Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google searchs hi-jacked, extremely sluggish browsing


  • Please log in to reply

#1
Mr WilliamR

Mr WilliamR

    New Member

  • Member
  • Pip
  • 6 posts
Hi there, much, MUCH appreciation in advance.

I have gone through and done the "before posting" checklist already and still my internet browsing is excrutiatingly slow and sometimes will freeze up altogether.
When searching for something via Google, 99% of the time when I click on a result, it will re-direct me to a completly different site, usually another search engine.
I have no pop-ups or anything so I don't know the name of this problem.
Any help is greatly welcomed and appreciated.

Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:52:36 a.m., on 5/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Anti-Spyware\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {05F58D31-3005-6258-9E21-F75F478C6523} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1022D6A6-AAF4-9850-B1C0-C2130FA14266} - (no file)
O2 - BHO: (no name) - {121F909F-63E6-4149-0E42-9847B49E14A9} - (no file)
O2 - BHO: (no name) - {236A52A4-0D6B-4284-F174-EB78C9872A68} - (no file)
O2 - BHO: (no name) - {2B877C0A-9AA5-A75B-5F21-A1984B658EB9} - (no file)
O2 - BHO: (no name) - {2FD4FE3D-AD31-FA5F-7B47-D9B319C208BF} - (no file)
O2 - BHO: (no name) - {38CEDDF6-5A0C-5373-6792-145800350CE4} - (no file)
O2 - BHO: (no name) - {41F82625-72B4-2D8E-C0AC-A45588323986} - (no file)
O2 - BHO: (no name) - {47E4BE0B-D3F1-77C3-122A-D058B1F24EE2} - (no file)
O2 - BHO: (no name) - {4FFCD01F-8BF9-C079-27AB-2851683DB1DC} - (no file)
O2 - BHO: (no name) - {5124EE7F-A8D3-8173-AEAF-0C210143DA6C} - (no file)
O2 - BHO: (no name) - {59122927-ABCF-E69F-DB02-C457182969EF} - (no file)
O2 - BHO: (no name) - {5CF3547B-0B6F-A6B0-230A-43C3E9F9B5C7} - (no file)
O2 - BHO: (no name) - {5E401E95-F815-BE2D-118F-4939794C5869} - (no file)
O2 - BHO: (no name) - {646D843D-7CDF-78F8-2D9D-391E871C2089} - (no file)
O2 - BHO: (no name) - {6D48F634-DFAF-1764-FBD6-1DD58A4594FD} - (no file)
O2 - BHO: (no name) - {7148321E-D1B0-F759-E463-0E16B398180E} - (no file)
O2 - BHO: (no name) - {7E66ED98-8800-EB82-57FD-D8488261A8F1} - (no file)
O2 - BHO: (no name) - {7FB15402-3DBF-DFA6-E204-388D57FD127F} - (no file)
O2 - BHO: (no name) - {827CDFA8-77CD-EDA5-3DCB-A73515055C0A} - (no file)
O2 - BHO: (no name) - {8F9B2C39-5E98-0211-561A-AEDCBB6499FB} - (no file)
O2 - BHO: (no name) - {9ABAC8C7-E876-CD80-A550-9CDE115DE2F6} - (no file)
O2 - BHO: (no name) - {A0FBF6A7-DE21-3235-7B76-A7427D953750} - (no file)
O2 - BHO: (no name) - {A1D56233-FA14-4789-8762-29B592A0119B} - (no file)
O2 - BHO: (no name) - {A6487937-196E-FBA8-F97C-E10CCE67B49B} - (no file)
O2 - BHO: (no name) - {B4D8184A-4785-57D4-EDD1-1207CD1270E9} - (no file)
O2 - BHO: (no name) - {B8460335-3BB1-0C22-657E-91A1AF013E8D} - (no file)
O2 - BHO: (no name) - {BD56529E-6F6C-5962-2404-C183F261B848} - (no file)
O2 - BHO: (no name) - {CBAEB624-5138-E8C4-E7EF-A6698175DD54} - (no file)
O2 - BHO: (no name) - {CC8F52DA-21F1-1A00-1DF7-6E14B89A961B} - (no file)
O2 - BHO: (no name) - {CFC69D80-D884-9E2A-507A-6B067ADD8506} - (no file)
O2 - BHO: (no name) - {D04B13F5-0E39-EE4E-D33A-14F3941F8539} - (no file)
O2 - BHO: (no name) - {D2ABAA1C-3D1A-AA15-B41E-6D61C89C2341} - (no file)
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - (no file)
O2 - BHO: (no name) - {F322AB0B-621C-11A3-B1AE-7A7FC2B40350} - (no file)
O2 - BHO: (no name) - {F53EC50C-1736-5E28-E668-CFFB2AA3AE8D} - (no file)
O2 - BHO: (no name) - {F8DF7926-05DA-3C69-A9DA-2FF6B1F4CDF8} - (no file)
O2 - BHO: (no name) - {FC63F231-14C0-2872-4514-264B57E8F5C1} - (no file)
O2 - BHO: (no name) - {FD7786C4-36BE-9F97-70B6-B4EF1D3FBA8B} - (no file)
O2 - BHO: (no name) - {FD7AC463-E600-75AD-15E6-87072089913C} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O16 - DPF: {69F497FB-5082-4EA4-9305-9E19F20A2BFF} (MaxisSimCity3TeleX Control) - http://simcity3000un...mCity3TeleX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C490DCD-92DC-42F4-8292-C25F1BA4818D}: NameServer = 85.255.116.76,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB51EB9-2198-4A5C-A219-5697CEC76A49}: NameServer = 85.255.116.76,85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Thanks again everyone, I look forward to getting this sorted :whistling:

Regards

William
  • 0

Advertisements


#2
jurgenv

jurgenv

    Visiting Staff

  • Visiting Consultant
  • 230 posts
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.
  • 0

#3
Kenny94

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello Mr WilliamR and Welcome to Geeks To Go!

I'm looking through your log now, and will post back soon.

Edit
I see your are in good hands with jurgenv :whistling:

Edited by Kenny94, 04 February 2007 - 08:41 AM.

  • 0

#4
Mr WilliamR

Mr WilliamR

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi thanks heaps for the speedy replies!

I've done as requested:

Fixwareout log:


Fixwareout
Last edited 1/30/2007
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values

»»»»» System restarted
Reg Entries that were deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm"
...
Random Runs removed from HKLM
...
"C:\Documents and Settings\Owner\Application Data\Install.dat" Deleted

»»»»» Misc files.

»»»»» Checking for older varients.

»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"System"=""
»»»»»

PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.

This WILL/CAN also list Legit Files, Submit them at Virustotal
Search five digit cs, dm kd and jb files.
»»»»»
»»»»» Current runs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"RecordNow!"=""

Hosts file was reset, If you use a custom hosts file please replace it




New HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:37:24 a.m., on 5/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Anti-Spyware\HijackThis.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {05F58D31-3005-6258-9E21-F75F478C6523} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1022D6A6-AAF4-9850-B1C0-C2130FA14266} - (no file)
O2 - BHO: (no name) - {121F909F-63E6-4149-0E42-9847B49E14A9} - (no file)
O2 - BHO: (no name) - {236A52A4-0D6B-4284-F174-EB78C9872A68} - (no file)
O2 - BHO: (no name) - {2B877C0A-9AA5-A75B-5F21-A1984B658EB9} - (no file)
O2 - BHO: (no name) - {2FD4FE3D-AD31-FA5F-7B47-D9B319C208BF} - (no file)
O2 - BHO: (no name) - {38CEDDF6-5A0C-5373-6792-145800350CE4} - (no file)
O2 - BHO: (no name) - {41F82625-72B4-2D8E-C0AC-A45588323986} - (no file)
O2 - BHO: (no name) - {47E4BE0B-D3F1-77C3-122A-D058B1F24EE2} - (no file)
O2 - BHO: (no name) - {4FFCD01F-8BF9-C079-27AB-2851683DB1DC} - (no file)
O2 - BHO: (no name) - {5124EE7F-A8D3-8173-AEAF-0C210143DA6C} - (no file)
O2 - BHO: (no name) - {59122927-ABCF-E69F-DB02-C457182969EF} - (no file)
O2 - BHO: (no name) - {5CF3547B-0B6F-A6B0-230A-43C3E9F9B5C7} - (no file)
O2 - BHO: (no name) - {5E401E95-F815-BE2D-118F-4939794C5869} - (no file)
O2 - BHO: (no name) - {646D843D-7CDF-78F8-2D9D-391E871C2089} - (no file)
O2 - BHO: (no name) - {6D48F634-DFAF-1764-FBD6-1DD58A4594FD} - (no file)
O2 - BHO: (no name) - {7148321E-D1B0-F759-E463-0E16B398180E} - (no file)
O2 - BHO: (no name) - {7E66ED98-8800-EB82-57FD-D8488261A8F1} - (no file)
O2 - BHO: (no name) - {7FB15402-3DBF-DFA6-E204-388D57FD127F} - (no file)
O2 - BHO: (no name) - {827CDFA8-77CD-EDA5-3DCB-A73515055C0A} - (no file)
O2 - BHO: (no name) - {8F9B2C39-5E98-0211-561A-AEDCBB6499FB} - (no file)
O2 - BHO: (no name) - {9ABAC8C7-E876-CD80-A550-9CDE115DE2F6} - (no file)
O2 - BHO: (no name) - {A0FBF6A7-DE21-3235-7B76-A7427D953750} - (no file)
O2 - BHO: (no name) - {A1D56233-FA14-4789-8762-29B592A0119B} - (no file)
O2 - BHO: (no name) - {A6487937-196E-FBA8-F97C-E10CCE67B49B} - (no file)
O2 - BHO: (no name) - {B4D8184A-4785-57D4-EDD1-1207CD1270E9} - (no file)
O2 - BHO: (no name) - {B8460335-3BB1-0C22-657E-91A1AF013E8D} - (no file)
O2 - BHO: (no name) - {BD56529E-6F6C-5962-2404-C183F261B848} - (no file)
O2 - BHO: (no name) - {CBAEB624-5138-E8C4-E7EF-A6698175DD54} - (no file)
O2 - BHO: (no name) - {CC8F52DA-21F1-1A00-1DF7-6E14B89A961B} - (no file)
O2 - BHO: (no name) - {CFC69D80-D884-9E2A-507A-6B067ADD8506} - (no file)
O2 - BHO: (no name) - {D04B13F5-0E39-EE4E-D33A-14F3941F8539} - (no file)
O2 - BHO: (no name) - {D2ABAA1C-3D1A-AA15-B41E-6D61C89C2341} - (no file)
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - (no file)
O2 - BHO: (no name) - {F322AB0B-621C-11A3-B1AE-7A7FC2B40350} - (no file)
O2 - BHO: (no name) - {F53EC50C-1736-5E28-E668-CFFB2AA3AE8D} - (no file)
O2 - BHO: (no name) - {F8DF7926-05DA-3C69-A9DA-2FF6B1F4CDF8} - (no file)
O2 - BHO: (no name) - {FC63F231-14C0-2872-4514-264B57E8F5C1} - (no file)
O2 - BHO: (no name) - {FD7786C4-36BE-9F97-70B6-B4EF1D3FBA8B} - (no file)
O2 - BHO: (no name) - {FD7AC463-E600-75AD-15E6-87072089913C} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O16 - DPF: {69F497FB-5082-4EA4-9305-9E19F20A2BFF} (MaxisSimCity3TeleX Control) - http://simcity3000un...mCity3TeleX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C490DCD-92DC-42F4-8292-C25F1BA4818D}: NameServer = 85.255.116.76,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB51EB9-2198-4A5C-A219-5697CEC76A49}: NameServer = 85.255.116.76,85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


Thanks again

Regards
William
  • 0

#5
jurgenv

jurgenv

    Visiting Staff

  • Visiting Consultant
  • 230 posts
Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.6 MB).
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windowsi586.exe to install the newest version.
* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
  • Run AVG Anti-Spyware
  • From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* open hijackthis and put a check next to the following:
===================================================
O2 - BHO: (no name) - {05F58D31-3005-6258-9E21-F75F478C6523} - (no file)
O2 - BHO: (no name) - {1022D6A6-AAF4-9850-B1C0-C2130FA14266} - (no file)
O2 - BHO: (no name) - {121F909F-63E6-4149-0E42-9847B49E14A9} - (no file)
O2 - BHO: (no name) - {236A52A4-0D6B-4284-F174-EB78C9872A68} - (no file)
O2 - BHO: (no name) - {2B877C0A-9AA5-A75B-5F21-A1984B658EB9} - (no file)
O2 - BHO: (no name) - {2FD4FE3D-AD31-FA5F-7B47-D9B319C208BF} - (no file)
O2 - BHO: (no name) - {38CEDDF6-5A0C-5373-6792-145800350CE4} - (no file)
O2 - BHO: (no name) - {41F82625-72B4-2D8E-C0AC-A45588323986} - (no file)
O2 - BHO: (no name) - {47E4BE0B-D3F1-77C3-122A-D058B1F24EE2} - (no file)
O2 - BHO: (no name) - {4FFCD01F-8BF9-C079-27AB-2851683DB1DC} - (no file)
O2 - BHO: (no name) - {5124EE7F-A8D3-8173-AEAF-0C210143DA6C} - (no file)
O2 - BHO: (no name) - {59122927-ABCF-E69F-DB02-C457182969EF} - (no file)
O2 - BHO: (no name) - {5CF3547B-0B6F-A6B0-230A-43C3E9F9B5C7} - (no file)
O2 - BHO: (no name) - {5E401E95-F815-BE2D-118F-4939794C5869} - (no file)
O2 - BHO: (no name) - {646D843D-7CDF-78F8-2D9D-391E871C2089} - (no file)
O2 - BHO: (no name) - {6D48F634-DFAF-1764-FBD6-1DD58A4594FD} - (no file)
O2 - BHO: (no name) - {7148321E-D1B0-F759-E463-0E16B398180E} - (no file)
O2 - BHO: (no name) - {7E66ED98-8800-EB82-57FD-D8488261A8F1} - (no file)
O2 - BHO: (no name) - {7FB15402-3DBF-DFA6-E204-388D57FD127F} - (no file)
O2 - BHO: (no name) - {827CDFA8-77CD-EDA5-3DCB-A73515055C0A} - (no file)
O2 - BHO: (no name) - {8F9B2C39-5E98-0211-561A-AEDCBB6499FB} - (no file)
O2 - BHO: (no name) - {9ABAC8C7-E876-CD80-A550-9CDE115DE2F6} - (no file)
O2 - BHO: (no name) - {A0FBF6A7-DE21-3235-7B76-A7427D953750} - (no file)
O2 - BHO: (no name) - {A1D56233-FA14-4789-8762-29B592A0119B} - (no file)
O2 - BHO: (no name) - {A6487937-196E-FBA8-F97C-E10CCE67B49B} - (no file)
O2 - BHO: (no name) - {B4D8184A-4785-57D4-EDD1-1207CD1270E9} - (no file)
O2 - BHO: (no name) - {B8460335-3BB1-0C22-657E-91A1AF013E8D} - (no file)
O2 - BHO: (no name) - {BD56529E-6F6C-5962-2404-C183F261B848} - (no file)
O2 - BHO: (no name) - {CBAEB624-5138-E8C4-E7EF-A6698175DD54} - (no file)
O2 - BHO: (no name) - {CC8F52DA-21F1-1A00-1DF7-6E14B89A961B} - (no file)
O2 - BHO: (no name) - {CFC69D80-D884-9E2A-507A-6B067ADD8506} - (no file)
O2 - BHO: (no name) - {D04B13F5-0E39-EE4E-D33A-14F3941F8539} - (no file)
O2 - BHO: (no name) - {D2ABAA1C-3D1A-AA15-B41E-6D61C89C2341} - (no file)
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - (no file)
O2 - BHO: (no name) - {F322AB0B-621C-11A3-B1AE-7A7FC2B40350} - (no file)
O2 - BHO: (no name) - {F53EC50C-1736-5E28-E668-CFFB2AA3AE8D} - (no file)
O2 - BHO: (no name) - {F8DF7926-05DA-3C69-A9DA-2FF6B1F4CDF8} - (no file)
O2 - BHO: (no name) - {FC63F231-14C0-2872-4514-264B57E8F5C1} - (no file)
O2 - BHO: (no name) - {FD7786C4-36BE-9F97-70B6-B4EF1D3FBA8B} - (no file)
O2 - BHO: (no name) - {FD7AC463-E600-75AD-15E6-87072089913C} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C490DCD-92DC-42F4-8292-C25F1BA4818D}: NameServer = 85.255.116.76,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB51EB9-2198-4A5C-A219-5697CEC76A49}: NameServer = 85.255.116.76,85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.76 85.255.112.197

===================================================
* After you check the items, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis

* Next, run Ad-aware and perform a full scan. Remove everything found.
  • Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* After that, post a new hijackthis log here with the report of AVg antispyware. :whistling:
  • 0

#6
Mr WilliamR

Mr WilliamR

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks again for the quick reply.

My new HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:28:39 p.m., on 5/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Anti-Spyware\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {05F58D31-3005-6258-9E21-F75F478C6523} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1022D6A6-AAF4-9850-B1C0-C2130FA14266} - (no file)
O2 - BHO: (no name) - {121F909F-63E6-4149-0E42-9847B49E14A9} - (no file)
O2 - BHO: (no name) - {236A52A4-0D6B-4284-F174-EB78C9872A68} - (no file)
O2 - BHO: (no name) - {2B877C0A-9AA5-A75B-5F21-A1984B658EB9} - (no file)
O2 - BHO: (no name) - {2FD4FE3D-AD31-FA5F-7B47-D9B319C208BF} - (no file)
O2 - BHO: (no name) - {38CEDDF6-5A0C-5373-6792-145800350CE4} - (no file)
O2 - BHO: (no name) - {41F82625-72B4-2D8E-C0AC-A45588323986} - (no file)
O2 - BHO: (no name) - {47E4BE0B-D3F1-77C3-122A-D058B1F24EE2} - (no file)
O2 - BHO: (no name) - {4FFCD01F-8BF9-C079-27AB-2851683DB1DC} - (no file)
O2 - BHO: (no name) - {5124EE7F-A8D3-8173-AEAF-0C210143DA6C} - (no file)
O2 - BHO: (no name) - {59122927-ABCF-E69F-DB02-C457182969EF} - (no file)
O2 - BHO: (no name) - {5CF3547B-0B6F-A6B0-230A-43C3E9F9B5C7} - (no file)
O2 - BHO: (no name) - {5E401E95-F815-BE2D-118F-4939794C5869} - (no file)
O2 - BHO: (no name) - {646D843D-7CDF-78F8-2D9D-391E871C2089} - (no file)
O2 - BHO: (no name) - {6D48F634-DFAF-1764-FBD6-1DD58A4594FD} - (no file)
O2 - BHO: (no name) - {7148321E-D1B0-F759-E463-0E16B398180E} - (no file)
O2 - BHO: (no name) - {7E66ED98-8800-EB82-57FD-D8488261A8F1} - (no file)
O2 - BHO: (no name) - {7FB15402-3DBF-DFA6-E204-388D57FD127F} - (no file)
O2 - BHO: (no name) - {827CDFA8-77CD-EDA5-3DCB-A73515055C0A} - (no file)
O2 - BHO: (no name) - {8F9B2C39-5E98-0211-561A-AEDCBB6499FB} - (no file)
O2 - BHO: (no name) - {9ABAC8C7-E876-CD80-A550-9CDE115DE2F6} - (no file)
O2 - BHO: (no name) - {A0FBF6A7-DE21-3235-7B76-A7427D953750} - (no file)
O2 - BHO: (no name) - {A1D56233-FA14-4789-8762-29B592A0119B} - (no file)
O2 - BHO: (no name) - {A6487937-196E-FBA8-F97C-E10CCE67B49B} - (no file)
O2 - BHO: (no name) - {B4D8184A-4785-57D4-EDD1-1207CD1270E9} - (no file)
O2 - BHO: (no name) - {B8460335-3BB1-0C22-657E-91A1AF013E8D} - (no file)
O2 - BHO: (no name) - {BD56529E-6F6C-5962-2404-C183F261B848} - (no file)
O2 - BHO: (no name) - {CBAEB624-5138-E8C4-E7EF-A6698175DD54} - (no file)
O2 - BHO: (no name) - {CC8F52DA-21F1-1A00-1DF7-6E14B89A961B} - (no file)
O2 - BHO: (no name) - {CFC69D80-D884-9E2A-507A-6B067ADD8506} - (no file)
O2 - BHO: (no name) - {D04B13F5-0E39-EE4E-D33A-14F3941F8539} - (no file)
O2 - BHO: (no name) - {D2ABAA1C-3D1A-AA15-B41E-6D61C89C2341} - (no file)
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - (no file)
O2 - BHO: (no name) - {F322AB0B-621C-11A3-B1AE-7A7FC2B40350} - (no file)
O2 - BHO: (no name) - {F53EC50C-1736-5E28-E668-CFFB2AA3AE8D} - (no file)
O2 - BHO: (no name) - {F8DF7926-05DA-3C69-A9DA-2FF6B1F4CDF8} - (no file)
O2 - BHO: (no name) - {FC63F231-14C0-2872-4514-264B57E8F5C1} - (no file)
O2 - BHO: (no name) - {FD7786C4-36BE-9F97-70B6-B4EF1D3FBA8B} - (no file)
O2 - BHO: (no name) - {FD7AC463-E600-75AD-15E6-87072089913C} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {69F497FB-5082-4EA4-9305-9E19F20A2BFF} (MaxisSimCity3TeleX Control) - http://simcity3000un...mCity3TeleX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


New AVG Anti-spyware log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:15:49 p.m. 5/02/2007

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{05C095E7-A44C-D83C-D547-D3462410CF3E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{10DB1C9B-ADDF-61CA-1C8A-E71824C7095A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{117089AA-D3C6-C679-D791-5088F7B82125} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{127B258A-8F8E-75B6-D538-4A7711988318} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1430B49C-AF69-4F6D-F513-71EADE457EFD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1D3E4E2E-E8BE-F392-C1A4-B33BB3205F18} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1D626295-5E91-2B59-7E71-D5BE067A9719} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DFFBD4D-E8D2-D6F9-3733-F3C0A037E369} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{25901F49-AB9D-2865-1DD3-8ECE5EAAD128} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2627C43B-FB1D-F815-04DA-3D4D787AEB82} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2B2B2C0A-8F1B-89F0-6D9F-8F53718E5709} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{35E653B9-0A5B-823F-60FD-264CBA397F4C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4197FF54-5C18-A7E5-9CC3-32130092E2A4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4253729E-855E-60B1-1A20-AC2B1F58EDCA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{461C9660-1084-FA67-7AF6-27FEB941E6E8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{492BF9B9-13D0-58BB-37CB-DF9BECE39907} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4B2B654D-C7FB-CDE0-1CA2-324D1D309375} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4C928477-3A6D-F1DD-A78A-1F75F7C46F82} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4DF5116B-0DFE-9D51-AA17-CE70AC5E652D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{55BE37F8-1985-13E8-CD9B-5D824C0086C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{563FEB64-2A8D-338B-F4A6-3DE456A994EB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5A3D985D-E7F0-92FD-318F-8930CFEB6D7E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5AD1C8F8-A89B-7AC1-A165-9D86BEDAA202} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{64B4C959-F47C-E57E-A0E5-F99C903141A2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6824A711-0D9B-543C-AEA6-1F3DD4847F3E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A46F6C4-6BA6-BB1F-242A-77FF5088C696} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{70A958A9-264F-9AC5-C44F-6C683E36E06F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{70DB3366-1C70-3D1F-D6B9-D6D2344BD850} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7712FA8E-35A0-B2CF-ECDA-F2AEB55869AB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{80E8CD34-35DC-961E-EADE-11A17381D170} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9B565955-F9B1-5174-46D0-3964A451F1A4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A9B63F00-46F6-794A-3935-C204BC7E0785} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B5AF2512-211C-405D-363D-CE69CC13A318} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BF04EC21-B4D7-E397-C0E8-1F5F00D064D8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BFB065A2-4F3C-61BB-4A5B-FA6D452D3EAC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C2EB4CA0-38A5-FF3F-46BC-8DEB7BC0A932} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C5904348-7FC2-F6B1-F15B-83F848E64D79} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE911D1A-DD83-51E5-4A5F-1BD9DDAA421D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D6EF05C6-13C4-35B7-58BF-46C5B6FB102B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DF7B4507-13C3-06E8-197B-D732093994CA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EAB86C94-75BA-4E15-5B61-F49CC5FF8606} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED81D60C-C426-844A-2785-263DC930B5C4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED9A9904-1A77-7088-1F23-D2794EDA2131} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F18B8F19-2940-0876-54D4-FBE52283D28C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F1A4571F-46C9-C368-C70C-9911C42A8A18} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F6C8BCE2-FBA5-9DB6-B6F3-EBAA27151449} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F710B350-342B-CDD4-0BB3-EFD563F6AFF2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FA5242E5-8006-01DA-9E12-778515EA0D80} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FD36A3E7-7F3E-0573-D1F7-77F173683B92} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FE94D56A-1AD9-11E0-34F7-8455FC4F3D27} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FEE3991F-A9A9-FEB5-A46D-D1B381BB004A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\guninst.exe -> Adware.Serpo : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.


::Report end

Thanks again!!!

William
  • 0

#7
jurgenv

jurgenv

    Visiting Staff

  • Visiting Consultant
  • 230 posts
Download and install Registrar Lite version 2.00
  • Double click the purple Registrar Lite icon on your desktop.
  • Copy the line below and paste it into the "Address" field (located at the top) of the program:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

  • Click the "Go" button.
  • On the right-hand side it will load all of your BHOs (you'll just see a bunch of numbers)
  • Locate the following entries:
    • {05F58D31-3005-6258-9E21-F75F478C6523}
      {1022D6A6-AAF4-9850-B1C0-C2130FA14266}
      {121F909F-63E6-4149-0E42-9847B49E14A9}
      {236A52A4-0D6B-4284-F174-EB78C9872A68}
      {2B877C0A-9AA5-A75B-5F21-A1984B658EB9}
      {2FD4FE3D-AD31-FA5F-7B47-D9B319C208BF}
      {38CEDDF6-5A0C-5373-6792-145800350CE4}
      {41F82625-72B4-2D8E-C0AC-A45588323986}
      {47E4BE0B-D3F1-77C3-122A-D058B1F24EE2}
      {4FFCD01F-8BF9-C079-27AB-2851683DB1DC}
      {5124EE7F-A8D3-8173-AEAF-0C210143DA6C}
      {59122927-ABCF-E69F-DB02-C457182969EF}
      {5CF3547B-0B6F-A6B0-230A-43C3E9F9B5C7}
      {5E401E95-F815-BE2D-118F-4939794C5869}
      {646D843D-7CDF-78F8-2D9D-391E871C2089}
      {6D48F634-DFAF-1764-FBD6-1DD58A4594FD}
      {7148321E-D1B0-F759-E463-0E16B398180E}
      {7FB15402-3DBF-DFA6-E204-388D57FD127F}
      {827CDFA8-77CD-EDA5-3DCB-A73515055C0A}
      {8F9B2C39-5E98-0211-561A-AEDCBB6499FB}
      {9ABAC8C7-E876-CD80-A550-9CDE115DE2F6}
      {A0FBF6A7-DE21-3235-7B76-A7427D953750}
      {A1D56233-FA14-4789-8762-29B592A0119B}
      {A6487937-196E-FBA8-F97C-E10CCE67B49B}
      {B4D8184A-4785-57D4-EDD1-1207CD1270E9}
      {B8460335-3BB1-0C22-657E-91A1AF013E8D}
      {BD56529E-6F6C-5962-2404-C183F261B848}
      {CBAEB624-5138-E8C4-E7EF-A6698175DD54}
      {CC8F52DA-21F1-1A00-1DF7-6E14B89A961B}
      {CFC69D80-D884-9E2A-507A-6B067ADD8506}
      {D04B13F5-0E39-EE4E-D33A-14F3941F8539}
      {D2ABAA1C-3D1A-AA15-B41E-6D61C89C2341}
      {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C}
      {F322AB0B-621C-11A3-B1AE-7A7FC2B40350}
      {F53EC50C-1736-5E28-E668-CFFB2AA3AE8D}
      {F8DF7926-05DA-3C69-A9DA-2FF6B1F4CDF8}
      {FC63F231-14C0-2872-4514-264B57E8F5C1}
      {FD7786C4-36BE-9F97-70B6-B4EF1D3FBA8B}
      {FD7AC463-E600-75AD-15E6-87072089913C}
  • Right click on each one and select Properties
  • Click the Permissions Button and a new window will open.
  • Click the Advanced button
  • Place a checkmark next to the following:
    'Inherit from parent the permission entries that apply to child objects...'
  • Click OK, Ok again and rightclick on each of the following:
    {05F58D31-3005-6258-9E21-F75F478C6523}
    {1022D6A6-AAF4-9850-B1C0-C2130FA14266}
    {121F909F-63E6-4149-0E42-9847B49E14A9}
    {236A52A4-0D6B-4284-F174-EB78C9872A68}
    {2B877C0A-9AA5-A75B-5F21-A1984B658EB9}
    {2FD4FE3D-AD31-FA5F-7B47-D9B319C208BF}
    {38CEDDF6-5A0C-5373-6792-145800350CE4}
    {41F82625-72B4-2D8E-C0AC-A45588323986}
    {47E4BE0B-D3F1-77C3-122A-D058B1F24EE2}
    {4FFCD01F-8BF9-C079-27AB-2851683DB1DC}
    {5124EE7F-A8D3-8173-AEAF-0C210143DA6C}
    {59122927-ABCF-E69F-DB02-C457182969EF}
    {5CF3547B-0B6F-A6B0-230A-43C3E9F9B5C7}
    {5E401E95-F815-BE2D-118F-4939794C5869}
    {646D843D-7CDF-78F8-2D9D-391E871C2089}
    {6D48F634-DFAF-1764-FBD6-1DD58A4594FD}
    {7148321E-D1B0-F759-E463-0E16B398180E}
    {7FB15402-3DBF-DFA6-E204-388D57FD127F}
    {827CDFA8-77CD-EDA5-3DCB-A73515055C0A}
    {8F9B2C39-5E98-0211-561A-AEDCBB6499FB}
    {9ABAC8C7-E876-CD80-A550-9CDE115DE2F6}
    {A0FBF6A7-DE21-3235-7B76-A7427D953750}
    {A1D56233-FA14-4789-8762-29B592A0119B}
    {A6487937-196E-FBA8-F97C-E10CCE67B49B}
    {B4D8184A-4785-57D4-EDD1-1207CD1270E9}
    {B8460335-3BB1-0C22-657E-91A1AF013E8D}
    {BD56529E-6F6C-5962-2404-C183F261B848}
    {CBAEB624-5138-E8C4-E7EF-A6698175DD54}
    {CC8F52DA-21F1-1A00-1DF7-6E14B89A961B}
    {CFC69D80-D884-9E2A-507A-6B067ADD8506}
    {D04B13F5-0E39-EE4E-D33A-14F3941F8539}
    {D2ABAA1C-3D1A-AA15-B41E-6D61C89C2341}
    {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C}
    {F322AB0B-621C-11A3-B1AE-7A7FC2B40350}
    {F53EC50C-1736-5E28-E668-CFFB2AA3AE8D}
    {F8DF7926-05DA-3C69-A9DA-2FF6B1F4CDF8}
    {FC63F231-14C0-2872-4514-264B57E8F5C1}
    {FD7786C4-36BE-9F97-70B6-B4EF1D3FBA8B}
    {FD7AC463-E600-75AD-15E6-87072089913C}
  • Choose delete.
  • Exit Registrar Lite.
Restart your computer and post a new HiJackThis log.
  • 0

#8
Mr WilliamR

Mr WilliamR

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi there, computer is already running HEAPS quicker and smoother.

Thanks heaps.

Here is my new HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:44 a.m., on 6/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Anti-Spyware\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program

Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E66ED98-8800-EB82-57FD-D8488261A8F1} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32

\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /

SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3

\hpztsb05.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common

Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.

exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5

\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\

1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office

10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub

.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~

4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C

608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {69F497FB-5082-4EA4-9305-9E19F20A2BFF} (MaxisSimCity3TeleX Control) -

http://simcity3000un...mCity3TeleX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:

\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe



Thanks for all your help!!

Regards
Will
  • 0

#9
jurgenv

jurgenv

    Visiting Staff

  • Visiting Consultant
  • 230 posts
* Please open hijackthis and put a check next to the following:

O2 - BHO: (no name) - {7E66ED98-8800-EB82-57FD-D8488261A8F1} - (no file)

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

* After that, post a new hijackthis log here. :whistling:
  • 0

#10
Mr WilliamR

Mr WilliamR

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Cheers. Done that now.

New HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:07:20 p.m., on 6/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Anti-Spyware\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {69F497FB-5082-4EA4-9305-9E19F20A2BFF} (MaxisSimCity3TeleX Control) - http://simcity3000un...mCity3TeleX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe



Thank you again :whistling:

Will

Edited by Mr WilliamR, 05 February 2007 - 06:08 PM.

  • 0

#11
jurgenv

jurgenv

    Visiting Staff

  • Visiting Consultant
  • 230 posts
Looking good, how is everything working? :whistling:
  • 0

#12
Mr WilliamR

Mr WilliamR

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I thought we must be getting to the root of all that evil! Everythings running great again. :whistling:

Again I can't stress how grateful I am to you for all your time and help.
Thanks again :blink: :help: :help:

Kind Regards

William
  • 0

#13
jurgenv

jurgenv

    Visiting Staff

  • Visiting Consultant
  • 230 posts
You're welcome. :help:


Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Geekstogo are to help you, for your sake we would rather not have repeat customers. :whistling:

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer. Your current versions are outdated.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.o...oducts/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :blink:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP