3...oppa-en_US.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.4.3...-ob-assets.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.6.4.2...reak-en_US.cab
    O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.5.4.3...ares-en_US.cab
    O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.4...ride-en_US.cab
    O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.com/applet-6.4.4.3...-ob-assets.cab
    O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
    O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.3...puck-en_US.cab
    O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.4.4.3...-ob-assets.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.2.2...ider-en_US.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.2...hies-en_US.cab
    O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.2...stax-en_US.cab
    O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.7.2.3...eper-en_US.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.2...ldem-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.0.3...eaks-en_US.cab
    O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.5.3.4...mbee-en_US.cab
    O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.6.4.2...bo21-en_US.cab
    O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.2.2...bo22-en_US.cab
    O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.3.4.6...-ob-assets.cab
    O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.7.2.2...ries-en_US.cab
    O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.7.2.3...omp2-en_US.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.7.2.2...down-en_US.cab
    O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.6.5.3...jong-en_US.cab
    O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.1.3...lass-en_US.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
    O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et2_x.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0537a08c...p/RdxIE601.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pogo.com/online2/po...h.1.0.0.80.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://playweb01.pogo.com/game/delux...ploader_v6.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 1:25:03 PM 8/29/2006

    + Scan result:



    C:\RECYCLER\S-1-5-21-3973020173-2210005112-502944281-1006\Dc24\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned.


    ::Report end
    Reply With Quote Reply With Quote
  6. 08-29-2006, 06:10 PM #6
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Will read your logs ASAP Iloo!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules