flip21

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About flip21

  • Rank
    Member
  1. Would you help me? I hear a bell ring sometimes. One one user acct I think I may have a problem with dimsntfy; on another user acct it may be browseui.dll. I could have other problems too. If you are going to ask me to post a HiJackThis report, it seems in safe mode on the administrator's account that no HiJackThis is on that particular one. So I can't select or click on to go there. Maybe I'm not supposed to use administraror's account for HiJackThis. So I would need someone to tell me what I am doing wrong or if I just use the other non-administrator's accts? In the past I have tried to download LavaSoft but it won't load so I guess I need get more memory. Thanks Trojan, vius, or both? Bell ringing.
  2. Would someone please tell me how do I get rid of 2o7.net off my computer for good? Everytime I delete it it comes right back on. Accessed Task Manager to delete but was unable to determine what was what. Thank you. Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:9 Value : Cookie:[email protected]/ Expires : 5-18-2012 8:14:28 PM LastSync : Hits:9 UseCount : 0 Hits : 9
  3. First I want to thank you for your help. Bought McAfee, returned it due to not being able to use with free spyware programs and having to agree to 3rd party cookies. Can't find one that doesn't do this. Thinking about having hard drive reformatted, buy new VirusScan, and start all over. My computer is at times very slow, other times OK. Would you delete the part of HJ this that has the name on it or the whole post? I am new to this and didn't realize I should have manually deleted signature from the logfile. Thanks again.
  4. Not only is my computer loaded with spyware, I now get a pop up window that kicks me off of Firefox. I run Windows XP 2002, it runs slow. Would it help to reformat it? If so, does anyone have instructions on how to reformat? Thank you for your assistance.
  5. Yes I did run Ad-Aware prior to posting. Since then , one Anti-spyware program picked up 80 infected entries. I no longer hear drum rolls or piano playing which is great. Had trial version of McAfee that stopped working, said it was corrupted, so now regular McAfee is being sent. I'm hoping it will then be okay. If not I was thinking about having it reformatted. Thank you for helping. One question though. Does this forum normally make websites on the internet where by clicking in, all your posts and logs are shown? Is there anyway that I can delete all these posts on this forum when I am done?
  6. Whoops..here is the complete Adaware log Ad-Aware SE Build 1.06r1 Logfile Created on:Saturday, April 14, 2007 2:11:38 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R165 10.04.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):4 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 4/14/2007 2:11:38 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\{username}\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-842925246-688789844-1801674531-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-842925246-688789844-1801674531-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-842925246-688789844-1801674531-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 532 ThreadCreationTime : 4/14/2007 5:31:55 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\windows\system32\ ProcessID : 580 ThreadCreationTime : 4/14/2007 5:31:56 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\windows\system32\ ProcessID : 604 ThreadCreationTime : 4/14/2007 5:31:57 PM BasePriority : High #:4 [services.exe] FilePath : C:\windows\system32\ ProcessID : 648 ThreadCreationTime : 4/14/2007 5:31:57 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\windows\system32\ ProcessID : 660 ThreadCreationTime : 4/14/2007 5:31:57 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\windows\system32\ ProcessID : 812 ThreadCreationTime : 4/14/2007 5:31:57 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\windows\system32\ ProcessID : 872 ThreadCreationTime : 4/14/2007 5:31:58 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\windows\System32\ ProcessID : 964 ThreadCreationTime : 4/14/2007 5:31:58 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\windows\System32\ ProcessID : 1008 ThreadCreationTime : 4/14/2007 5:31:58 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\windows\System32\ ProcessID : 1116 ThreadCreationTime : 4/14/2007 5:31:59 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\windows\system32\ ProcessID : 1308 ThreadCreationTime : 4/14/2007 5:32:00 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [explorer.exe] FilePath : C:\windows\ ProcessID : 1536 ThreadCreationTime : 4/14/2007 5:32:07 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:13 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 1680 ThreadCreationTime : 4/14/2007 5:32:08 PM BasePriority : Normal FileVersion : 7.1 ProductVersion : QuickTime 7.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. FileDescription : QuickTime Task InternalName : QuickTime Task LegalCopyright : Copyright Apple Computer, Inc. 1989-2006 OriginalFilename : QTTask.exe #:14 [jusched.exe] FilePath : C:\Program Files\Java\jre1.5.0_11\bin\ ProcessID : 1688 ThreadCreationTime : 4/14/2007 5:32:08 PM BasePriority : Normal #:15 [mcagent.exe] FilePath : C:\PROGRA~1\mcafee.com\agent\ ProcessID : 1708 ThreadCreationTime : 4/14/2007 5:32:09 PM BasePriority : Normal FileVersion : 6, 0, 0, 16 ProductVersion : 6, 0, 0, 0 ProductName : McAfee SecurityCenter CompanyName : McAfee, Inc FileDescription : McAfee SecurityCenter Agent InternalName : mcagent LegalCopyright : Copyright © 2005 McAfee, Inc. OriginalFilename : mcagent.exe #:16 [masalert.exe] FilePath : C:\progra~1\mcafee\MCAFEE~1\ ProcessID : 1724 ThreadCreationTime : 4/14/2007 5:32:09 PM BasePriority : Normal FileVersion : 2.1.0.112 ProductVersion : 2.1.0.112 ProductName : McAfee AntiSpyware CompanyName : McAfee, Inc. FileDescription : McAfee AntiSpyware Alert InternalName : MASAlert.exe LegalCopyright : 2005 © McAfee, Inc. All rights reserved. OriginalFilename : MASAlert.exe #:17 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 1732 ThreadCreationTime : 4/14/2007 5:32:09 PM BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:18 [minimavis.exe] FilePath : C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\ ProcessID : 1780 ThreadCreationTime : 4/14/2007 5:32:09 PM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 2, 0, 0, 1 ProductName : Mavis Beacon Personal Coach v 2.0 CompanyName : TLC Education Properties LLC FileDescription : Mavis Beacon Personal Coach v 2.0 InternalName : MINIMAVIS LegalCopyright : Copyright © 2001 TLC Education Properties LLC OriginalFilename : MiniMavis.exe #:19 [wmtray.exe] FilePath : C:\Program Files\wmconnect\ ProcessID : 1792 ThreadCreationTime : 4/14/2007 5:32:09 PM BasePriority : Normal FileVersion : 6.02.001 ProductVersion : 6.02.001 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Tray Icon InternalName : WMTray LegalCopyright : Copyright © America Online, Inc. 1999 - 2001
  7. Ad-Aware SE Build 1.06r1 Logfile Created on:Saturday, April 14, 2007 9:07:30 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R165 10.04.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» None »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 4-14-2007 9:07:30 AM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 516 ThreadCreationTime : 4-14-2007 12:55:39 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\windows\system32\ ProcessID : 580 ThreadCreationTime : 4-14-2007 12:55:40 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\windows\system32\ ProcessID : 604 ThreadCreationTime : 4-14-2007 12:55:41 PM BasePriority : High #:4 [services.exe] FilePath : C:\windows\system32\ ProcessID : 648 ThreadCreationTime : 4-14-2007 12:55:41 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\windows\system32\ ProcessID : 660 ThreadCreationTime : 4-14-2007 12:55:41 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\windows\system32\ ProcessID : 820 ThreadCreationTime : 4-14-2007 12:55:42 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\windows\system32\ ProcessID : 868 ThreadCreationTime : 4-14-2007 12:55:42 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\windows\System32\ ProcessID : 960 ThreadCreationTime : 4-14-2007 12:55:43 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe]
  8. Hear piano being played and drum roll. What do I have? Please help. Thank you. Logfile of HijackThis v1.99.1 Scan saved at 10:34:44 AM, on 4/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe C:\Program Files\wmconnect\wmtray.exe C:\WINDOWS\system32\sol.exe C:\windows\System32\PackethSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\windows\system32\wscntfy.exe C:\windows\system32\wuauclt.exe C:\Program Files\wmconnect\wwm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\{username}~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis(2).zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AutoLoaderoF5o1LcLWIaX] "C:\WINDOWS\System32\mshav.exe" /PC="CP.IST" /ShowLegalNote="nonbranded" /UninstallName="CtxPls" O4 - HKLM\..\Run: [AutoLoaderoF5e1LcLWIaX] "C:\WINDOWS\System32\jspssvc.exe" O4 - HKLM\..\Run: [vmcleaner] gxlib.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe O4 - Global Startup: Netscape Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176075926217 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124556978478 O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/M...0,2/mcmysec.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/chuzzle...aploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5B6C6CD3-83AF-456C-96A2-CC72C35B4023}: NameServer = 205.188.146.145 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\windows\System32\PackethSvc.exe
  9. I recently heard the sound of piano keys playing and a drum roll. So I definitely have an intruder. CAN ANYONE PLEASE HELP?
  10. I, too, am waiting. Posted a new Hijack this and haven't gotten any response in 7-8 days. Now I have something new on my computer where I hear piano keys being played and very very slow downloads.
  11. Here I think this is complete. ComboScan v20070306.20 run by {username} on 2007-04-05 at 15:51:28 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as {username].exe) -------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 3:51:31 PM, on 4/5/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe C:\Program Files\wmconnect\wmtray.exe C:\Program Files\wmconnect\wwm.exe C:\windows\System32\PackethSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\{username}\Desktop\comboscan(2).exe C:\DOCUME~1\{username}~1\LOCALS~1\Temp\TEMPOR~1.ZIP\{username}.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AutoLoaderoF5o1LcLWIaX] "C:\WINDOWS\System32\mshav.exe" /PC="CP.IST" /ShowLegalNote="nonbranded" /UninstallName="CtxPls" O4 - HKLM\..\Run: [AutoLoaderoF5e1LcLWIaX] "C:\WINDOWS\System32\jspssvc.exe" O4 - HKLM\..\Run: [vmcleaner] gxlib.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe O4 - Global Startup: Netscape Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124556978478 O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/M...0,2/mcmysec.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/chuzzle...aploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5B6C6CD3-83AF-456C-96A2-CC72C35B4023}: NameServer = 205.188.146.145 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\windows\System32\PackethSvc.exe -- Files created between 2007-03-05 and 2007-04-05 ----------------------------- 2007-04-02 18:40:32 0 d-------- C:\Program Files\Common Files\Java 2007-03-25 18:24:24 0 d-------- C:\Documents and Settings\Miles\Application Data\Sun 2007-03-25 18:15:37 0 d-------- C:\Documents and Settings\Miles\Application Data\Lavasoft 2007-03-24 15:04:22 0 d-------- C:\Program Files\ACW 2007-03-19 16:39:12 3145728 --a------ C:\Documents and Settings\{username}\ntuser.dat 2007-03-17 20:30:41 0 d-------- C:\Program Files\Common Files\Knowledge Adventure<KNOWLE~1> 2007-03-17 20:30:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure<KNOWLE~1> -- Find3M Report --------------------------------------------------------------- 2007-04-05 15:29:18 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-04-05 14:35:24 0 d-------- C:\Program Files\wmconnect<WMCONN~1> 2007-04-02 19:13:42 4262 --a------ C:\windows\mozver.dat 2007-04-02 19:11:21 0 d-------- C:\Program Files\Java 2007-03-24 14:11:25 0 d-------- C:\Program Files\Common Files\Adobe 2007-03-16 14:50:19 0 d-------- C:\Documents and Settings\{username}\Application Data\AdobeUM 2007-02-27 22:02:58 0 d-------- C:\Program Files\Grisoft -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe" "AutoLoaderoF5o1LcLWIaX"="\"C:\\WINDOWS\\System32\\mshav.exe\" /PC=\"CP.IST\" /ShowLegalNote=\"nonbranded\" /UninstallName=\"CtxPls\" " "AutoLoaderoF5e1LcLWIaX"="\"C:\\WINDOWS\\System32\\jspssvc.exe\" " "vmcleaner"="gxlib.exe" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ -- End of ComboScan: finished at 2007-04-05 at 15:51:53 ------------------------
  12. ComboScan v20070306.20 run by {username} on 2007-04-04 at 08:07:16 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as {username}.exe) -------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 8:07:23 AM, on 4/4/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe C:\Program Files\wmconnect\wmtray.exe C:\windows\System32\PackethSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\windows\system32\NOTEPAD.EXE C:\Program Files\wmconnect\wwm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings{username}\Desktop\comboscan(2).exe C:\DOCUME~1\{username}~1\LOCALS~1\Temp\TEMPOR~1.ZIP\{username}.exe C:\windows\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AutoLoaderoF5o1LcLWIaX] "C:\WINDOWS\System32\mshav.exe" /PC="CP.IST" /ShowLegalNote="nonbranded" /UninstallName="CtxPls" O4 - HKLM\..\Run: [AutoLoaderoF5e1LcLWIaX] "C:\WINDOWS\System32\jspssvc.exe" O4 - HKLM\..\Run: [vmcleaner] gxlib.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe O4 - Global Startup: Netscape Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124556978478 O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/M...0,2/mcmysec.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/chuzzle...aploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5B6C6CD3-83AF-456C-96A2-CC72C35B4023}: NameServer = 205.188.146.145 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\windows\System32\PackethSvc.exe -- Files created between 2007-03-04 and 2007-04-04 -----------------------------
  13. After reading about gov't legislation I unfortunately went to the opt out of spyware site http://www.grc.com/oo/program.htm. Since that time I am unable to use either Disk Dregrag or disk cleanup. My previous high jack this report is: Logfile of HijackThis v1.99.1 Scan saved at 12:19:26 PM, on 2/19/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\windows\System32\PackethSvc.exe C:\Program Files\wmconnect\wwm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\{username}\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {17148321-8D1B-4F75-4E46-30E16B398180} - C:\windows\system32\d3gi.dll (file missing) O2 - BHO: Class - {1FA74F44-BE14-6F79-094E-4760D87A1B13} - C:\windows\system32\ieay32.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Class - {8EDEB261-7C44-2154-53C6-FA3DD5685210} - C:\windows\system32\ntfb32.dll (file missing) O2 - BHO: Class - {D83166BB-4B1E-E009-AEF4-286D350913CF} - C:\windows\ntwi.dll (file missing) O2 - BHO: Class - {EBB49CE8-D4FB-1C50-A113-897846C3735F} - C:\windows\ieig.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AutoLoaderoF5o1LcLWIaX] "C:\WINDOWS\System32\mshav.exe" /PC="CP.IST" /ShowLegalNote="nonbranded" /UninstallName="CtxPls" O4 - HKLM\..\Run: [AutoLoaderoF5e1LcLWIaX] "C:\WINDOWS\System32\jspssvc.exe" O4 - HKLM\..\Run: [vmcleaner] gxlib.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe O4 - Global Startup: Netscape Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124556978478 O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/M...0,2/mcmysec.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/chuzzle...aploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5B6C6CD3-83AF-456C-96A2-CC72C35B4023}: NameServer = 205.188.146.145 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\windows\System32\PackethSvc.exe My current one is: Logfile of HijackThis v1.99.1 Scan saved at 1:36:52 PM, on 4/2/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe C:\Program Files\wmconnect\wmtray.exe C:\Program Files\wmconnect\wwm.exe C:\WINDOWS\system32\sol.exe C:\windows\System32\PackethSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Documents and Settings\{username}\Local Settings\Temp\Temporary Directory 3 for HijackThis(2).zip\HijackThis.exe C:\Documents and Settings\{username}\Local Settings\Temp\Temporary Directory 4 for HijackThis(2).zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AutoLoaderoF5o1LcLWIaX] "C:\WINDOWS\System32\mshav.exe" /PC="CP.IST" /ShowLegalNote="nonbranded" /UninstallName="CtxPls" O4 - HKLM\..\Run: [AutoLoaderoF5e1LcLWIaX] "C:\WINDOWS\System32\jspssvc.exe" O4 - HKLM\..\Run: [vmcleaner] gxlib.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe O4 - Global Startup: Netscape Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124556978478 O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/M...0,2/mcmysec.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/chuzzle...aploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5B6C6CD3-83AF-456C-96A2-CC72C35B4023}: NameServer = 205.188.146.145 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\windows\System32\PackethSvc.exe Please help
  14. I can no longer access disk cleanup or empty my recycle bin. I have done all the steps on Microsoft help page to fix this and nothing works. Please help! I believe spyware has disabled it totally. I had gone to a site that said you could opt out of different spyware right before this was disabled.