Here is my hijackthis log file. I have no clue what I
need to do. I've run adaware an removed the same files
several times in the last 5-6 hours. Spybot closes as
soon as it opens and I'm not sure what to do with this.




Logfile of HijackThis v1.98.2
Scan saved at 6:37:53 AM, on 9/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_server.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\netlk32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\Active Setup Log.txt:xljwr
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Me\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://C:\WINDOWS\ohdir.dll/sp.html#29836
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://C:\WINDOWS\ohdir.dll/sp.html#29836
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FD7786C4-36BE-9F97-70B6-
B4EF1D3FBA8B} - C:\WINDOWS\system32\sdksp32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [mm_server] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program
Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common
Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1
\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [netlk32.exe] C:\WINDOWS\system32
\netlk32.exe
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [xljwr] C:\WINDOWS\Active Setup
Log.txt:xljwr
O4 - HKLM\..\RunOnce: [kewjx] C:\WINDOWS\winnt.bmp:kewjx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -
cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program
Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NoAds] "C:\Program
Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI
Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program
Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI
Multimedia\MAIN\ATISched.EXE
O4 - Startup: hp psc 1000 series.lnk = ?
O4 - Startup: hpoddt01.exe.lnk = ?
O4 - Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Photo Loader supervisory.lnk = C:\Program
Files\CASIO\Photo Loader\Plauto.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk =
C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Google Search -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-
78752E50CD0C} - C:\Program Files\ATI
Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-
00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-
11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-
B7D41EF1CB52} - C:\Program
Files\AWS\WeatherBug\Weather.exe (HKCU)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: {11111111-1111-1111-1111-112226880975} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-112599009668} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-113778133518} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f10213.exe
O16 - DPF: {11111111-1111-1111-1111-113911964936} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-115025177056} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f10213.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?
bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1c
f4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8
ec48e2e58a29296baabe1d6
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/S...ent/vc/bin/AvS
niff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/...qtinstall.info
..apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
(EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/acti...LControl_v1-0-
3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) -
http://207.188.7.150/304d6c54739e431...zip/RdxIE601.c
ab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://v5.windowsupdate.microsoft.co...mer/V5Controls
/en/x86/client/wuweb_site.cab?1093371329031
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C}
(cpbrkpie Control) -
http://a19.g.akamai.net/7/19/7125/40...upons.com/v312
3/cpbrkpie.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://wdownload.weatherbug.com/mini...lers/AWS/minib
uginstaller.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/S...ent/common/bin
/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479}
(EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
(QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
O17 - HKLM\System\CCS\Services\Tcpip\..\{817C7DBC-7FDC-
4752-957B-4B755B96D709}: NameServer =
141.165.1.10,141.165.1.9

"Aaron Stephens" <(E-Mail Removed)> wrote in message
news:21d101c49ca2$ee7ab270$(E-Mail Removed)...
> Here is my hijackthis log file. I have no clue what I
> need to do. I've run adaware an removed the same files
> several times in the last 5-6 hours. Spybot closes as
> soon as it opens and I'm not sure what to do with this.
>
>

Hi Aaron,
This is probably the wrong forum to post your Hijackthis log. But the
enclosed information should help you clean up the mess. You'll need a couple
of tools, CWShredder and CWS.SmartKiller Removal Utility. There are a number
of forums that specialize in this sort of cleanup. I've mentioned a couple
of them below.

--
~john aka: jopa

WARNING: If your PC is already infested with spyware/adware, resist the
temptation to impulse buying of anti-spyware products that you see on the
Net or receive as e-mail Spam. Vendors of "rogue/suspect" anti-spyware
products advertise heavily via Google's "AdWords" ("Sponsored Links" on
Google's own search pages) and "AdSense" (Google-driven advertising
delivered to third-party web sites)," otherwise known as "Sponsored Links."
And many are known to create problems or your machine just to try and sell
you the way to "fix" it. There are a variety of anti-spyware products and
web sites -- some reliable and trustworthy, some not.

Instead, you can get help online from a corps of savvy volunteers who
specialize in busting spyware.

First:
I suggest you start by going here:
http://forums.spywareinfo.com/index.....com/index.php
OR
http://www.spywarewarrior.com/

The folks at these forums have a lot of experience in dealing with
Hijackers/Spyware/Malware. There is no charge for the help and information
available although donations are accepted. Be sure to read the guidelines,
and following their instructions you will download a little program called
HijackThis. Its purpose is simply to scan your computer and generate a log
of everything that is running at that moment. It does not decide what is
Good or Bad. That's what the experts at the forums will do. So *DO NOT* just
arbitrarily start deleting what it finds.

Next:
Set up a user account and post your LOG there, not here. Someone will
analyze it and let you know if anything is amuck and what you can do to fix
it. In the event the site is down -- DDOS attack, whatever, go here for a
list of other Security Analysis sites and/or forums: http://a-sap.org/

Check your browser settings here:
http://www.jasons-toolbox.com/BrowserSecurity/
A series of "tests" (and suggested fixes) to help tweak IE's settings to
help prevent infections when surfing the web.


***Always follow safe Internet practices:***

1. Keep your virus definitions up to date, and scan your system regularly.

2. Keep your anti-spyware up to date, and scan your system regularly.

3. Don't open email, or download attachments from unrecognized email
addresses.

4. Be careful when downloading email attachments, EVEN FROM PEOPLE YOU KNOW!
Many viruses, worms, and trojans infect a person's system then immediately
spread themselves to the people in the infected person's address book via
email attachments.

5. Be careful downloading files from the Internet. Scan all downloaded files
with a reliable UP-TO-DATE antivirus program. Scan "zip" files BEFORE
unzipping, and scan all unzipped files BEFORE USING THEM.

6. Keep your Windows and IE current with all the latest patches and updates.

7. USE A FIREWALL.


Scumware Removal & Protection Tools:

BEWARE of Rogue/Suspect Anti-Spyware Products & Web Sites
One surprising and depressing aspect of the anti-spyware scene is the sheer
number of applications that are mere rip-offs of Spybot Search & Destroy or
Ad-Aware (two of the most recognized and trusted anti-spyware apps on the
Net). Proof of this can be found here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.spywarewarrior.com/family_resemblances.htm
but, the following list contains a number of (mostly) FREE programs that can
be used to eliminate immediate threats as well as secure your system.


CWShredder (FREE)
Removes all variations of the spyware/hijacker ""CoolWebSearch".
This is the first line of defense whenever you suspect possible parasite
infestation. Some current variations of CoolWebSearch block Ad-Aware and
Spybot from catching everything.
http://aumha.org/downloads/cwshredder.zip
http://majorgeeks.com/download4086.html

There is a new, really ugly variant of CoolWebSearch. Infected machines will
close every browser window visiting many anti-spyware sites. Possibly
anti-virus sites or even Windows Update. It will even close Spybot S&D and
some other anti-spyware applications when you try to use them. To eliminate
this threat, use CWS.SmartKiller Removal Utility:
http://www.safer-networking.org/minifiles.html
http://majorgeeks.com/download4113.html

Spybot (FREE)
Removes hijackers, spyware, adware, usage tracks and more. Resident
""TeaTimer"" feature monitors crucial processes on your machine. It
immediately detects known malicious processes wanting to start and
terminates them. In addition, TeaTimer detects, when something wants to
change some critical registry keys. It can protect you against such changes
giving you an option to "Allow" or "Deny" the change.
http://www.safer-networking.org/en/index.html
http://majorgeeks.com/download2471.html

Ad-Aware (FREE) & Pro
Protects against Data-mining, Ad-Ware, Parasites, Scumware, selected
Trojans, Dialers, Malware, Browser hijackers, and tracking components.
http://www.lavasoftusa.com/software/adaware/
http://majorgeeks.com/download506.html

HijackThis (FREE)
As mentioned above -- USE WITH CAUTION -- Just scan your machine, then save
& post the log to: Spywareinfo
http://majorgeeks.com/download3155.html
Tutorial and download:
http://www.tomcoyote.org/hjt/

SpywareBlaster 3.2 (FREE)
Prevent spyware from installing in the first place! Prevent the installation
of ActiveX-based spyware, adware, browser hijackers, dialers, and other
potentially unwanted pests. Block spyware/tracking cookies in Internet
Explorer and Mozilla/Firefox
http://www.javacoolsoftware.com/spywareblaster.html
http://majorgeeks.com/download2859.html


If you need a good (FREE) antivirus:

AVG
http://free.grisoft.com/freeweb.php

AVAST
http://www.avast.com/eng/avast_4_home.html


Online Virus Scanner:

Trendmicro
http://housecall.trendmicro.com/

Panda
http://www.pandasoftware.com/activescan/


This may sound like a lot of work and it is. But, if you follow this
outline, you'll learn a whole lot in the process and have a much more secure
computer.
--
~john aka: jopa

My appologies. Thanks for all the help.


>-----Original Message-----
>"Aaron Stephens" <(E-Mail Removed)>
wrote in message
>news:21d101c49ca2$ee7ab270$(E-Mail Removed)...
>> Here is my hijackthis log file. I have no clue what I
>> need to do. I've run adaware an removed the same files
>> several times in the last 5-6 hours. Spybot closes as
>> soon as it opens and I'm not sure what to do with this.
>>
>>
>
>Hi Aaron,
>This is probably the wrong forum to post your Hijackthis
log. But the
>enclosed information should help you clean up the mess.
You'll need a couple
>of tools, CWShredder and CWS.SmartKiller Removal Utility.
There are a number
>of forums that specialize in this sort of cleanup. I've
mentioned a couple
>of them below.
>
>--
>~john aka: jopa
>
>WARNING: If your PC is already infested with
spyware/adware, resist the
>temptation to impulse buying of anti-spyware products
that you see on the
>Net or receive as e-mail Spam. Vendors of "rogue/suspect"
anti-spyware
>products advertise heavily via Google's "AdWords"
("Sponsored Links" on
>Google's own search pages) and "AdSense" (Google-driven
advertising
>delivered to third-party web sites)," otherwise known
as "Sponsored Links."
>And many are known to create problems or your machine
just to try and sell
>you the way to "fix" it. There are a variety of anti-
spyware products and
>web sites -- some reliable and trustworthy, some not.
>
>Instead, you can get help online from a corps of savvy
volunteers who
>specialize in busting spyware.
>
>First:
>I suggest you start by going here:
>http://forums.spywareinfo.com/index.php?
http://forums.spywareinfo.com/index.php
>OR
>http://www.spywarewarrior.com/
>
>The folks at these forums have a lot of experience in
dealing with
>Hijackers/Spyware/Malware. There is no charge for the
help and information
>available although donations are accepted. Be sure to
read the guidelines,
>and following their instructions you will download a
little program called
>HijackThis. Its purpose is simply to scan your computer
and generate a log
>of everything that is running at that moment. It does not
decide what is
>Good or Bad. That's what the experts at the forums will
do. So *DO NOT* just
>arbitrarily start deleting what it finds.
>
>Next:
>Set up a user account and post your LOG there, not here.
Someone will
>analyze it and let you know if anything is amuck and what
you can do to fix
>it. In the event the site is down -- DDOS attack,
whatever, go here for a
>list of other Security Analysis sites and/or forums:
http://a-sap.org/
>
>Check your browser settings here:
>http://www.jasons-toolbox.com/BrowserSecurity/
>A series of "tests" (and suggested fixes) to help tweak
IE's settings to
>help prevent infections when surfing the web.
>
>
>***Always follow safe Internet practices:***
>
>1. Keep your virus definitions up to date, and scan your
system regularly.
>
>2. Keep your anti-spyware up to date, and scan your
system regularly.
>
>3. Don't open email, or download attachments from
unrecognized email
>addresses.
>
>4. Be careful when downloading email attachments, EVEN
FROM PEOPLE YOU KNOW!
>Many viruses, worms, and trojans infect a person's system
then immediately
>spread themselves to the people in the infected person's
address book via
>email attachments.
>
>5. Be careful downloading files from the Internet. Scan
all downloaded files
>with a reliable UP-TO-DATE antivirus program. Scan "zip"
files BEFORE
>unzipping, and scan all unzipped files BEFORE USING THEM.
>
>6. Keep your Windows and IE current with all the latest
patches and updates.
>
>7. USE A FIREWALL.
>
>
>Scumware Removal & Protection Tools:
>
>BEWARE of Rogue/Suspect Anti-Spyware Products & Web Sites
>One surprising and depressing aspect of the anti-spyware
scene is the sheer
>number of applications that are mere rip-offs of Spybot
Search & Destroy or
>Ad-Aware (two of the most recognized and trusted anti-
spyware apps on the
>Net). Proof of this can be found here:
>http://www.spywarewarrior.com/rogue_anti-spyware.htm
>http://www.spywarewarrior.com/family_resemblances.htm
>but, the following list contains a number of (mostly)
FREE programs that can
>be used to eliminate immediate threats as well as secure
your system.
>
>
>CWShredder (FREE)
>Removes all variations of the
spyware/hijacker ""CoolWebSearch".
>This is the first line of defense whenever you suspect
possible parasite
>infestation. Some current variations of CoolWebSearch
block Ad-Aware and
>Spybot from catching everything.
>http://aumha.org/downloads/cwshredder.zip
>http://majorgeeks.com/download4086.html
>
>There is a new, really ugly variant of CoolWebSearch.
Infected machines will
>close every browser window visiting many anti-spyware
sites. Possibly
>anti-virus sites or even Windows Update. It will even
close Spybot S&D and
>some other anti-spyware applications when you try to use
them. To eliminate
>this threat, use CWS.SmartKiller Removal Utility:
>http://www.safer-networking.org/minifiles.html
>http://majorgeeks.com/download4113.html
>
>Spybot (FREE)
>Removes hijackers, spyware, adware, usage tracks and
more. Resident
>""TeaTimer"" feature monitors crucial processes on your
machine. It
>immediately detects known malicious processes wanting to
start and
>terminates them. In addition, TeaTimer detects, when
something wants to
>change some critical registry keys. It can protect you
against such changes
>giving you an option to "Allow" or "Deny" the change.
>http://www.safer-networking.org/en/index.html
>http://majorgeeks.com/download2471.html
>
>Ad-Aware (FREE) & Pro
>Protects against Data-mining, Ad-Ware, Parasites,
Scumware, selected
>Trojans, Dialers, Malware, Browser hijackers, and
tracking components.
>http://www.lavasoftusa.com/software/adaware/
>http://majorgeeks.com/download506.html
>
>HijackThis (FREE)
>As mentioned above -- USE WITH CAUTION -- Just scan your
machine, then save
>& post the log to: Spywareinfo
>http://majorgeeks.com/download3155.html
>Tutorial and download:
>http://www.tomcoyote.org/hjt/
>
>SpywareBlaster 3.2 (FREE)
>Prevent spyware from installing in the first place!
Prevent the installation
>of ActiveX-based spyware, adware, browser hijackers,
dialers, and other
>potentially unwanted pests. Block spyware/tracking
cookies in Internet
>Explorer and Mozilla/Firefox
>http://www.javacoolsoftware.com/spywareblaster.html
>http://majorgeeks.com/download2859.html
>
>
>If you need a good (FREE) antivirus:
>
>AVG
>http://free.grisoft.com/freeweb.php
>
>AVAST
>http://www.avast.com/eng/avast_4_home.html
>
>
>Online Virus Scanner:
>
>Trendmicro
>http://housecall.trendmicro.com/
>
>Panda
>http://www.pandasoftware.com/activescan/
>
>
>This may sound like a lot of work and it is. But, if you
follow this
>outline, you'll learn a whole lot in the process and have
a much more secure
>computer.
>--
>~john aka: jopa
>
>
>
>
>.
>

Not a problem. Hope you get it cleaned up.

--
~john aka: jopa



<(E-Mail Removed)> wrote in message
news:2f6501c49ca5$99ab1700$(E-Mail Removed)...
> My appologies. Thanks for all the help.
>
>
>>-----Original Message-----
>>"Aaron Stephens" <(E-Mail Removed)>
> wrote in message
>>news:21d101c49ca2$ee7ab270$(E-Mail Removed)...
>>> Here is my hijackthis log file. I have no clue what I
>>> need to do. I've run adaware an removed the same files
>>> several times in the last 5-6 hours. Spybot closes as
>>> soon as it opens and I'm not sure what to do with this.
>>>
>>>
>>
>>Hi Aaron,
>>This is probably the wrong forum to post your Hijackthis
> log. But the
>>enclosed information should help you clean up the mess.
> You'll need a couple
>>of tools, CWShredder and CWS.SmartKiller Removal Utility.
> There are a number
>>of forums that specialize in this sort of cleanup. I've
> mentioned a couple
>>of them below.
>>
>>--
>>~john aka: jopa
>>
>>WARNING: If your PC is already infested with
> spyware/adware, resist the
>>temptation to impulse buying of anti-spyware products
> that you see on the
>>Net or receive as e-mail Spam. Vendors of "rogue/suspect"
> anti-spyware
>>products advertise heavily via Google's "AdWords"
> ("Sponsored Links" on
>>Google's own search pages) and "AdSense" (Google-driven
> advertising
>>delivered to third-party web sites)," otherwise known
> as "Sponsored Links."
>>And many are known to create problems or your machine
> just to try and sell
>>you the way to "fix" it. There are a variety of anti-
> spyware products and
>>web sites -- some reliable and trustworthy, some not.
>>
>>Instead, you can get help online from a corps of savvy
> volunteers who
>>specialize in busting spyware.
>>
>>First:
>>I suggest you start by going here:
>>http://forums.spywareinfo.com/index.php?
> http://forums.spywareinfo.com/index.php
>>OR
>>http://www.spywarewarrior.com/
>>
>>The folks at these forums have a lot of experience in
> dealing with
>>Hijackers/Spyware/Malware. There is no charge for the
> help and information
>>available although donations are accepted. Be sure to
> read the guidelines,
>>and following their instructions you will download a
> little program called
>>HijackThis. Its purpose is simply to scan your computer
> and generate a log
>>of everything that is running at that moment. It does not
> decide what is
>>Good or Bad. That's what the experts at the forums will
> do. So *DO NOT* just
>>arbitrarily start deleting what it finds.
>>
>>Next:
>>Set up a user account and post your LOG there, not here.
> Someone will
>>analyze it and let you know if anything is amuck and what
> you can do to fix
>>it. In the event the site is down -- DDOS attack,
> whatever, go here for a
>>list of other Security Analysis sites and/or forums:
> http://a-sap.org/
>>
>>Check your browser settings here:
>>http://www.jasons-toolbox.com/BrowserSecurity/
>>A series of "tests" (and suggested fixes) to help tweak
> IE's settings to
>>help prevent infections when surfing the web.
>>
>>
>>***Always follow safe Internet practices:***
>>
>>1. Keep your virus definitions up to date, and scan your
> system regularly.
>>
>>2. Keep your anti-spyware up to date, and scan your
> system regularly.
>>
>>3. Don't open email, or download attachments from
> unrecognized email
>>addresses.
>>
>>4. Be careful when downloading email attachments, EVEN
> FROM PEOPLE YOU KNOW!
>>Many viruses, worms, and trojans infect a person's system
> then immediately
>>spread themselves to the people in the infected person's
> address book via
>>email attachments.
>>
>>5. Be careful downloading files from the Internet. Scan
> all downloaded files
>>with a reliable UP-TO-DATE antivirus program. Scan "zip"
> files BEFORE
>>unzipping, and scan all unzipped files BEFORE USING THEM.
>>
>>6. Keep your Windows and IE current with all the latest
> patches and updates.
>>
>>7. USE A FIREWALL.
>>
>>
>>Scumware Removal & Protection Tools:
>>
>>BEWARE of Rogue/Suspect Anti-Spyware Products & Web Sites
>>One surprising and depressing aspect of the anti-spyware
> scene is the sheer
>>number of applications that are mere rip-offs of Spybot
> Search & Destroy or
>>Ad-Aware (two of the most recognized and trusted anti-
> spyware apps on the
>>Net). Proof of this can be found here:
>>http://www.spywarewarrior.com/rogue_anti-spyware.htm
>>http://www.spywarewarrior.com/family_resemblances.htm
>>but, the following list contains a number of (mostly)
> FREE programs that can
>>be used to eliminate immediate threats as well as secure
> your system.
>>
>>
>>CWShredder (FREE)
>>Removes all variations of the
> spyware/hijacker ""CoolWebSearch".
>>This is the first line of defense whenever you suspect
> possible parasite
>>infestation. Some current variations of CoolWebSearch
> block Ad-Aware and
>>Spybot from catching everything.
>>http://aumha.org/downloads/cwshredder.zip
>>http://majorgeeks.com/download4086.html
>>
>>There is a new, really ugly variant of CoolWebSearch.
> Infected machines will
>>close every browser window visiting many anti-spyware
> sites. Possibly
>>anti-virus sites or even Windows Update. It will even
> close Spybot S&D and
>>some other anti-spyware applications when you try to use
> them. To eliminate
>>this threat, use CWS.SmartKiller Removal Utility:
>>http://www.safer-networking.org/minifiles.html
>>http://majorgeeks.com/download4113.html
>>
>>Spybot (FREE)
>>Removes hijackers, spyware, adware, usage tracks and
> more. Resident
>>""TeaTimer"" feature monitors crucial processes on your
> machine. It
>>immediately detects known malicious processes wanting to
> start and
>>terminates them. In addition, TeaTimer detects, when
> something wants to
>>change some critical registry keys. It can protect you
> against such changes
>>giving you an option to "Allow" or "Deny" the change.
>>http://www.safer-networking.org/en/index.html
>>http://majorgeeks.com/download2471.html
>>
>>Ad-Aware (FREE) & Pro
>>Protects against Data-mining, Ad-Ware, Parasites,
> Scumware, selected
>>Trojans, Dialers, Malware, Browser hijackers, and
> tracking components.
>>http://www.lavasoftusa.com/software/adaware/
>>http://majorgeeks.com/download506.html
>>
>>HijackThis (FREE)
>>As mentioned above -- USE WITH CAUTION -- Just scan your
> machine, then save
>>& post the log to: Spywareinfo
>>http://majorgeeks.com/download3155.html
>>Tutorial and download:
>>http://www.tomcoyote.org/hjt/
>>
>>SpywareBlaster 3.2 (FREE)
>>Prevent spyware from installing in the first place!
> Prevent the installation
>>of ActiveX-based spyware, adware, browser hijackers,
> dialers, and other
>>potentially unwanted pests. Block spyware/tracking
> cookies in Internet
>>Explorer and Mozilla/Firefox
>>http://www.javacoolsoftware.com/spywareblaster.html
>>http://majorgeeks.com/download2859.html
>>
>>
>>If you need a good (FREE) antivirus:
>>
>>AVG
>>http://free.grisoft.com/freeweb.php
>>
>>AVAST
>>http://www.avast.com/eng/avast_4_home.html
>>
>>
>>Online Virus Scanner:
>>
>>Trendmicro
>>http://housecall.trendmicro.com/
>>
>>Panda
>>http://www.pandasoftware.com/activescan/
>>
>>
>>This may sound like a lot of work and it is. But, if you
> follow this
>>outline, you'll learn a whole lot in the process and have
> a much more secure
>>computer.
>>--
>>~john aka: jopa
>>
>>
>>
>>
>>.
>>

You can use this online HJT log analyser:

http://www.hijackthis.de/index.php?langselect=english

Zee


<(E-Mail Removed)> wrote in message news:2f6501c49ca5$99ab1700$(E-Mail Removed)...
> My appologies. Thanks for all the help.
>
>
> >-----Original Message-----
> >"Aaron Stephens" <(E-Mail Removed)>
> wrote in message
> >news:21d101c49ca2$ee7ab270$(E-Mail Removed)...
> >> Here is my hijackthis log file. I have no clue what I
> >> need to do. I've run adaware an removed the same files
> >> several times in the last 5-6 hours. Spybot closes as
> >> soon as it opens and I'm not sure what to do with this.
> >>
> >>
> >
> >Hi Aaron,
> >This is probably the wrong forum to post your Hijackthis
> log. But the
> >enclosed information should help you clean up the mess.
> You'll need a couple
> >of tools, CWShredder and CWS.SmartKiller Removal Utility.
> There are a number
> >of forums that specialize in this sort of cleanup. I've
> mentioned a couple
> >of them below.
> >
> >--
> >~john aka: jopa
> >
> >WARNING: If your PC is already infested with
> spyware/adware, resist the
> >temptation to impulse buying of anti-spyware products
> that you see on the
> >Net or receive as e-mail Spam. Vendors of "rogue/suspect"
> anti-spyware
> >products advertise heavily via Google's "AdWords"
> ("Sponsored Links" on
> >Google's own search pages) and "AdSense" (Google-driven
> advertising
> >delivered to third-party web sites)," otherwise known
> as "Sponsored Links."
> >And many are known to create problems or your machine
> just to try and sell
> >you the way to "fix" it. There are a variety of anti-
> spyware products and
> >web sites -- some reliable and trustworthy, some not.
> >
> >Instead, you can get help online from a corps of savvy
> volunteers who
> >specialize in busting spyware.
> >
> >First:
> >I suggest you start by going here:
> >http://forums.spywareinfo.com/index.php?
> http://forums.spywareinfo.com/index.php
> >OR
> >http://www.spywarewarrior.com/
> >
> >The folks at these forums have a lot of experience in
> dealing with
> >Hijackers/Spyware/Malware. There is no charge for the
> help and information
> >available although donations are accepted. Be sure to
> read the guidelines,
> >and following their instructions you will download a
> little program called
> >HijackThis. Its purpose is simply to scan your computer
> and generate a log
> >of everything that is running at that moment. It does not
> decide what is
> >Good or Bad. That's what the experts at the forums will
> do. So *DO NOT* just
> >arbitrarily start deleting what it finds.
> >
> >Next:
> >Set up a user account and post your LOG there, not here.
> Someone will
> >analyze it and let you know if anything is amuck and what
> you can do to fix
> >it. In the event the site is down -- DDOS attack,
> whatever, go here for a
> >list of other Security Analysis sites and/or forums:
> http://a-sap.org/
> >
> >Check your browser settings here:
> >http://www.jasons-toolbox.com/BrowserSecurity/
> >A series of "tests" (and suggested fixes) to help tweak
> IE's settings to
> >help prevent infections when surfing the web.
> >
> >
> >***Always follow safe Internet practices:***
> >
> >1. Keep your virus definitions up to date, and scan your
> system regularly.
> >
> >2. Keep your anti-spyware up to date, and scan your
> system regularly.
> >
> >3. Don't open email, or download attachments from
> unrecognized email
> >addresses.
> >
> >4. Be careful when downloading email attachments, EVEN
> FROM PEOPLE YOU KNOW!
> >Many viruses, worms, and trojans infect a person's system
> then immediately
> >spread themselves to the people in the infected person's
> address book via
> >email attachments.
> >
> >5. Be careful downloading files from the Internet. Scan
> all downloaded files
> >with a reliable UP-TO-DATE antivirus program. Scan "zip"
> files BEFORE
> >unzipping, and scan all unzipped files BEFORE USING THEM.
> >
> >6. Keep your Windows and IE current with all the latest
> patches and updates.
> >
> >7. USE A FIREWALL.
> >
> >
> >Scumware Removal & Protection Tools:
> >
> >BEWARE of Rogue/Suspect Anti-Spyware Products & Web Sites
> >One surprising and depressing aspect of the anti-spyware
> scene is the sheer
> >number of applications that are mere rip-offs of Spybot
> Search & Destroy or
> >Ad-Aware (two of the most recognized and trusted anti-
> spyware apps on the
> >Net). Proof of this can be found here:
> >http://www.spywarewarrior.com/rogue_anti-spyware.htm
> >http://www.spywarewarrior.com/family_resemblances.htm
> >but, the following list contains a number of (mostly)
> FREE programs that can
> >be used to eliminate immediate threats as well as secure
> your system.
> >
> >
> >CWShredder (FREE)
> >Removes all variations of the
> spyware/hijacker ""CoolWebSearch".
> >This is the first line of defense whenever you suspect
> possible parasite
> >infestation. Some current variations of CoolWebSearch
> block Ad-Aware and
> >Spybot from catching everything.
> >http://aumha.org/downloads/cwshredder.zip
> >http://majorgeeks.com/download4086.html
> >
> >There is a new, really ugly variant of CoolWebSearch.
> Infected machines will
> >close every browser window visiting many anti-spyware
> sites. Possibly
> >anti-virus sites or even Windows Update. It will even
> close Spybot S&D and
> >some other anti-spyware applications when you try to use
> them. To eliminate
> >this threat, use CWS.SmartKiller Removal Utility:
> >http://www.safer-networking.org/minifiles.html
> >http://majorgeeks.com/download4113.html
> >
> >Spybot (FREE)
> >Removes hijackers, spyware, adware, usage tracks and
> more. Resident
> >""TeaTimer"" feature monitors crucial processes on your
> machine. It
> >immediately detects known malicious processes wanting to
> start and
> >terminates them. In addition, TeaTimer detects, when
> something wants to
> >change some critical registry keys. It can protect you
> against such changes
> >giving you an option to "Allow" or "Deny" the change.
> >http://www.safer-networking.org/en/index.html
> >http://majorgeeks.com/download2471.html
> >
> >Ad-Aware (FREE) & Pro
> >Protects against Data-mining, Ad-Ware, Parasites,
> Scumware, selected
> >Trojans, Dialers, Malware, Browser hijackers, and
> tracking components.
> >http://www.lavasoftusa.com/software/adaware/
> >http://majorgeeks.com/download506.html
> >
> >HijackThis (FREE)
> >As mentioned above -- USE WITH CAUTION -- Just scan your
> machine, then save
> >& post the log to: Spywareinfo
> >http://majorgeeks.com/download3155.html
> >Tutorial and download:
> >http://www.tomcoyote.org/hjt/
> >
> >SpywareBlaster 3.2 (FREE)
> >Prevent spyware from installing in the first place!
> Prevent the installation
> >of ActiveX-based spyware, adware, browser hijackers,
> dialers, and other
> >potentially unwanted pests. Block spyware/tracking
> cookies in Internet
> >Explorer and Mozilla/Firefox
> >http://www.javacoolsoftware.com/spywareblaster.html
> >http://majorgeeks.com/download2859.html
> >
> >
> >If you need a good (FREE) antivirus:
> >
> >AVG
> >http://free.grisoft.com/freeweb.php
> >
> >AVAST
> >http://www.avast.com/eng/avast_4_home.html
> >
> >
> >Online Virus Scanner:
> >
> >Trendmicro
> >http://housecall.trendmicro.com/
> >
> >Panda
> >http://www.pandasoftware.com/activescan/
> >
> >
> >This may sound like a lot of work and it is. But, if you
> follow this
> >outline, you'll learn a whole lot in the process and have
> a much more secure
> >computer.
> >--
> >~john aka: jopa
> >
> >
> >
> >
> >.
> >

Hi Aaron :-)

> Here is my hijackthis log file. I have no clue what I
> need to do. I've run adaware an removed the same files
> several times in the last 5-6 hours. Spybot closes as
> soon as it opens and I'm not sure what to do with this.

You can post your HJT log to these sites for their experts to evaluate and
make the necessary recommendations for properly cleaning your system. :-)

Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/

or Net-Integration here:
http://www.net-integration.net/cgi-b...ST;f=27;t=6949

or Tom Coyote here:
http://forums.tomcoyote.org/index.php?act=idx

You will need to register to open a new thread to post you log. It is free,
and no one will Spam you, it is one of many that provides this service. Once
registered, go to the HiJackThis section on the forum list and click to
open. Then start a new post and post your log. The experts there will
analyze the log and report back the results. Please allow at least a few
hours or a days time for a response, depending on when you post the log

Remember, you must return to the HJT site to get your answer. It is a good
idea to click the "Notify" box so that you will get an electronic
notification by e-mail to let you know when a response has been posted.
But, you must still return to the site of your answer.

If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.


Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm