Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Desktophijack.B and W32.Desktophijack


  • Please log in to reply

#1
tika8764

tika8764

    New Member

  • Member
  • Pip
  • 2 posts
I have followed all of the steps before posting this HiJackthis log & ewido log..Thanks ahead of time

Logfile of HijackThis v1.99.1
Scan saved at 3:37:44 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\TH\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Smart Form Filler - {C259016A-1DF5-4EB9-AA62-6D00022E6A38} - C:\Program Files\Rizal\Smart Form Filler\IEToolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [AccountLogon] C:\Program Files\AccountLogon\AccountLogon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-th.html
O8 - Extra context menu item: Allow popups from this web page - C:\Program Files\GIANT Company Software inc\PopUp Inspector\allowsite.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Edit Identities - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/101
O8 - Extra context menu item: Edit Passcards - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/102
O8 - Extra context menu item: Fill Forms - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/103
O8 - Extra context menu item: Go and Fill - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/105
O8 - Extra context menu item: Options - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/106
O8 - Extra context menu item: Save Forms - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/104
O8 - Extra context menu item: Stop popups from this web page - C:\Program Files\GIANT Company Software inc\PopUp Inspector\denysite.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Identities - {ECC5777A-6E88-BFCE-13CE-81F134789E71} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/101 (file missing)
O9 - Extra 'Tools' menuitem: Edit Identities - {ECC5777A-6E88-BFCE-13CE-81F134789E71} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/101 (file missing)
O9 - Extra button: Passcards - {ECC5777A-6E88-BFCE-13CE-81F134789E72} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/102 (file missing)
O9 - Extra 'Tools' menuitem: Edit Passcards - {ECC5777A-6E88-BFCE-13CE-81F134789E72} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/102 (file missing)
O9 - Extra button: Fill Forms - {ECC5777A-6E88-BFCE-13CE-81F134789E73} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/103 (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {ECC5777A-6E88-BFCE-13CE-81F134789E73} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/103 (file missing)
O9 - Extra button: Save Forms - {ECC5777A-6E88-BFCE-13CE-81F134789E74} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/104 (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {ECC5777A-6E88-BFCE-13CE-81F134789E74} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/104 (file missing)
O9 - Extra button: Go and Fill - {ECC5777A-6E88-BFCE-13CE-81F134789E75} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/105 (file missing)
O9 - Extra 'Tools' menuitem: Go and Fill - {ECC5777A-6E88-BFCE-13CE-81F134789E75} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/105 (file missing)
O9 - Extra button: Options - {ECC5777A-6E88-BFCE-13CE-81F134789E76} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/106 (file missing)
O9 - Extra 'Tools' menuitem: Options - {ECC5777A-6E88-BFCE-13CE-81F134789E76} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/106 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-th.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-th.html (HKCU)
O9 - Extra button: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe (HKCU)
O9 - Extra 'Tools' menuitem: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintce...ntquick1611.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...34/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120763981285
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamga.../cabs/swing.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet....net/GtekPrt.ocx
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - http://freetixxflick...cab/wabctrl.cab
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe





---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:36:22 PM, 7/8/2005
+ Report-Checksum: CA05E4C8

+ Scan result:

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Preview AdService -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-1177238915-1708537768-1060284298-1003\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1177238915-1708537768-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1177238915-1708537768-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1177238915-1708537768-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
C:\Documents and Settings\TH\Cookies\th@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Downloads\RollercoasterT2_WackyWorlds-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\08B342B6-F3F0-49E7-94FF-3A3499\EDEE202F-8626-462E-99BF-6CDE78 -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\25B66ECF-3281-413F-8FB8-F05733\10A3FC43-3F29-46C2-9B43-92AD16 -> Adware.Gator : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\25B66ECF-3281-413F-8FB8-F05733\149C93CE-FBAA-4255-B0A6-0C75A9 -> Adware.Gator : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\25B66ECF-3281-413F-8FB8-F05733\2CA62F93-38FE-429D-A340-6EC7B5 -> Adware.Gator : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\25B66ECF-3281-413F-8FB8-F05733\46B6DC80-A885-4A9E-9B76-D2B64E -> Adware.Gator : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\25B66ECF-3281-413F-8FB8-F05733\4DF269EB-C223-48BB-B740-EBB1D7 -> Adware.Gator : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\25B66ECF-3281-413F-8FB8-F05733\54055BE2-92C5-43C8-B844-C2F2C2 -> Adware.Gator : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\25B66ECF-3281-413F-8FB8-F05733\5598628B-F50B-400C-8CDD-72C876 -> Adware.Gator : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\25B66ECF-3281-413F-8FB8-F05733\5A8990C1-4248-4F2F-ADCB-CE0D05 -> Adware.Gator : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\25B66ECF-3281-413F-8FB8-F05733\74B65C8A-9DB0-43F5-9572-C85608 -> Adware.Gator : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\25B66ECF-3281-413F-8FB8-F05733\A3D5A44B-9742-4203-9B87-416DCB -> Adware.Gator : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\25B66ECF-3281-413F-8FB8-F05733\A88D2B6B-3A85-47FF-B2A1-D745D7 -> Adware.Gator : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\32185A10-5C6C-4E96-9793-D8F11A\E57D719C-5EBB-4198-BAAE-EB6E2C -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\4D1B1BB1-C19F-479F-991C-05CC3A\E658A368-3A68-4D3C-AE9F-A7A3F8 -> TrojanDownloader.Keenval.f : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\649F01C7-98FC-4D04-9C5F-058384\0F3CE1BD-9CDF-4EE2-BB6D-08DED3 -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\722A2621-3552-4CFB-B3A3-D76A9D\AB944567-94B7-4F29-B04D-B6F4DF -> Spyware.DynaDesk : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\C70EDF0D-A0A7-4184-AAC4-543DF9\2418ECE7-61ED-4011-95A1-DACD42 -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\C70EDF0D-A0A7-4184-AAC4-543DF9\A5EB23D3-1012-4322-A619-5D418F -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\C70EDF0D-A0A7-4184-AAC4-543DF9\B525A6D1-41A0-436B-88E6-AFC768/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\C70EDF0D-A0A7-4184-AAC4-543DF9\B87723D6-0A87-491D-96FB-D29929 -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\C9B1C426-3AA9-4BB2-A4D6-0F93F7\AD1E6883-6B9E-4A67-9B30-81385D -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\CC2DDCDB-5145-4508-8C2C-96553D\742E760A-46F1-4C7A-82CB-BF10CD/C:/WINDOWS/system32/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\CC2DDCDB-5145-4508-8C2C-96553D\742E760A-46F1-4C7A-82CB-BF10CD/C:/Program Files/BullsEye Network/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\CC2DDCDB-5145-4508-8C2C-96553D\742E760A-46F1-4C7A-82CB-BF10CD/C:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\CC2DDCDB-5145-4508-8C2C-96553D\742E760A-46F1-4C7A-82CB-BF10CD/C:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\E2BB0616-1BE9-48E2-A348-3DE8B4\3B21F351-FE4C-446E-9EF3-83A7F3 -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\FD001A8C-0B50-4585-A588-946856\1897C86C-7DCF-471E-AD25-46A0C7 -> Spyware.AproposMedia : Cleaned with backup
C:\WINDOWS\cpbrkpie.ocx -> Spyware.Coupon : Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
C:\winstall.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup


::Report End
  • 0

Advertisements


#2
Hemal

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R3 - Default URLSearchHook is missing
O3 - Toolbar: Smart Form Filler - {C259016A-1DF5-4EB9-AA62-6D00022E6A38} - C:\Program Files\Rizal\Smart Form Filler\IEToolbar.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O9 - Extra button: Identities - {ECC5777A-6E88-BFCE-13CE-81F134789E71} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/101 (file missing)
O9 - Extra 'Tools' menuitem: Edit Identities - {ECC5777A-6E88-BFCE-13CE-81F134789E71} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/101 (file missing)
O9 - Extra button: Passcards - {ECC5777A-6E88-BFCE-13CE-81F134789E72} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/102 (file missing)
O9 - Extra 'Tools' menuitem: Edit Passcards - {ECC5777A-6E88-BFCE-13CE-81F134789E72} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/102 (file missing)
O9 - Extra button: Fill Forms - {ECC5777A-6E88-BFCE-13CE-81F134789E73} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/103 (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {ECC5777A-6E88-BFCE-13CE-81F134789E73} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/103 (file missing)
O9 - Extra button: Save Forms - {ECC5777A-6E88-BFCE-13CE-81F134789E74} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/104 (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {ECC5777A-6E88-BFCE-13CE-81F134789E74} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/104 (file missing)
O9 - Extra button: Go and Fill - {ECC5777A-6E88-BFCE-13CE-81F134789E75} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/105 (file missing)
O9 - Extra 'Tools' menuitem: Go and Fill - {ECC5777A-6E88-BFCE-13CE-81F134789E75} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/105 (file missing)
O9 - Extra button: Options - {ECC5777A-6E88-BFCE-13CE-81F134789E76} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/106 (file missing)
O9 - Extra 'Tools' menuitem: Options - {ECC5777A-6E88-BFCE-13CE-81F134789E76} - res://C:\PROGRA~1\Rizal\SMARTF~1\IEExt.dll/106 (file missing)
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-th.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-th.html (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)


Click on Fix Checked when finished and exit HijackThis.

Post back a fresh HijackThis log and we will take another look. How is your computer running? :tazz:
  • 0

#3
tika8764

tika8764

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
My computer is a bit slower than usual and has various IE glitches and hiccups.
Okay, I checked and fixed. Norton AntiVirus is still displaying a virus alert for the W32.Desktophijack and I am still unable to select/change my desktop image.
Here's the new HiJackYhis Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:12:34 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [PopUpInspector.exe] "C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [usqcvjq] C:\WINDOWS\System32\xsgfmpdq.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Picture It! 7\Setup\PIP\Common\MSShared\WkShared\WkUFind.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AccountLogon] C:\Program Files\AccountLogon\AccountLogon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Smart Form Filler] C:\PROGRA~1\Rizal\SMARTF~1\IEWatcher.exe
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-th.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintce...ntquick1611.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...34/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120763981285
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamga.../cabs/swing.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet....net/GtekPrt.ocx
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - http://freetixxflick...cab/wabctrl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Hemal

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
You have a number of randomonly named files on your system. We like to start with an online virus and trojan scan. Even though you have antivirus software on your system, it can become corrupted by malware.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and we'll remove what's left.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP