knurte
-
Posts
5 -
Joined
-
Last visited
-
Hi, It has taken over my homepage and whatever I do it always come back. It also says won.net under the IE icon in the start menu - actually it says that right below the icon wherever the icon shows up. I does not seem to be doing anything else - though I am not sure of this as the computer is abit jerky and the mouse keeps freezing, but if that is the reason I don't know.
-
Sorry it took a few days - been away. The problem still persist and I haven hardly been using IE lately juste Firefox. Anyway here is the log you asked for:
-
Hi again, I still have not been able to get rid of the problem, but rescanned just now and here are my logs. HIJACK: Logfile of HijackThis v1.99.1 Scan saved at 22:55:04, on 21.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Jason\Mine dokumenter\Intern video\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Zone Labs Client] C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn200...erInstaller.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\DOCUME~1\Lin\LOKALE~1\Temp\IXP000.TMP\MsiExec.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe EWIDO ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 22:54:24, 21.01.2006 + Report-Checksum: 3FF336E0 + Scan result: :mozilla.13:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.46:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.47:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.56:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.57:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.63:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.70:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.71:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.72:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.73:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.94:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup :mozilla.95:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.99:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.100:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.101:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.102:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.103:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.104:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.107:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.108:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.110:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.121:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.122:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.128:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.129:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.134:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.135:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.136:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.138:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.148:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.149:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.150:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.151:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup :mozilla.152:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.153:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.157:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.158:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup ::Report End I really hope you will be able to help me.
-
Thanks for quick reply. I followed your instructions and am ready to post the logs. Before I do though I am wondering if I should go back to the tools menu and reset the changes I made - is that necessary? Hijack log. Logfile of HijackThis v1.99.1 Scan saved at 06:52:05, on 16.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\navapw32.exe C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Spyware Doctor\sdhelp.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\ewido anti-malware\ewidoctrl.exe C:\Documents and Settings\Jason\Mine dokumenter\Intern video\drweb-cureit.exe C:\DOCUME~1\Jason\LOKALE~1\Temp\RarSFX0\drw_start.exe C:\DOCUME~1\Jason\LOKALE~1\Temp\RarSFX0\drweb32w.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\navapw32.exe C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\Programfiler\Messenger\msmsgs.exe C:\Documents and Settings\Jason\Mine dokumenter\Intern video\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Zone Labs Client] C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [GCS] "C:\Programfiler\GrabClipSave\GrabClipSave.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn200...erInstaller.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\DOCUME~1\Lin\LOKALE~1\Temp\IXP000.TMP\MsiExec.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Ewido log: ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 20:32:24, 16.01.2006 + Report-Checksum: 1F568B77 + Scan result: :mozilla.15:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.16:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.17:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.19:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.20:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.21:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.22:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.23:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.24:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.25:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.26:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.27:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.28:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.29:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.30:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.44:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.45:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.46:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.99:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.100:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.109:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.110:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.132:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.166:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.170:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.171:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.173:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.174:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.175:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.176:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.177:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.179:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.180:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.181:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.188:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.203:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.204:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.207:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.209:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.213:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.215:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.218:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.223:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.228:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.230:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.233:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.234:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.235:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.236:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.237:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.238:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.239:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.240:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.241:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.245:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.246:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.247:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.251:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.252:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.257:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.258:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.260:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.264:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.265:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.267:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.268:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.269:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.270:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.271:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.272:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.273:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.274:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.276:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.277:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.278:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.284:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.286:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.287:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.288:C:\Documents and Settings\Lin\Programdata\Mozilla\Firefox\Profiles\4hk4rque.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup ::Report End Active Scan Log: Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Hera\Cookies\hera@ath.belnk[1].txt Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Hera\Cookies\hera@yadro[2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Lin\Cookies\lin@searchportal.information[1].txt Hope this helps. The problem is still the same. There is Won.net text under the IE icon in my start menu and it did not change after all of this. Thank you again.
-
A site called won.net seemed to have taken over my entire computer and start page. I have tried everything in my not-so-computer-savy power but nothing finds it. I have scanned with TrendMicro, Panda activescan, Spybot, Adaware, Spyware doctor, registry fix and norton, but everything comes up clean. I am praying that someone here can help me and that I haven't deleted anything essential in my frenzy to fix. This is my Hijack log. Logfile of HijackThis v1.99.1 Scan saved at 22:38:01, on 15.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\navapw32.exe C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Spyware Doctor\sdhelp.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\Jason\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Zone Labs Client] C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [GCS] "C:\Programfiler\GrabClipSave\GrabClipSave.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn200...erInstaller.exe O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\DOCUME~1\Lin\LOKALE~1\Temp\IXP000.TMP\MsiExec.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thank you in advance.