PC Help Forum - Free Computer Help, Windows, Hardware, Software and more!
   
 
Become a Member Today!
Search PC Help Forum for Answers
 
Go Back   PC Help Forum - Free Computer Help, Windows, Hardware, Software and more! > Security & Safety > Spyware / AdWare > [Fixed] Hijackthis! Logs
Reload this Page Can't load gmail, igoogle sign-in, hotmail, yahoo mail in IE, FF or Safari - HijackTh
[Fixed] Hijackthis! Logs - Can't load gmail, igoogle sign-in, hotmail, yahoo mail in IE, FF or Safari - HijackTh posted in the Spyware / AdWare forums; So for the past week I have not bee able to load gmail, igoogle sign-in, yahoo mail, hotmail from Internet Explorer, Safari or Firefox. I ran a complete AVast ...

REGISTER NOW to remove these Ads

Reply
 
LinkBack Thread Tools Display Modes Language
  #1  
Old 4 Weeks Ago
joemck's Avatar
New Poster
  
Posts: 2
PC Experience: Experienced
joemck - See this Members User comments on their Profile page
Default Can't load gmail, igoogle sign-in, hotmail, yahoo mail in IE, FF or Safari - HijackTh
So for the past week I have not bee able to load gmail, igoogle sign-in, yahoo mail, hotmail from Internet Explorer, Safari or Firefox.

I ran a complete AVast scan and found two worms in the restore file that I deleted after turning off the system restore. Didn't help.

I also ran runscanner, and have included that log.

I have now done all of the pre-work and have included those logs as well.

I would be sooooo greatful if someone could help me resolve this.

Thank you.

Here are the logs:
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:55:29 PM 4/16/2008
+ Scan result:

C:\Documents and Settings\All Users\Documents\Downloads\Ahead Nero 7 Premium Multilang with KeyGen CD Version by Verdigo DCP.rar/Nero7\Nero7Keygen.exe -> Backdoor.Hupigon : No action taken.
C:\Documents and Settings\All Users\Documents\Downloads\Ahead Nero 7 Premium Multilang with KeyGen CD Version by Verdigo DCP.rar/Nero7\Nero7Keygen.zip/Nero7Keygen.exe -> Backdoor.Hupigon : No action taken.
C:\Documents and Settings\All Users\Documents\Downloads\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : No action taken.
:mozilla.100:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.97:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.98:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.99:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\WINDOWS\Temp\Cookies\ibchiro@nielsen.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\WINDOWS\Temp\Cookies\ibchiro@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\WINDOWS\Temp\Cookies\ibchiro@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\WINDOWS\Temp\Cookies\ibchiro@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\WINDOWS\Temp\Cookies\ibchiro@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.114:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.14:C:\Documents and Settings\iBcHiRo\Application Data\Thunderbird\Profiles\vwi7tqhe.default\cookies .txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\WINDOWS\Temp\Cookies\ibchiro@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.104:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@com[1].txt -> TrackingCookie.Com : No action taken.
:mozilla.9:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\WINDOWS\Temp\Cookies\ibchiro@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\WINDOWS\Temp\Cookies\ibchiro@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@hotlog[1].txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.12:C:\Documents and Settings\iBcHiRo\Application Data\Thunderbird\Profiles\vwi7tqhe.default\cookies .txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.13:C:\Documents and Settings\iBcHiRo\Application Data\Thunderbird\Profiles\vwi7tqhe.default\cookies .txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.130:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.11:C:\Documents and Settings\iBcHiRo\Application Data\Thunderbird\Profiles\vwi7tqhe.default\cookies .txt -> TrackingCookie.Paypal : No action taken.
:mozilla.81:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Paypal : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.101:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.106:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.107:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.108:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.124:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.125:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.126:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.127:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.10:C:\Documents and Settings\iBcHiRo\Application Data\Thunderbird\Profiles\vwi7tqhe.default\cookies .txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.75:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.76:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.122:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.95:C:\Documents and Settings\iBcHiRo\Application Data\Mozilla\Firefox\Profiles\y61bb25z.default\coo kies.txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@statse.webtrendsl ive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\WINDOWS\Temp\Cookies\ibchiro@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
Generated 04/16/2008 at 04:18 PM
Application Version : 4.0.1154
Core Rules Database Version : 3412
Trace Rules Database Version: 1404
Scan type : Complete Scan
Total Scan Time : 00:42:43
Memory items scanned : 542
Memory threats detected : 0
Registry items scanned : 6039
Registry threats detected : 0
File items scanned : 25154
File threats detected : 103
Adware.Tracking Cookie
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@ads.addynamix[1].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@www.googleadservi ces[1].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@statse.webtrendsl ive[2].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@serving-sys[1].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@msnportal.112.2o7[1].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@ads.sun[1].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@doubleclick[1].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@specificclick[2].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@tribalfusion[1].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@statcounter[2].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@2o7[1].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@adlegend[1].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@atdmt[1].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@bs.serving-sys[2].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@questionmarket[2].txt
C:\Documents and Settings\iBcHiRo\Cookies\ibchiro@hotlog[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.g oogleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track ing.coorslight[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@roise rvice[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@blues treak[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbo x[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubl eclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.g oogleadservices[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.g oogleadservices[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.g oogleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dist. belnk[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partn er2profit[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@inter click[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.a s4x.tmcs[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.a ddynamix[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serve r.iad.liveperson[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt .euroclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serve r.iad.liveperson[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.a s4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@prnew swire.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@burst net[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ar.at wola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serve r.iad.liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media .fastclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media .adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@preci sionclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-rga.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtec h[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.se rving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt .specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@traff icmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statc ounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.p ointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.w indowsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrwo rldwide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrev olver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.a dbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@quest ionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overt ure[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@micro softwlmailmkt.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbri te[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacod a[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adser ving.autotrader[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realm edia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsc i[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastc lick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@speci ficclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edge. ru4[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.b urstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adver tising[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yi eldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats .channel4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-playboy.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@regal interactive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media 6.sitebrand[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sales .liveperson[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sales .liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@value click[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media plex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rotat or.adjuggler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats e.webtrendslive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwol a[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmeb f[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casal emedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@citi. bridgetrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.b urstbeacon[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.b elointeractive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@login .tracking101[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@micro softwga.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adleg end[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adint erax[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@qnsr[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@anat. tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@servi ng-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@anad. tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@triba lfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.uk .tangozebra[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mccla tchy.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@metac afe.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnpo rtal.112.2o7[1].txt
C:\WINDOWS\Temp\Cookies\ibchiro@media.adrevolver[3].txt
C:\WINDOWS\Temp\Cookies\ibchiro@imrworldwide[1].txt
C:\WINDOWS\Temp\Cookies\ibchiro@apmebf[2].txt




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:30 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\GCALDaemon\bin\wrapper.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172040617181
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181950611804
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GCALDaemon - Unknown owner - C:\Program Files\GCALDaemon\bin\wrapper.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 10158 bytes




Runscanner logfile RunScanner freeware startup, hijack and malware analyzer
* = signed file
- = file not found
000 General info
----------------
Computer name : GATEWAY-RC83K7N
Creation time : 4/15/2008 4:22:29 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.6.3.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS
001 Running processes
---------------------
c:\windows\system32\1xconfig.exe (Intel)
* c:\program files\microsoft activesync\wcescomm.exe (Microsoft Corporation)
* c:\progra~1\micros~4\rapimgr.exe (Microsoft Corporation)
c:\windows\system32\aniserv.exe (Airgo Networks, Inc.)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple, Inc.)
* c:\windows\system32\alg.exe (Microsoft Corporation)
* c:\program files\alwil software\avast4\ashserv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\aswupdsv.exe (ALWIL Software)
* c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)
* c:\program files\alwil software\avast4\ashwebsv.exe (ALWIL Software)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\windows\system32\ctfmon.exe (Microsoft Corporation)
c:\windows\system32\s24evmon.exe (Intel Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
* c:\program files\internet explorer\iexplore.exe (Microsoft Corporation)
* c:\program files\ipod\bin\ipodservice.exe (Apple Inc.)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
* c:\program files\java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
c:\windows\system32\java.exe (Sun Microsystems, Inc.)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
* c:\program files\windows live\messenger\usnsvc.exe (Microsoft Corporation)
* c:\program files\common files\microsoft shared\ink\keyboardsurrogate.exe (Microsoft Corporation)
* c:\windows\system32\wisptis.exe (Microsoft Corporation)
* c:\program files\common files\microsoft shared\ink\tabtip.exe (Microsoft Corporation)
* c:\program files\common files\microsoft shared\ink\tcserver.exe (Microsoft Corporation)
* c:\program files\microsoft office\office10\winword.exe (Microsoft Corporation)
* c:\program files\mozilla thunderbird\thunderbird.exe (Mozilla Corporation)
c:\program files\common files\new boundary\prismxl\prismxl.sys (New Boundary Technologies, Inc.)
c:\windows\system32\regsrvc.exe (Intel Corporation)
* c:\documents and settings\ibchiro\local settings\temporary internet files\content.ie5\wkg8ryxe\runscanner[1]\runscanner.exe (Runscanner.net)
c:\documents and settings\ibchiro\application data\thunderbird\profiles\vwi7tqhe.default\extensi ons\{83d1f945-8280-11db-96a7-00e08161165f}\spambayes\win\sbpython.exe
c:\program files\mozilla.org\seamonkey\seamonkey.exe (mozilla.org)
* c:\windows\system32\services.exe (Microsoft Corporation)
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
* c:\program files\sygate\spf\smc.exe (Sygate Technologies, Inc.)
* c:\windows\system32\tabbtnu.exe (Microsoft Corporation)
* c:\windows\explorer.exe (Microsoft Corporation)
* c:\program files\windows live\messenger\msnmsgr.exe (Microsoft Corporation)
* c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
* c:\windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
c:\program files\gcaldaemon\bin\wrapper.exe
c:\windows\system32\zcfgsvc.exe (Intel Corporation)
002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
c:\program files\intel\prosetwireless\ncs\proset\pronomgr.exe (Intel(R) Corporation)
c:\program files\quicktime\qttask.exe (Apple Inc.)
c:\program files\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe (Scansoft, Inc.)
003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\quicktime\qttask.exe (Apple Inc.)
c:\program files\mozilla.org\seamonkey\seamonkey.exe (mozilla.org)
010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
c:\windows\system32\aniserv.exe (Airgo Networks NIC Service)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple Mobile Device)
* c:\program files\alwil software\avast4\ashserv.exe (avast! Antivirus)
* c:\program files\alwil software\avast4\aswupdsv.exe (avast! iAVS4 Control Service)
* c:\program files\alwil software\avast4\ashmaisv.exe (avast! Mail Scanner)
* c:\program files\alwil software\avast4\ashwebsv.exe (avast! Web Scanner)
c:\program files\gcaldaemon\bin\wrapper.exe (GCALDaemon)
c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe (InstallDriver Table Manager)
* c:\program files\ipod\bin\ipodservice.exe (iPod Service)
c:\program files\common files\new boundary\prismxl\prismxl.sys (PrismXL)
c:\windows\system32\regsrvc.exe (RegSrvc)
c:\windows\system32\s24evmon.exe (Spectrum24 Event Monitor)
* c:\program files\sygate\spf\smc.exe (Sygate Personal Firewall)
011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
C:\WINDOWS\system32\drivers\mdc8021x.sys (AEGIS Protocol (IEEE 802.1x) v2.2.1.0)
* C:\WINDOWS\system32\drivers\aswfsblk.sys (aswFsBlk)
* c:\windows\system32\drivers\aswrdr.sys (aswRdr)
* c:\windows\system32\drivers\aavmker4.sys (avast! Asynchronous Virus Monitor)
* c:\windows\system32\drivers\aswtdi.sys (avast! Network Shield Support)
* c:\windows\system32\drivers\aswsp.sys (avast! Self Protection)
* c:\windows\system32\drivers\aswmon2.sys (avast! Standard Shield Support)
- c:\windows\system32\drivers\changer.sys (Changer)
* C:\WINDOWS\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
- c:\windows\system32\drivers\i2omgmt.sys (i2omgmt)
- c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)
- c:\windows\system32\drivers\pcidump.sys (PCIDump)
- c:\windows\system32\drivers\pdcomp.sys (PDCOMP)
- c:\windows\system32\drivers\pdframe.sys (PDFRAME)
- c:\windows\system32\drivers\pdreli.sys (PDRELI)
- c:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
C:\WINDOWS\system32\drivers\pxhelp20.sys (PxHelp20)
* c:\windows\system32\drivers\wg3n.sys (SyGate for NT, wg3n)
* c:\windows\system32\drivers\wg4n.sys (SyGate for NT, wg4n)
* c:\windows\system32\drivers\wg5n.sys (SyGate for NT, wg5n)
* c:\windows\system32\drivers\wg6n.sys (SyGate for NT, wg6n)
C:\WINDOWS\system32\drivers\teefer.sys (Teefer for NT)
- c:\windows\system32\drivers\wdica.sys (WDICA)
C:\WINDOWS\system32\drivers\s24trans.sys (WLAN Transport)
c:\windows\system32\wniprot5.sys (WNIPROT5 Protocol Driver)
c:\windows\system32\drivers\wpsdrvnt.sys (wpsdrvnt)
031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\program files\common files\microsoft shared\web folders\pkmcdo.dll (Microsoft Corporation) {CD00020A-8B95-11D1-82DB-00C04FB1625D}
047 Trusted zones
-----------------
Zone: Google : https://www.google.com
052 HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
----------------------------------------------------------------------------------
GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
c:\windows\autolo~1\al2dll.dll (Fineart) {DC200356-0864-4F66-8964-5D43A19300F5}
061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
---------------------------------------------------------------------------------
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
c:\program files\easy cd-da extractor 10\ezcddax10.dll {46E22146-59C0-4136-9233-FB7720E777B2}
* c:\program files\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandler s
------------------------------------------------------------
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
c:\windows\system32\lgnotify.dll (Intel Corporation)
069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
--------------------------------------------------------
C:\WINDOWS\system32\jnwmon.dll (Microsoft Corporation)
C:\WINDOWS\system32\pdfcmnnt.dll
C:\WINDOWS\system32\primomonnt.dll
C:\WINDOWS\system32\_pdfxp.dll
104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
c:\windows\downloaded program files\imageuploader4.ocx (The Facebook) {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
c:\program files\java\j2re1.4.2\bin\npjpi142.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
&ieSpell Options : res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
Check &Spelling : res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
Lookup on Merriam Webster : file://C:\Program Files\ieSpell\Merriam Webster.HTM
Lookup on Wikipedia : file://C:\Program Files\ieSpell\wikipedia.HTM
173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\program files\easy cd-da extractor 10\ezcddax10.dll {46E22146-59C0-4136-9233-FB7720E777B2}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandler s
-------------------------------------------------------
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\program files\easy cd-da extractor 10\ezcddax10.dll {46E22146-59C0-4136-9233-FB7720E777B2}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHa ndlers
------------------------------------------------------------
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers
---------------------------------------------------------------
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
231 HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
-------------------------------------------------------
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #2  
Old 4 Weeks Ago
Zachary's Avatar
Mod Squad!
My PC
 
Posts: 736
PC Experience: Experienced
Location: San Antonio, TX
Zachary - See this Members User comments on their Profile page Zachary - See this Members User comments on their Profile page Zachary - See this Members User comments on their Profile page Zachary - See this Members User comments on their Profile page Zachary - See this Members User comments on their Profile page Zachary - See this Members User comments on their Profile page Zachary - See this Members User comments on their Profile page Zachary - See this Members User comments on their Profile page Zachary - See this Members User comments on their Profile page Zachary - See this Members User comments on their Profile page
Default Re: Can't load gmail, igoogle sign-in, hotmail, yahoo mail in IE, FF or Safari - Hija
Hi Joemck & welcome to PC Help Forum!
Just a note that we don't provide support for the program "Runscanner" here
Otherwise our security staff should be around soon and they'll review your logs

__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #3  
Old 3 Weeks Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,621
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Can't load gmail, igoogle sign-in, hotmail, yahoo mail in IE, FF or Safari - Hija
Unless its new to me I dont see any kind of malware but lets have a look anyway.



Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.
=================================

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst trained in the use of Combofix.
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #4  
Old 3 Weeks Ago
joemck's Avatar
New Poster
  
Posts: 2
PC Experience: Experienced
joemck - See this Members User comments on their Profile page
Default Re: Can't load gmail, igoogle sign-in, hotmail, yahoo mail in IE, FF or Safari - Hija
Pancake ... Thank you.

After removing two worm files, running the CClean and antispyware fix software it still wasn't fixed, but the laptop froze the other day and I had to take the battery out to restart. On restart, it was fixed.

Thanks again.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #5  
Old 3 Weeks Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,621
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Can't load gmail, igoogle sign-in, hotmail, yahoo mail in IE, FF or Safari - Hija
Ok.No problem.

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply

« PLEASE Help! Infected computer...have spent too much $$ downloading antisypware | Malware »

Go Back   PC Help Forum - Free Computer Help, Windows, Hardware, Software and more! > Security & Safety > Spyware / AdWare > [Fixed] Hijackthis! Logs
Reload this Page Can't load gmail, igoogle sign-in, hotmail, yahoo mail in IE, FF or Safari - HijackTh




Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
IRQ problem DBonniwell Windows XP/2000 63 01-04-2007 12:32 PM


All times are GMT +1. The time now is 12:40 AM.


Contact Us - PC Help Forum - Free Computer Help, Windows, Hardware, Software and more! - Site Map - Privacy Statement - Top
Powered by vBulletin
Copyright ©2000 -