• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
darkerblue

My Hijack Log

17 posts in this topic

Would someone mind looking over this hjt log for me? I've tried to do some fixes, including AdAware, SpyBot S&D, TrojanHunter, CWShredder, Peper finder, VX2Finder. Nothing really seems to work. I'm getting Azoogleads and others like http://adv1.eblocs.com/spyblocs/adv/dmedi_002.html

 

If someone could offer me more advice, that would be great. THANKS! :)

 

 

 

Logfile of HijackThis v1.98.0

Scan saved at 5:57:06 PM, on 7/24/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Canon\BJPV\TVMon.exe

C:\Program Files\Canon\BJCard\BJLaunch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\TrojanHunter 3.9\THGuard.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\WINDOWS\webshots.scr

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Avant Browser\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Bradley\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/68528

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [bJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe

O4 - HKLM\..\Run: [bJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm

O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

Share this post


Link to post
Share on other sites

My adaware log:

 

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :Saturday, July 24, 2004 6:13:03 PM

Created with Ad-aware Personal, free for private use.

Using reference-file :01R333 18.07.2004

______________________________________________________

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

 

7-24-2004 6:13:03 PM - Scan started. (Custom mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 7-24-2004 10:41:05 PM

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 7-24-2004 10:41:10 PM

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-24-2004 10:41:11 PM

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/24/2004 10:41:05 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-24-2004 10:41:11 PM

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/24/2004 10:41:05 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-24-2004 10:41:11 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/24/2004 10:23:57 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-24-2004 10:41:11 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/24/2004 10:23:57 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:7 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-24-2004 10:41:14 PM

BasePriority : Normal

FileSize : 50 KB

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/24/2004 10:41:05 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:8 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 7-24-2004 10:41:14 PM

BasePriority : Normal

FileSize : 309 KB

FileVersion : 1.03.4

ProductVersion : 1.03.4

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Event Manager Service

InternalName : ccEvtMgr

OriginalFilename : ccEvtMgr.exe

ProductName : Event Manager

Created on : 10/31/2003 3:57:53 PM

Last accessed : 7/24/2004 10:41:05 PM

Last modified : 7/17/2003 5:16:38 PM

 

#:9 [bjmcmng.exe]

FilePath : C:\Program Files\Canon\BJCard\

ThreadCreationTime : 7-24-2004 10:41:15 PM

BasePriority : Normal

FileSize : 48 KB

FileVersion : 1.30

ProductVersion : 1.30

Copyright : Copyright CANON INC. 2000-2002 All Rights Reserved.

CompanyName : CANON INC.

FileDescription : Memory Card Manager

InternalName : Bjmcmng

OriginalFilename : Bjmcmng.exe

ProductName : Memory Card Utility

Created on : 10/15/2003 10:17:18 PM

Last accessed : 7/24/2004 10:41:05 PM

Last modified : 10/21/2002 3:36:50 PM

 

#:10 [navapsvc.exe]

FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\

ThreadCreationTime : 7-24-2004 10:41:15 PM

BasePriority : Normal

FileSize : 113 KB

FileVersion : 9.05.1015

ProductVersion : 9.05.1015

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

OriginalFilename : NAVAPSVC.EXE

ProductName : Norton AntiVirus

Created on : 10/31/2003 3:57:39 PM

Last accessed : 7/24/2004 10:39:38 PM

Last modified : 11/15/2002 1:41:26 AM

 

#:11 [nprotect.exe]

FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\

ThreadCreationTime : 7-24-2004 10:41:15 PM

BasePriority : Normal

FileSize : 132 KB

FileVersion : 16.00.0.22

ProductVersion : 16.00.0.22

Copyright : Copyright © 2003 Symantec Corporation

CompanyName : Symantec Corporation

FileDescription : Norton Protection Status

InternalName : NPROTECT

OriginalFilename : NPROTECT.EXE

ProductName : Norton Utilities

Created on : 10/31/2003 3:49:13 PM

Last accessed : 7/24/2004 10:41:05 PM

Last modified : 8/14/2002 12:03:00 PM

 

#:12 [nopdb.exe]

FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\

ThreadCreationTime : 7-24-2004 10:41:15 PM

BasePriority : Normal

FileSize : 168 KB

FileVersion : 7.00.0.24

ProductVersion : 7.00.0.24

Copyright : Copyright © 2002

CompanyName : Symantec Corporation

FileDescription : NOPDB

InternalName : NOPDB

OriginalFilename : NOPDB.dll

ProductName : Norton Speed Disk

Created on : 10/31/2003 3:50:22 PM

Last accessed : 7/24/2004 10:41:05 PM

Last modified : 8/14/2002 12:00:00 PM

 

#:13 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-24-2004 10:41:15 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/24/2004 10:23:57 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:14 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 7-24-2004 10:41:17 PM

BasePriority : Normal

FileSize : 980 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/24/2004 11:08:49 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:15 [hkcmd.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-24-2004 10:41:22 PM

BasePriority : Normal

FileSize : 116 KB

FileVersion : 3.0.0.2285

ProductVersion : 7.0.0.2285

Copyright : Copyright 1999-2003, Intel Corporation

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

OriginalFilename : HKCMD.EXE

ProductName : Intel® Common User Interface

Created on : 10/2/2003 7:19:44 PM

Last accessed : 7/24/2004 10:41:22 PM

Last modified : 10/2/2003 7:19:44 PM

 

#:16 [dsentry.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-24-2004 10:41:23 PM

BasePriority : Normal

FileSize : 28 KB

FileVersion : 1, 0, 2, 0

ProductVersion : 1, 0, 2, 0

Copyright : Copyright

CompanyName : Dell - Advanced Desktop Engineering

FileDescription : DVDSentry

InternalName : DVDSentry

OriginalFilename : DSentry.exe

ProductName : Dell - DVDSentry

Created on : 8/14/2002 11:22:52 PM

Last accessed : 7/24/2004 10:41:22 PM

Last modified : 8/14/2002 11:22:52 PM

 

#:17 [tvmon.exe]

FilePath : C:\Program Files\Canon\BJPV\

ThreadCreationTime : 7-24-2004 10:41:23 PM

BasePriority : Normal

FileSize : 44 KB

FileVersion : 1.00

ProductVersion : 1.00

Copyright : Copyright CANON INC. 2002 All Rights Reserved.

CompanyName : Canon Inc.

FileDescription : Canon Photo Viewer

InternalName : TVMon

OriginalFilename : TVMon.exe

ProductName : Canon Photo Viewer

Created on : 10/15/2003 10:16:44 PM

Last accessed : 7/24/2004 10:41:23 PM

Last modified : 1/21/2003 9:35:56 PM

 

#:18 [bjlaunch.exe]

FilePath : C:\Program Files\Canon\BJCard\

ThreadCreationTime : 7-24-2004 10:41:23 PM

BasePriority : Normal

FileSize : 700 KB

FileVersion : 1.30

ProductVersion : 1.30

Copyright : Copyright CANON INC. 2000-2002 All Rights Reserved.

CompanyName : CANON INC.

FileDescription : Memory Card Utility

InternalName : BJLaunch

OriginalFilename : BJLaunch.EXE

ProductName : Memory Card Utility

Created on : 10/15/2003 10:17:18 PM

Last accessed : 7/24/2004 10:41:23 PM

Last modified : 12/20/2002 7:26:04 PM

 

#:19 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 7-24-2004 10:41:24 PM

BasePriority : Normal

FileSize : 53 KB

FileVersion : 1.0.10.006

ProductVersion : 1.0.10.006

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client CC App

InternalName : ccApp

OriginalFilename : ccApp.exe

ProductName : Common Client

Created on : 1/23/2004 4:02:33 PM

Last accessed : 7/24/2004 10:41:23 PM

Last modified : 12/2/2003 10:11:04 PM

 

#:20 [drgtodsc.exe]

FilePath : C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\

ThreadCreationTime : 7-24-2004 10:41:25 PM

BasePriority : Normal

FileSize : 740 KB

FileVersion : 6.0.0.171

ProductVersion : 6.0.0.171

Copyright : Copyright © 1999-2003 Roxio, Inc.

CompanyName : Roxio

FileDescription : Drag To Disc Application

InternalName : D2D

OriginalFilename : BurnCtrl.EXE

ProductName : Drag-to-Disc

Created on : 1/13/2003 4:19:26 PM

Last accessed : 7/24/2004 10:41:25 PM

Last modified : 1/13/2003 4:19:26 PM

 

#:21 [rxmon.exe]

FilePath : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\

ThreadCreationTime : 7-24-2004 10:41:25 PM

BasePriority : Normal

FileSize : 248 KB

FileVersion : 1.0.100

ProductVersion : 1.0.100

Copyright : Copyright

CompanyName : Roxio, Inc.

FileDescription : Roxio AudioCentral Media Manager Tray App

InternalName : Roxio AudioCentral Media Manager Tray App

OriginalFilename : RxMon.exe

ProductName : AudioCentral Media Manager

Created on : 1/9/2003 3:21:26 PM

Last accessed : 7/24/2004 10:41:25 PM

Last modified : 1/9/2003 3:21:26 PM

 

#:22 [mm_tray.exe]

FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\

ThreadCreationTime : 7-24-2004 10:41:26 PM

BasePriority : Normal

FileSize : 116 KB

FileVersion : 8.20.0107

ProductVersion : 8.20.0107

Copyright : Copyright

CompanyName : MUSICMATCH, Inc.

FileDescription : mm_tray

InternalName : mm_tray

OriginalFilename : mm_tray.exe

ProductName : MUSICMATCH JUKEBOX

Created on : 3/15/2004 5:34:03 PM

Last accessed : 7/24/2004 10:41:25 PM

Last modified : 1/26/2004 4:46:48 PM

 

#:23 [mmtask.exe]

FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\

ThreadCreationTime : 7-24-2004 10:41:26 PM

BasePriority : Normal

FileSize : 52 KB

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

Copyright : TODO: © <Company name>. All rights reserved.

CompanyName : TODO: <Company name>

FileDescription : TODO: <File description>

InternalName : mmtask.exe

OriginalFilename : mmtask.exe

ProductName : TODO: <Product name>

Created on : 3/15/2004 5:34:04 PM

Last accessed : 7/24/2004 10:41:26 PM

Last modified : 1/26/2004 4:46:48 PM

 

#:24 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ThreadCreationTime : 7-24-2004 10:41:27 PM

BasePriority : Normal

FileSize : 280 KB

FileVersion : 4.6.0.15

ProductVersion : 4.6.0.15

CompanyName : Apple Computer, Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

OriginalFilename : iTunesHelper.exe

ProductName : iTunes

Created on : 6/4/2004 5:38:12 PM

Last accessed : 7/24/2004 10:41:26 PM

Last modified : 6/4/2004 5:38:12 PM

 

#:25 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ThreadCreationTime : 7-24-2004 10:41:27 PM

BasePriority : Normal

FileSize : 176 KB

FileVersion : 0.1.0.3034

ProductVersion : 0.1.0.3034

Copyright : Copyright

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

OriginalFilename : realsched.exe

ProductName : RealPlayer (32-bit)

Created on : 7/30/2003 7:17:26 AM

Last accessed : 7/24/2004 10:41:27 PM

Last modified : 7/10/2004 8:25:29 PM

 

#:26 [ipodservice.exe]

FilePath : C:\Program Files\iPod\bin\

ThreadCreationTime : 7-24-2004 10:41:28 PM

BasePriority : Normal

FileSize : 392 KB

FileVersion : 4.6.0.15

ProductVersion : 4.6.0.15

CompanyName : Apple Computer, Inc.

FileDescription : iPodService Module

InternalName : iPodService

OriginalFilename : iPodService.exe

ProductName : iTunes

Created on : 6/4/2004 5:37:56 PM

Last accessed : 7/24/2004 10:39:45 PM

Last modified : 6/4/2004 5:37:56 PM

 

#:27 [playlist.exe]

FilePath : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\

ThreadCreationTime : 7-24-2004 10:41:29 PM

BasePriority : Normal

FileSize : 112 KB

FileVersion : 1.0.98

ProductVersion : 1.0.98

Copyright : Copyright

CompanyName : Roxio, Inc.

FileDescription : Roxio AudioCentral Media Manager Playlist

InternalName : Roxio AudioCentral Media Manager Playlist

OriginalFilename : PlayList.exe

ProductName : AudioCentral Media Manager

Created on : 1/9/2003 4:20:20 PM

Last accessed : 7/24/2004 10:41:05 PM

Last modified : 1/9/2003 4:20:20 PM

 

#:28 [thguard.exe]

FilePath : C:\Program Files\TrojanHunter 3.9\

ThreadCreationTime : 7-24-2004 10:41:34 PM

BasePriority : Normal

FileSize : 1042 KB

FileVersion : 3.8.0.272

ProductVersion : 1.0.0.0

Copyright : Mischel Internet Security

CompanyName : Mischel Internet Security

FileDescription : TrojanHunter Guard

OriginalFilename : THGuard.exe

ProductName : TrojanHunter Guard

Created on : 2/25/2004 6:40:08 AM

Last accessed : 7/24/2004 10:41:38 PM

Last modified : 2/25/2004 6:40:08 AM

 

#:29 [cursorxp.exe]

FilePath : C:\Program Files\CursorXP\

ThreadCreationTime : 7-24-2004 10:41:35 PM

BasePriority : High

FileSize : 122 KB

FileVersion : 1, 3, 0, 0

ProductVersion : 1, 3, 0, 0

Copyright : Copyright

FileDescription : CursorXP

InternalName : CursorXP

OriginalFilename : CursorXP.exe

ProductName : Stardock CursorXP

Created on : 11/22/2003 4:43:31 PM

Last accessed : 7/24/2004 10:41:35 PM

Last modified : 3/1/2003 10:40:20 PM

 

#:30 [trueweather.exe]

FilePath : C:\Program Files\Common Files\10-11 Web Alert\

ThreadCreationTime : 7-24-2004 10:41:39 PM

BasePriority : Normal

FileSize : 1226 KB

FileVersion : 1, 0, 0, 277

ProductVersion : 1, 0, 0, 277

Copyright : TrueWeather Copyright © 2001-2004

CompanyName : Digital Information Network

OriginalFilename : TrueWeather.exe

ProductName : TrueWeather

Created on : 5/17/2004 4:55:42 PM

Last accessed : 7/24/2004 10:41:56 PM

Last modified : 6/29/2004 9:10:07 PM

 

#:31 [sgmain.exe]

FilePath : C:\Program Files\SpywareGuard\

ThreadCreationTime : 7-24-2004 10:41:41 PM

BasePriority : Normal

FileSize : 352 KB

FileVersion : 2.02.0001

ProductVersion : 2.02.0001

Copyright : Copyright © 2002-2003 Javacool Software LLC

FileDescription : SpywareGuard

InternalName : sgmain

OriginalFilename : sgmain.exe

ProductName : SpywareGuard

Created on : 8/30/2003 12:05:35 AM

Last accessed : 7/24/2004 10:41:41 PM

Last modified : 8/30/2003 12:05:35 AM

 

#:32 [webshots.scr]

FilePath : C:\WINDOWS\

ThreadCreationTime : 7-24-2004 10:41:48 PM

BasePriority : Normal

FileSize : 1912 KB

FileVersion : 2.0.0.4324

ProductVersion : 2.0.0.4324

Copyright : Copyright © 2003

CompanyName : Webshots.com

FileDescription : Webshots Photo Manager

InternalName : Webshots2

OriginalFilename : Webshots2.EXE

ProductName : The Webshots Desktop

Created on : 11/22/2003 5:03:14 PM

Last accessed : 7/24/2004 10:41:05 PM

Last modified : 10/30/2003 7:51:20 PM

 

#:33 [sgbhp.exe]

FilePath : C:\Program Files\SpywareGuard\

ThreadCreationTime : 7-24-2004 10:41:59 PM

BasePriority : Normal

FileSize : 228 KB

FileVersion : 2.02.0001

ProductVersion : 2.02.0001

Copyright : Copyright © 2002-2003 Javacool Software LLC.

FileDescription : SG Browser Hijacking Protection

InternalName : sgbhp

OriginalFilename : sgbhp.exe

ProductName : SG Browser Hijacking Protection

Created on : 8/29/2003 4:14:56 PM

Last accessed : 7/24/2004 11:13:05 PM

Last modified : 8/29/2003 4:14:56 PM

 

#:34 [iexplore.exe]

FilePath : C:\Program Files\Avant Browser\

ThreadCreationTime : 7-24-2004 10:43:35 PM

BasePriority : Normal

FileSize : 675 KB

FileVersion : 9.0.2.33

ProductVersion : 9.0

CompanyName : Avant Browser

FileDescription : Avant Browser

ProductName : Avant Browser

Created on : 6/17/2004 7:21:38 AM

Last accessed : 7/24/2004 11:10:06 PM

Last modified : 6/17/2004 7:21:38 AM

 

#:35 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-aware 6\

ThreadCreationTime : 7-24-2004 11:10:28 PM

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 4/10/2004 4:39:08 PM

Last accessed : 7/24/2004 11:10:28 PM

Last modified : 7/13/2003 3:00:20 AM

 

#:36 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ThreadCreationTime : 7-24-2004 11:11:05 PM

BasePriority : Normal

FileSize : 1456 KB

FileVersion : 4.7.2009

ProductVersion : Version 4.7

Copyright : Copyright © Microsoft Corporation 1997-2003

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

OriginalFilename : msmsgs.exe

ProductName : Messenger

Created on : 4/15/2003 12:30:14 AM

Last accessed : 7/24/2004 11:09:02 PM

Last modified : 4/15/2003 12:30:14 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "about:blank"

 

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 1

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

VX2 Object recognized!

Type : File

Data : a0028302.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\

FileSize : 313 KB

Created on : 7/24/2004 7:00:36 PM

Last accessed : 7/24/2004 11:25:40 PM

Last modified : 7/21/2004 2:33:49 PM

 

 

 

VX2 Object recognized!

Type : File

Data : a0028303.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\

FileSize : 313 KB

Created on : 7/24/2004 6:03:16 PM

Last accessed : 7/24/2004 11:25:40 PM

Last modified : 7/21/2004 2:33:49 PM

 

 

 

VX2 Object recognized!

Type : File

Data : a0028314.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\

FileSize : 313 KB

Created on : 7/24/2004 7:54:18 PM

Last accessed : 7/24/2004 11:25:40 PM

Last modified : 7/21/2004 2:33:49 PM

 

 

 

VX2 Object recognized!

Type : File

Data : 6fo4svc.dll

Object : C:\WINDOWS\SYSTEM32\

FileSize : 313 KB

Created on : 7/24/2004 10:41:14 PM

Last accessed : 7/24/2004 10:41:14 PM

Last modified : 7/21/2004 2:33:49 PM

 

 

 

VX2 Object recognized!

Type : File

Data : aeaamon.dll

Object : C:\WINDOWS\SYSTEM32\

FileSize : 313 KB

Created on : 7/24/2004 9:41:01 PM

Last accessed : 7/24/2004 11:27:31 PM

Last modified : 7/21/2004 2:33:49 PM

 

 

 

VX2 Object recognized!

Type : File

Data : agsldp.dll

Object : C:\WINDOWS\SYSTEM32\

FileSize : 313 KB

Created on : 7/24/2004 8:27:44 PM

Last accessed : 7/24/2004 11:27:31 PM

Last modified : 7/21/2004 2:33:49 PM

 

 

 

VX2 Object recognized!

Type : File

Data : atlui.dll

Object : C:\WINDOWS\SYSTEM32\

FileSize : 313 KB

Created on : 7/24/2004 9:50:36 PM

Last accessed : 7/24/2004 11:27:32 PM

Last modified : 7/21/2004 2:33:49 PM

 

 

 

VX2 Object recognized!

Type : File

Data : aylui.dll

Object : C:\WINDOWS\SYSTEM32\

FileSize : 313 KB

Created on : 7/24/2004 9:45:32 PM

Last accessed : 7/24/2004 11:27:33 PM

Last modified : 7/21/2004 2:33:49 PM

 

 

 

Disk scan result for C:\

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 9

 

 

Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Hosts file scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

13 entries scanned.

New objects :0

Objects found so far: 9

 

 

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 9

 

 

6:29:30 PM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:16:26:610

Objects scanned :174077

Objects identified :9

Objects ignored :0

New objects :9

Share this post


Link to post
Share on other sites

Hi there,

 

 

Please do this;

 

Download LSPfix Here

 

Launch the application, and click the "I know what I'm doing" checkbox.

 

Check all instances of 'lspak.dll' (and nothing else), and move them to the "Remove" pane.

Then click Finish.

 

Next;

 

You are running hijackthis from your desktop, this is not a good idea because when we do a fix hijackthis will create backups and they will be spread all over your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar) like this C:\HJT\HijackThis.exe. Then extract hijackthis into the folder you have created and run it from there. When you have done that, delete the copy of hijackthis that you have on your desktop.

 

Reboot, then post a fresh log

Edited by 12g

Share this post


Link to post
Share on other sites

Popups seem to be gone (for now), but just making sure everything is checking out okay. Moved HJ and ran lspfix, deleted lspak.dll. New log:

 

 

Logfile of HijackThis v1.98.0

Scan saved at 10:51:03 AM, on 7/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Canon\BJPV\TVMon.exe

C:\Program Files\Canon\BJCard\BJLaunch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\TrojanHunter 3.9\THGuard.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\WINDOWS\webshots.scr

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/68528

O1 - Hosts: 69.20.16.183 ieautosearch

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [bJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe

O4 - HKLM\..\Run: [bJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

 

 

 

thanks again. :wave:

Share this post


Link to post
Share on other sites

Hi there,

 

Ok apart from this optional fix, and are you happy being directed to Rackspace?, if so, your log is clean now. If you want me to do something about Rackspace let me know.

 

This is the optional fix;

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE<<<<These items are considered to be resource hogs that are not needed and it may be worthwhile to fix them with HJT. You will still be able to start them manually if you need them...

 

To provide future protection - I would advise you to download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

 

IE-SPYAD puts over 5000 sites in your restricted zone, if you use IE, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download

Here

 

Both are very small free programs that you run once, and then just weekly to check for updates.

 

And also see

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Ok apart from this optional fix, and are you happy being directed to Rackspace?

Still getting popups. :( Deleted O4 - Global Startup: Microsoft Office.lnk

= C:\Program Files\Microsoft Office\Office10\OSA.EXE. What do you mean by Rackspace?

 

 

Logfile of HijackThis v1.98.0

Scan saved at 1:10:06 PM, on 7/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Canon\BJPV\TVMon.exe

C:\Program Files\Canon\BJCard\BJLaunch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\TrojanHunter 3.9\THGuard.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\WINDOWS\webshots.scr

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Avant Browser\iexplore.exe

C:\HJT\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/68528

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [bJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe

O4 - HKLM\..\Run: [bJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe

O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm

O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

Share this post


Link to post
Share on other sites

Hi there,

 

Don't worry about Rackspace, that was the hosts file you deleted.

 

Ok I would like you to fix this one, unless you know of it.

 

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

 

 

O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe

 

 

 

 

Restart your computer in

Safe Mode Also make sure you show hidden files Then delete the following files or folders as indicated below if they still show:

 

Not all or any of these may still show,

 

 

C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe<<<<Folder

 

Reboot, then post a fresh logfile so that I can check to see if it is clean.

Share this post


Link to post
Share on other sites

that trueweather is actually a little weather alert thing i downloaded through the local weather station. i'm almost 100% positive it has no adware or anything. well, no more than weatherbug anyways. :rofl:

 

but i'm still getting ads like

http://ads1.revenue.net/r?site_id=12323&pp...id=1&r_num=4459

 

the ads are for spyware blocking software and stuff. kind of ironic.

 

i use avant browser. is that recommended??

 

 

Logfile of HijackThis v1.98.0

Scan saved at 2:09:35 PM, on 7/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Canon\BJPV\TVMon.exe

C:\Program Files\Canon\BJCard\BJLaunch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\WINDOWS\webshots.scr

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/68528

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [bJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe

O4 - HKLM\..\Run: [bJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

Share this post


Link to post
Share on other sites
that trueweather is actually a little weather alert thing i downloaded through the local weather station.  i'm almost 100% positive it has no adware or anything.  well, no more than weatherbug anyways.  :rofl:

 

but i'm still getting ads like

http://ads1.revenue.net/r?site_id=12323&pp...id=1&r_num=4459

 

the ads are for spyware blocking software and stuff.  kind of ironic.

 

i use avant browser.  is that recommended??

 

 

Hi there,

 

Yes Avant is ok to use. Are you pasting the full log for me? you haven't let it ignore anything have you? I would also suggest that we fix that TrueWeather program, but then restore it. I will show you how to do that after you answer me about the log.

Share this post


Link to post
Share on other sites

Hi there,

 

From the last post leave trueweather at the moment, try this first;

 

 

Download this: http://www.downloads.subratam.org/VX2Finder.exe and run it

 

1-Click "Click To find Find VX2.Abetterinternet"

 

2-Delete all files found

You will get a message about "cannot delete this one" matching the same name in the Guardian Key.

 

3-Click "Open regedit" will take you right to the Guardian Key(no need to search for it)

 

4-Hilite "Guardian", RightClick and choose Security/permissions, you'll get another window with 'advanced'...

DE-select (uncheck) the lower box with "inheritable permissions"

Hit 'ok' and 'remove' on the following security prompts.

 

Restart computer.

 

5-On restart use VX2Finder again, select + delete the last file, click "User Agent$" will remove that entry from the registry.

 

6-Click "Open regedit" again, this time restoring the checkmark in "inheritable permissions"

 

7-Click "Guardian.reg" in VX2Finder Deletes the Guardian Key.

 

8-Use Find again should produce a clean log of blank values.

 

9-Click "Restore Policy" to restore the Debug policy altered in the look2Me installation.(requires reboot to apply,)

 

But do this first,

 

Sometimes, when a PC is infected a copy of the file is backed up in your System Restore (XP and ME). By default, Windows prevents System Restore from being modified by outside programs, which includes your AntiVirus program.

 

One of the best features of Windows XP is the System Restore option, however if a virus infects a computer with this operating system the virus can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after a virus removal.

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

Disabling System Restore does not delete or remove any of your personal data from your computer. The only files removed are those that System Restore created in the _RESTORE folder, the restore points.

 

(winXP)

 

Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

 

Reboot.

 

Run Adaware again, then post the log here.

 

System restore can be turned back on after your Adaware log has been checked.

Share this post


Link to post
Share on other sites

Turned of Restore, ran VX2, deleted files and ran other options as asked, ran adaware, found 1 regkey. Heres the adaware and HJT logs. Hopefully this works. THANKS SO MUCH FOR ALL THE HELP! :D

 

 

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :Monday, July 26, 2004 10:37:35 AM

Created with Ad-aware Personal, free for private use.

Using reference-file :01R334 24.07.2004

______________________________________________________

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

 

7-26-2004 10:37:35 AM - Scan started. (Custom mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 7-26-2004 3:36:21 PM

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 7-26-2004 3:36:27 PM

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-26-2004 3:36:27 PM

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-26-2004 3:36:27 PM

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-26-2004 3:36:27 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-26-2004 3:36:28 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:7 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 7-26-2004 3:36:30 PM

BasePriority : Normal

FileSize : 980 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/26/2004 3:36:30 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:8 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-26-2004 3:36:30 PM

BasePriority : Normal

FileSize : 50 KB

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:9 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 7-26-2004 3:36:30 PM

BasePriority : Normal

FileSize : 309 KB

FileVersion : 1.03.4

ProductVersion : 1.03.4

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Event Manager Service

InternalName : ccEvtMgr

OriginalFilename : ccEvtMgr.exe

ProductName : Event Manager

Created on : 10/31/2003 3:57:53 PM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 7/17/2003 5:16:38 PM

 

#:10 [bjmcmng.exe]

FilePath : C:\Program Files\Canon\BJCard\

ThreadCreationTime : 7-26-2004 3:36:31 PM

BasePriority : Normal

FileSize : 48 KB

FileVersion : 1.30

ProductVersion : 1.30

Copyright : Copyright CANON INC. 2000-2002 All Rights Reserved.

CompanyName : CANON INC.

FileDescription : Memory Card Manager

InternalName : Bjmcmng

OriginalFilename : Bjmcmng.exe

ProductName : Memory Card Utility

Created on : 10/15/2003 10:17:18 PM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 10/21/2002 3:36:50 PM

 

#:11 [navapsvc.exe]

FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\

ThreadCreationTime : 7-26-2004 3:36:31 PM

BasePriority : Normal

FileSize : 113 KB

FileVersion : 9.05.1015

ProductVersion : 9.05.1015

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

OriginalFilename : NAVAPSVC.EXE

ProductName : Norton AntiVirus

Created on : 10/31/2003 3:57:39 PM

Last accessed : 7/26/2004 3:19:24 PM

Last modified : 11/15/2002 1:41:26 AM

 

#:12 [nprotect.exe]

FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\

ThreadCreationTime : 7-26-2004 3:36:31 PM

BasePriority : Normal

FileSize : 132 KB

FileVersion : 16.00.0.22

ProductVersion : 16.00.0.22

Copyright : Copyright © 2003 Symantec Corporation

CompanyName : Symantec Corporation

FileDescription : Norton Protection Status

InternalName : NPROTECT

OriginalFilename : NPROTECT.EXE

ProductName : Norton Utilities

Created on : 10/31/2003 3:49:13 PM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 8/14/2002 12:03:00 PM

 

#:13 [nopdb.exe]

FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\

ThreadCreationTime : 7-26-2004 3:36:31 PM

BasePriority : Normal

FileSize : 168 KB

FileVersion : 7.00.0.24

ProductVersion : 7.00.0.24

Copyright : Copyright © 2002

CompanyName : Symantec Corporation

FileDescription : NOPDB

InternalName : NOPDB

OriginalFilename : NOPDB.dll

ProductName : Norton Speed Disk

Created on : 10/31/2003 3:50:22 PM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 8/14/2002 12:00:00 PM

 

#:14 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-26-2004 3:36:31 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/29/2002 10:00:00 AM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 8/29/2002 10:00:00 AM

 

#:15 [hkcmd.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-26-2004 3:36:34 PM

BasePriority : Normal

FileSize : 116 KB

FileVersion : 3.0.0.2285

ProductVersion : 7.0.0.2285

Copyright : Copyright 1999-2003, Intel Corporation

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

OriginalFilename : HKCMD.EXE

ProductName : Intel® Common User Interface

Created on : 10/2/2003 7:19:44 PM

Last accessed : 7/26/2004 3:36:32 PM

Last modified : 10/2/2003 7:19:44 PM

 

#:16 [dsentry.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-26-2004 3:36:35 PM

BasePriority : Normal

FileSize : 28 KB

FileVersion : 1, 0, 2, 0

ProductVersion : 1, 0, 2, 0

Copyright : Copyright

CompanyName : Dell - Advanced Desktop Engineering

FileDescription : DVDSentry

InternalName : DVDSentry

OriginalFilename : DSentry.exe

ProductName : Dell - DVDSentry

Created on : 8/14/2002 11:22:52 PM

Last accessed : 7/26/2004 3:36:35 PM

Last modified : 8/14/2002 11:22:52 PM

 

#:17 [tvmon.exe]

FilePath : C:\Program Files\Canon\BJPV\

ThreadCreationTime : 7-26-2004 3:36:35 PM

BasePriority : Normal

FileSize : 44 KB

FileVersion : 1.00

ProductVersion : 1.00

Copyright : Copyright CANON INC. 2002 All Rights Reserved.

CompanyName : Canon Inc.

FileDescription : Canon Photo Viewer

InternalName : TVMon

OriginalFilename : TVMon.exe

ProductName : Canon Photo Viewer

Created on : 10/15/2003 10:16:44 PM

Last accessed : 7/26/2004 3:36:35 PM

Last modified : 1/21/2003 9:35:56 PM

 

#:18 [bjlaunch.exe]

FilePath : C:\Program Files\Canon\BJCard\

ThreadCreationTime : 7-26-2004 3:36:35 PM

BasePriority : Normal

FileSize : 700 KB

FileVersion : 1.30

ProductVersion : 1.30

Copyright : Copyright CANON INC. 2000-2002 All Rights Reserved.

CompanyName : CANON INC.

FileDescription : Memory Card Utility

InternalName : BJLaunch

OriginalFilename : BJLaunch.EXE

ProductName : Memory Card Utility

Created on : 10/15/2003 10:17:18 PM

Last accessed : 7/26/2004 3:36:35 PM

Last modified : 12/20/2002 7:26:04 PM

 

#:19 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 7-26-2004 3:36:36 PM

BasePriority : Normal

FileSize : 53 KB

FileVersion : 1.0.10.006

ProductVersion : 1.0.10.006

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client CC App

InternalName : ccApp

OriginalFilename : ccApp.exe

ProductName : Common Client

Created on : 1/23/2004 4:02:33 PM

Last accessed : 7/26/2004 3:36:35 PM

Last modified : 12/2/2003 10:11:04 PM

 

#:20 [drgtodsc.exe]

FilePath : C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\

ThreadCreationTime : 7-26-2004 3:36:37 PM

BasePriority : Normal

FileSize : 740 KB

FileVersion : 6.0.0.171

ProductVersion : 6.0.0.171

Copyright : Copyright © 1999-2003 Roxio, Inc.

CompanyName : Roxio

FileDescription : Drag To Disc Application

InternalName : D2D

OriginalFilename : BurnCtrl.EXE

ProductName : Drag-to-Disc

Created on : 1/13/2003 4:19:26 PM

Last accessed : 7/26/2004 3:36:37 PM

Last modified : 1/13/2003 4:19:26 PM

 

#:21 [rxmon.exe]

FilePath : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\

ThreadCreationTime : 7-26-2004 3:36:38 PM

BasePriority : Normal

FileSize : 248 KB

FileVersion : 1.0.100

ProductVersion : 1.0.100

Copyright : Copyright

CompanyName : Roxio, Inc.

FileDescription : Roxio AudioCentral Media Manager Tray App

InternalName : Roxio AudioCentral Media Manager Tray App

OriginalFilename : RxMon.exe

ProductName : AudioCentral Media Manager

Created on : 1/9/2003 3:21:26 PM

Last accessed : 7/26/2004 3:36:37 PM

Last modified : 1/9/2003 3:21:26 PM

 

#:22 [mm_tray.exe]

FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\

ThreadCreationTime : 7-26-2004 3:36:38 PM

BasePriority : Normal

FileSize : 116 KB

FileVersion : 8.20.0107

ProductVersion : 8.20.0107

Copyright : Copyright

CompanyName : MUSICMATCH, Inc.

FileDescription : mm_tray

InternalName : mm_tray

OriginalFilename : mm_tray.exe

ProductName : MUSICMATCH JUKEBOX

Created on : 3/15/2004 5:34:03 PM

Last accessed : 7/26/2004 3:36:38 PM

Last modified : 1/26/2004 4:46:48 PM

 

#:23 [mmtask.exe]

FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\

ThreadCreationTime : 7-26-2004 3:36:39 PM

BasePriority : Normal

FileSize : 52 KB

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

Copyright : TODO: © <Company name>. All rights reserved.

CompanyName : TODO: <Company name>

FileDescription : TODO: <File description>

InternalName : mmtask.exe

OriginalFilename : mmtask.exe

ProductName : TODO: <Product name>

Created on : 3/15/2004 5:34:04 PM

Last accessed : 7/26/2004 3:36:38 PM

Last modified : 1/26/2004 4:46:48 PM

 

#:24 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ThreadCreationTime : 7-26-2004 3:36:40 PM

BasePriority : Normal

FileSize : 280 KB

FileVersion : 4.6.0.15

ProductVersion : 4.6.0.15

CompanyName : Apple Computer, Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

OriginalFilename : iTunesHelper.exe

ProductName : iTunes

Created on : 6/4/2004 5:38:12 PM

Last accessed : 7/26/2004 3:36:39 PM

Last modified : 6/4/2004 5:38:12 PM

 

#:25 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ThreadCreationTime : 7-26-2004 3:36:40 PM

BasePriority : Normal

FileSize : 176 KB

FileVersion : 0.1.0.3034

ProductVersion : 0.1.0.3034

Copyright : Copyright

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

OriginalFilename : realsched.exe

ProductName : RealPlayer (32-bit)

Created on : 7/30/2003 7:17:26 AM

Last accessed : 7/26/2004 3:36:40 PM

Last modified : 7/10/2004 8:25:29 PM

 

#:26 [cursorxp.exe]

FilePath : C:\Program Files\CursorXP\

ThreadCreationTime : 7-26-2004 3:36:40 PM

BasePriority : High

FileSize : 122 KB

FileVersion : 1, 3, 0, 0

ProductVersion : 1, 3, 0, 0

Copyright : Copyright

FileDescription : CursorXP

InternalName : CursorXP

OriginalFilename : CursorXP.exe

ProductName : Stardock CursorXP

Created on : 11/22/2003 4:43:31 PM

Last accessed : 7/26/2004 3:36:40 PM

Last modified : 3/1/2003 10:40:20 PM

 

#:27 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ThreadCreationTime : 7-26-2004 3:36:42 PM

BasePriority : Normal

FileSize : 1456 KB

FileVersion : 4.7.2009

ProductVersion : Version 4.7

Copyright : Copyright © Microsoft Corporation 1997-2003

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

OriginalFilename : msmsgs.exe

ProductName : Messenger

Created on : 4/15/2003 12:30:14 AM

Last accessed : 7/26/2004 3:15:52 PM

Last modified : 4/15/2003 12:30:14 AM

 

#:28 [playlist.exe]

FilePath : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\

ThreadCreationTime : 7-26-2004 3:36:42 PM

BasePriority : Normal

FileSize : 112 KB

FileVersion : 1.0.98

ProductVersion : 1.0.98

Copyright : Copyright

CompanyName : Roxio, Inc.

FileDescription : Roxio AudioCentral Media Manager Playlist

InternalName : Roxio AudioCentral Media Manager Playlist

OriginalFilename : PlayList.exe

ProductName : AudioCentral Media Manager

Created on : 1/9/2003 4:20:20 PM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 1/9/2003 4:20:20 PM

 

#:29 [ipodservice.exe]

FilePath : C:\Program Files\iPod\bin\

ThreadCreationTime : 7-26-2004 3:36:42 PM

BasePriority : Normal

FileSize : 392 KB

FileVersion : 4.6.0.15

ProductVersion : 4.6.0.15

CompanyName : Apple Computer, Inc.

FileDescription : iPodService Module

InternalName : iPodService

OriginalFilename : iPodService.exe

ProductName : iTunes

Created on : 6/4/2004 5:37:56 PM

Last accessed : 7/26/2004 3:19:28 PM

Last modified : 6/4/2004 5:37:56 PM

 

#:30 [trueweather.exe]

FilePath : C:\Program Files\Common Files\10-11 Web Alert\

ThreadCreationTime : 7-26-2004 3:36:44 PM

BasePriority : Normal

FileSize : 1226 KB

FileVersion : 1, 0, 0, 277

ProductVersion : 1, 0, 0, 277

Copyright : TrueWeather Copyright © 2001-2004

CompanyName : Digital Information Network

OriginalFilename : TrueWeather.exe

ProductName : TrueWeather

Created on : 5/17/2004 4:55:42 PM

Last accessed : 7/26/2004 3:36:41 PM

Last modified : 6/29/2004 9:10:07 PM

 

#:31 [sgmain.exe]

FilePath : C:\Program Files\SpywareGuard\

ThreadCreationTime : 7-26-2004 3:36:46 PM

BasePriority : Normal

FileSize : 352 KB

FileVersion : 2.02.0001

ProductVersion : 2.02.0001

Copyright : Copyright © 2002-2003 Javacool Software LLC

FileDescription : SpywareGuard

InternalName : sgmain

OriginalFilename : sgmain.exe

ProductName : SpywareGuard

Created on : 8/30/2003 12:05:35 AM

Last accessed : 7/26/2004 3:36:45 PM

Last modified : 8/30/2003 12:05:35 AM

 

#:32 [webshots.scr]

FilePath : C:\WINDOWS\

ThreadCreationTime : 7-26-2004 3:36:50 PM

BasePriority : Normal

FileSize : 1912 KB

FileVersion : 2.0.0.4324

ProductVersion : 2.0.0.4324

Copyright : Copyright © 2003

CompanyName : Webshots.com

FileDescription : Webshots Photo Manager

InternalName : Webshots2

OriginalFilename : Webshots2.EXE

ProductName : The Webshots Desktop

Created on : 11/22/2003 5:03:14 PM

Last accessed : 7/26/2004 3:32:15 PM

Last modified : 10/30/2003 7:51:20 PM

 

#:33 [sgbhp.exe]

FilePath : C:\Program Files\SpywareGuard\

ThreadCreationTime : 7-26-2004 3:36:53 PM

BasePriority : Normal

FileSize : 228 KB

FileVersion : 2.02.0001

ProductVersion : 2.02.0001

Copyright : Copyright © 2002-2003 Javacool Software LLC.

FileDescription : SG Browser Hijacking Protection

InternalName : sgbhp

OriginalFilename : sgbhp.exe

ProductName : SG Browser Hijacking Protection

Created on : 8/29/2003 4:14:56 PM

Last accessed : 7/26/2004 3:20:30 PM

Last modified : 8/29/2003 4:14:56 PM

 

#:34 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-aware 6\

ThreadCreationTime : 7-26-2004 3:37:15 PM

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 4/10/2004 4:39:08 PM

Last accessed : 7/26/2004 3:37:14 PM

Last modified : 7/13/2003 3:00:20 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "about:blank"

 

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 1

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Disk scan result for C:\

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 1

 

 

Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Hosts file scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

12 entries scanned.

New objects :0

Objects found so far: 1

 

 

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 1

 

 

10:50:56 AM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:13:20:875

Objects scanned :156536

Objects identified :1

Objects ignored :0

New objects :1

 

 

 

Logfile of HijackThis v1.98.0

Scan saved at 10:55:34 AM, on 7/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Canon\BJPV\TVMon.exe

C:\Program Files\Canon\BJCard\BJLaunch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\WINDOWS\webshots.scr

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/68528

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [bJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe

O4 - HKLM\..\Run: [bJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

 

 

 

:bounce:

Share this post


Link to post
Share on other sites

Hi there,

 

That log looks a lot better, Adaware found 1 object, did you let it fix it?

Share this post


Link to post
Share on other sites

yep.. I let it fix it. so far, no more popups or anoying stuff happening. Will let you peeps know if it does, though! :) Thanks again for all the help. Let me know if I can buy you a drink sometime. heh

Share this post


Link to post
Share on other sites

You are very welcome :wave: Stay clean, to help you do that do this;

 

To provide protection in the future, I would advise you to download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

 

IE-SPYAD puts over 5000 sites in your restricted zone, if you use IE, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download

Here

 

Both are very small free programs that you run once, and then just weekly to check for updates.

 

And also see

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites

downloaded both of those already as soon as it happened. a little to late though. :) oh, and do you highly recommend a firewall? I have cable connection, but no knowledge or experience with a firewall.

Share this post


Link to post
Share on other sites
downloaded both of those already as soon as it happened.  a little to late though.  :)  oh, and do you highly recommend a firewall?  I have cable connection, but no knowledge or experience with a firewall.

I use Zone Alarm, you can get it from below my signature. Its free!!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0