Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HIJACKTHIS LOG and A SQUARED TEST

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HIJACKTHIS LOG and A SQUARED TEST

Unread postby sujoy » January 9th, 2007, 4:54 pm

This is the result of running HJT... can you suggest what to do?

Logfile of HijackThis v1.99.1
Scan saved at 7:40:08 AM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\ABAQUS\Documentation\monitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\ABAQUS\Documentation\monitor.exe
C:\UGS180\plot\ugiipqd.exe
C:\UGS180\UGFLEXlm\lmgrd.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\UGS180\UGFLEXLM\uglmd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\SOFTWARES 2\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rediff.com/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.tu-dresden.de:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoCompressionCodec\isaddon.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Ekushey Bangla KB.lnk = C:\Program Files\Ekushey\Ekushey.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {83229950-AD1D-4B94-8304-F56E95AFACF7} (CSurgientTerminal Object) - http://labview.ni.demoservers.com/proxy/srdp.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78CCBFEA-F035-4387-9DAB-2F847D5BC149}: NameServer = 141.30.230.3,141.30.66.135
O18 - Protocol: bw+0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {210D7336-A6D5-46C1-B551-7DA4D6934254} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXlm Service 1 - Unknown owner - C:\ABAQUS\License\lmgrd.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: Texis Monitor - Expansion Programs International, Inc. - C:\ABAQUS\Documentation\monitor.exe
O23 - Service: Unigraphics Plot Server (ugiipqd) (ugiipqd) - Unigraphics Solutions Inc. - C:\UGS180\plot\ugiipqd.exe
O23 - Service: Unigraphics License Server (uglmd) - GLOBEtrotter Software Inc. - C:\UGS180\UGFLEXlm\lmgrd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Before running HJT, i had run a-squared test....


a-squared Free - Version 2.1

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 1/9/2007 5:00:57 AM

Value: HKEY_CURRENT_USER\Software\FunWebProducts\Settings\Yahoo --> SessionCount detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_CURRENT_USER\Software\FunWebProducts\Settings\Yahoo --> SessionTimestamp detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detected: Trace.Registry.MyWebSearch Toolbar
Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> WatchDog detected: Trace.Registry.WatchDog v8.5
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:51 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:73 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:500 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:501 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:502 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:503 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:504 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:512 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:513 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:530 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:539 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:545 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:554 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:555 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:629 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:650 detected: Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:651 detected: Trace.TrackingCookie
C:\National Instruments Downloads\LabVIEW\8.2\Products\LabVIEW_Help_82EN\LVHelp.msi\mib.cab/companionparentu.dll.F9CF0BE2_331E_428C_933A_16EC64E80347 detected: Adware.Win32.Comet.at
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll detected: Adware.Win32.MyWebSearch.i
C:\Program Files\MSN Messenger\riched20.dll detected: Adware.Win32.MyWebSearch

Scanned

Files: 303652
Traces: 93160
Cookies: 716
Processes: 49

Found

Files: 3
Traces: 37
Cookies: 17
Processes: 0
Registry keys: 0

Scan end: 1/9/2007 6:28:35 AM
Scan time: 1:27:38 AM

C:\Program Files\MSN Messenger\riched20.dll Deleted Adware.Win32.MyWebSearch
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Deleted Adware.Win32.MyWebSearch.i
C:\National Instruments Downloads\LabVIEW\8.2\Products\LabVIEW_Help_82EN\LVHelp.msi\mib.cab/companionparentu.dll.F9CF0BE2_331E_428C_933A_16EC64E80347 Deleted Adware.Win32.Comet.at
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:51 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:73 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:500 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:501 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:502 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:503 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:504 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:512 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:513 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:530 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:539 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:545 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:554 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:555 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:629 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:650 Deleted Trace.TrackingCookie
C:\Documents and Settings\Computer 5\Application Data\Mozilla\Firefox\Profiles\k8f0zfyl.default\cookies.txt:651 Deleted Trace.TrackingCookie
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> WatchDog Deleted Trace.Registry.WatchDog v8.5
Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin Deleted Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToobar
Value: HKEY_CURRENT_USER\Software\FunWebProducts\Settings\Yahoo --> SessionCount Deleted Trace.Registry.MyWebSearch Toolbar
Value: HKEY_CURRENT_USER\Software\FunWebProducts\Settings\Yahoo --> SessionTimestamp Deleted Trace.Registry.MyWebSearch Toolbar
Value: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName Deleted Trace.Registry.MyWebSearch Toolbar
Value: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL Deleted Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName Deleted Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL Deleted Trace.Registry.MyWebSearch Toolbar

Deleted

Files: 0
Traces: 6
Cookies: 0


I have not made any corrections after the HJT test
sujoy
Active Member
 
Posts: 7
Joined: January 8th, 2007, 4:57 pm
Advertisement
Register to Remove

HIJACKTHIS LOG and A SQUARED TEST contd...

Unread postby sujoy » January 9th, 2007, 5:33 pm

I had ZoneAlarm which used to scan for spy and adwares but never found anything. Then 1 day I ran spybot and found that I had quite a few spywares and adwares. Spybot cleared them all.
Then after reading some of the articles in the forum, i ran the Spyware Guard (SG) and Spyware Blaster and the AVG Spyware remover tool (free). The AVG spyware tool discovered some errors again and i corrected them. There were mainly tracking cookies and 6 registry changes which it recommended be quarantined. I had also run the Trojan Hunter which again discover quite a few of them which it removed. Later on i removed all those softwares as i read that there can be cases of conflict which may result in crashing of the system.

What happened to the quarantined files by AVG Spyware test after i removed it? During uninstallation, it asked whether to remove them and i chose 'no'. Do i need to run that test again?

Later I ran the A-squared test (which again discover some errors which I corrected) once followed by HijackThis. The logs are given below. I un-installed them as well after the scans.

Now i have Zone Alarm and the AVG antivirus free version along with SPYBOT

Can you tell me which antivirus and antispywares are compatible? I have no problems with the above 3. Should I install anything else?
sujoy
Active Member
 
Posts: 7
Joined: January 8th, 2007, 4:57 pm

Unread postby askey127 » January 10th, 2007, 7:30 pm

Hi sujoy,
Please allow me to save the answers to your questions until later.
The reason you have had no responses to your post is that you answered your own post.
Helpers look for posts with zero responses.
-----------------------------------------------------------
Set Your Computer to Show All Files
  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading, select Show hidden files and folders.
  6. Uncheck Hide protected operating system files (recommended).
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
  9. Click OK.
In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
-----------------------------------------------------------
Use Add/Remove Programs In Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Logitech
Logitech Desktop messenger
Desktop Messenger

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------------
Download and install CCleaner from here.
Set Options in CCleaner and run Cleaning Scan. Open the CCleaner program.
( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck "Only delete files in Windows Temp folders older than 48 hours".
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button. Check "Only delete files in Windows Temp folders older than 48 hours".

-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Scan. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rediff.com/index.html

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked.
-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
Tell me what problems you are having with your machine.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby sujoy » January 12th, 2007, 1:56 am

Thank you for the reply.

There is one issue. I had installed my webcam.... it was from logitech. So, i did not delete the logitech cam driver which i found under the add/remove programs menu in the control panel. I only deleted the logitech desktop messenger as i do not use it either.

The HJT log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 6:41:41 AM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\svchost.exe
C:\ABAQUS\Documentation\monitor.exe
C:\UGS180\plot\ugiipqd.exe
C:\ABAQUS\Documentation\monitor.exe
C:\UGS180\UGFLEXlm\lmgrd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\UGS180\UGFLEXLM\uglmd.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
D:\SOFTWARES 2\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.tu-dresden.de:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SOFTWA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoCompressionCodec\isaddon.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {83229950-AD1D-4B94-8304-F56E95AFACF7} (CSurgientTerminal Object) - http://labview.ni.demoservers.com/proxy/srdp.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78CCBFEA-F035-4387-9DAB-2F847D5BC149}: NameServer = 141.30.230.3,141.30.66.135
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXlm Service 1 - Unknown owner - C:\ABAQUS\License\lmgrd.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: Texis Monitor - Expansion Programs International, Inc. - C:\ABAQUS\Documentation\monitor.exe
O23 - Service: Unigraphics Plot Server (ugiipqd) (ugiipqd) - Unigraphics Solutions Inc. - C:\UGS180\plot\ugiipqd.exe
O23 - Service: Unigraphics License Server (uglmd) - GLOBEtrotter Software Inc. - C:\UGS180\UGFLEXlm\lmgrd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


What should I do next?
sujoy
Active Member
 
Posts: 7
Joined: January 8th, 2007, 4:57 pm

Unread postby askey127 » January 12th, 2007, 7:46 am

sujoy,
There is not much I can see wrong with your log.
You have not stated any particular defect or behavior we need to look for.
This is a work computer, it appears, and has a lot of programs running at one time.
If you would like me to look further, I will be glad to do so.
-----------------------------------------------------------
You have a lot of toolbars and IE helpers installed. They are legitimate programs, but the collective effect may be to slow things down.
-----------------------------------------------------------
You can get rid of this last entry from MyWebSearch:
Remove log item with HighjackThis. Start HijackThis.
Click Scan. When the Scan is complete, Check the following entry:
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZS
Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked.
-----------------------------------------------------------
Install WinPatrol - Download and Install WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system. It also provides selective cookie management.
You can choose not to run it full time if you wish, but you may want to use it to remove some of the toolbars and IE "helpers".

Let me know how I can help.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby sujoy » January 13th, 2007, 8:34 am

thank you very much for the help.

can you tell me one more thing... which of these antispy softwares are compatible with ZA and AVG. I also have spybot.

Is anything else needed?

thank you a lot
sujoy
Active Member
 
Posts: 7
Joined: January 8th, 2007, 4:57 pm

Unread postby askey127 » January 13th, 2007, 12:10 pm

sujoy,
In this case I think this one would be a good bet for compatibility and effectiveness. Notice this is NOT the same as your AVG antivirus.
It is a 30 day free trial and is a good idea regardless of whether you choose to purchase the program or not. If you choose to keep it as a free program, the updates will have to be done manually after the 30 day trial period. The program is not very expensive to purchase though, and a good value.
------------------------------------------------
Download, Update, and Initialize AVG AntiSpyware
You can download it from here : http://www.ewido.net/en/download/
1. After download, double click on the file to launch the install process.
2. Choose a language, click OK and then click Next.
3. Read the License Agreement and click I Agree.
4. Accept the default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click Next, then click Install.
5. After setup completes, click Finish to start the program automatically,
or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.

Scan with AVG Anti-Spyware as follows:
Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
- Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
- Under "How to Scan?" check all (default).
- Under "Possibly unwanted software" check all (default).
- Under "What to Scan?" make sure "Scan every file" is selected (default).
( You won't have to make these settings but once.)
- Click the "Scan" tab to return to scanning options.
- Click "Complete System Scan" to start.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning.
If Explorer or other programs are open during the scan that means certain files will also be in use.
Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used.
This can hamper AVG Anti-Spyware's ability to clean properly.

- When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

Now the resident shield will protect against incoming malware.
(You may have to give permissions to both ZoneAlarm and Winpatrol while you install and update it).

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby sujoy » January 14th, 2007, 5:13 pm

thank you a lot for the help.....
sujoy
Active Member
 
Posts: 7
Joined: January 8th, 2007, 4:57 pm

Unread postby askey127 » January 14th, 2007, 7:30 pm

-------------------------------------------------------
Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Vanilla-krypton and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware