hi i have today noticed that most of my internet accounts have beeen accessed at times i could not have done this. i have posted a hijack this log below can someone pls tell me if this is the case and the name of the programme/s being used? Just a bit concerned as quite a few people can use my pc and my bank and work stuff is all done via the internet! Thanks in advance i am a pc novice so please go easy on me!
i have run search and destroy and adaware and deleted all my i-net history. Aslo could you tell me how to make my pc inaccessable for anyone else to download stuff onto except me- just so they can use it for general i-net browsing etc etc

Logfile of HijackThis v1.98.2
Scan saved at 10:40:05, on 12/5/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\keyhook.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\SYSCFG16.EXE
C:\WINNT\System32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\TBC.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\winloggs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\PAL\KLP\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\AMD\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks=127.0.0.1:1080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Internet Explorer Web Content Guard - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINNT\System32\PAL\KLP\ieguard.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B388} - C:\WINNT\System32\CustIE32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Windows debug logging] winloggs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnmsg] C:\TBC.exe
O4 - HKLM\..\Run: [klp] C:\WINNT\System32\PAL\KLP\explorer.exe
O4 - HKLM\..\RunServices: [Windows debug logging] winloggs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows debug logging] winloggs.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/012e086...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1096923745233

Welcome to the http://www.pcguide.com/ubb/pcgubb.gif forums

Do you have an Acer computer? The keyhook.exe can be a valid acer program. If you do not have an acer computer, you will need to eliminate that.

Do you have broadband or dial-up? Depending on the software you have, Anti-virus, Spyware, Financial and other programs set themselves up to access the web for update purposes. This may or may not be the case.

Your system is woefully out of date. When we are done cleaning, you will need to run Windows Update. NOT NOW, when we are finished.

First downlaod and install Adaware (http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5)

Instructions for scanning:
1. After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
2. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
3. Once the definitions have been updated:
4. Reconfigure Ad-Aware for Full Scan as per the following instructions:
* Launch the program, and click on the Gear at the top of the start screen.
* Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
o "Automatically save logfile"
o Automatically quarantine objects prior to removal"
o Safe Mode (always request confirmation)
o Prompt to update outdated confirmation) - Change to 7 days.
* Click the "Scanning" button (On the left side).
* Under Drives & Folders, select "Scan within Archives"
* Click "Click here to select Drives + folders" and select your installed hard drives.
* Under Memory & Registry, select all options.
* Click the "Advanced" button (On the left hand side).
* Under "Shell Integration", select "Move deleted files to Recycle Bin".
* Under "Log-file detail", select all options.
* Click on the "Defaults" button on the left.
* Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
* Click the "Tweak" button (Again, on the left hand side).
* Expand "Scanning Engine" by clicking on the "+" (Plus) symbol) and select the following:
o "Unload recognized processes during scanning."
o "Obtain command line of scanned processes"
o "Scan registry for all users instead of current user only"
* Under "Cleaning Engine", select the following:
o "Let Windows remove files in use at next reboot."
o "Delete quarrantined objects after restoring"
* Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
* Click on "Proceed" to save these Preferences.
* Click on the "Scan Now" button on the left.
* Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
5. Close all programs except ad-aware.
6. Click on "Next" in the bottom right corner to start the scan.
7. Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
8. After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
Re-post your Hijack this log.

here the new file. yeah i run on broadband i am just uodatuing windows now! Thanks for all the help btw! much needed! does this look any better???


Logfile of HijackThis v1.98.2
Scan saved at 17:10:38, on 12/5/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\SYSCFG16.EXE
C:\WINNT\System32\RunDll32.exe
C:\WINNT\System32\winloggs.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\TBC.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\PAL\KLP\svchost.exe
C:\WINNT\system32\fxssvc.exe
C:\Documents and Settings\AMD\Desktop\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Internet Explorer Web Content Guard - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINNT\System32\PAL\KLP\ieguard.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B388} - C:\WINNT\System32\CustIE32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Windows debug logging] winloggs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnmsg] C:\TBC.exe
O4 - HKLM\..\Run: [klp] C:\WINNT\System32\PAL\KLP\explorer.exe
O4 - HKLM\..\RunServices: [Windows debug logging] winloggs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows debug logging] winloggs.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/012e0863aa3b8b018917/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096923745233

I told you NOT to update windows until this is fixed. If you install service pack 2 on computer with known spyware you can crash the OS totally.
What I sad was: Your system is woefully out of date. When we are done cleaning, you will need to run Windows Update. NOT NOW, when we are finished.

In order to help you need to follow instructions:

before proceeding any further, please answer the following questions:

1) Did Adaware report any critical objects, how many, what were they, did you fix them?

2) Do you have an acer computer?

sorry!
No i dont have an acer pc.
adaware found 22 critial objects in files and folders, mainly spyware. it did seem to fix them i ran it a 2nd time and it found 0

What I would like you do next is download CWSHREDDER


here (http://www.subratam.org/?page=removal)
Install the program
update it and run it.
Report the results.

All windows and programs must be closed for this to work.

You cannot be on line for this to work. Internet Explorer must be closed all programs and windows. NO EXCEPTIONS.

did as you said, this is what we get!



**** Run Keys ****

RUN: [Synchronization Manager] mobsync.exe /logon
RUN: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
RUN: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
RUN: [LoadQM] loadqm.exe
RUN: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
RUN: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
RUN: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RUN: [klp] C:\WINNT\System32\PAL\KLP\explorer.exe
RUN: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
RUN: [Windows debug logging] winloggs.exe
RUN: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
RUN: [msnmsg] C:\TBC.exe
RUN: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
RUN: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
RUN: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
RUN: [Windows debug logging] winloggs.exe


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO: [IEWebGuard Class] C:\WINNT\System32\PAL\KLP\ieguard.dll
BHO: [IEWebGuard Class] C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar1.dll
BHO: [BHO Class] C:\WINNT\System32\CustIE32.dll


**** IE Toolbars ****

TOOLBAR: [&Google] c:\program files\google\googletoolbar1.dll


**** IE Extensions ****

IEExt: [Messenger] C:\Program Files\Messenger\MSMSGS.EXE


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 [url]www.allforadult.com[/url]
HOSTS: 127.0.0.1 allforadult.com
HOSTS: 127.0.0.1 [url]www.vesbiz.biz[/url]
HOSTS: 127.0.0.1 vesbiz.biz
HOSTS: 127.0.0.1 [url]www.aaasexypics.com[/url]
HOSTS: 127.0.0.1 aaasexypics.com
HOSTS: 127.0.0.1 [url]www.virgin-tgp.net[/url]
HOSTS: 127.0.0.1 virgin-tgp.net
HOSTS: 127.0.0.1 [url]www.5sec.biz[/url]
HOSTS: 127.0.0.1 5sec.biz
HOSTS: 127.0.0.1 [url]www.avp.com[/url]
HOSTS: 127.0.0.1 [url]www.viruslist.com[/url]
HOSTS: 127.0.0.1 viruslist.com
HOSTS: 127.0.0.1 networkassociates.com
HOSTS: 127.0.0.1 secure.nai.com
HOSTS: 127.0.0.1 downloads1.kaspersky-labs.com
HOSTS: 127.0.0.1 downloads2.kaspersky-labs.com
HOSTS: 127.0.0.1 downloads3.kaspersky-labs.com
HOSTS: 127.0.0.1 downloads4.kaspersky-labs.com
HOSTS: 127.0.0.1 downloads-us1.kaspersky-labs.com
HOSTS: 127.0.0.1 downloads-eu1.kaspersky-labs.com
HOSTS: 127.0.0.1 kaspersky-labs.com
HOSTS: 127.0.0.1 [url]www.networkassociates.com[/url]
HOSTS: 127.0.0.1 us.mcafee.com
HOSTS: 127.0.0.1 f-secure.com
HOSTS: 127.0.0.1 avp.com
HOSTS: 127.0.0.1 [url]www.sophos.com[/url]
HOSTS: 127.0.0.1 sophos.com
HOSTS: 127.0.0.1 [url]www.ca.com[/url]
HOSTS: 127.0.0.1 ca.com
HOSTS: 127.0.0.1 mast.mcafee.com
HOSTS: 127.0.0.1 my-etrust.com
HOSTS: 127.0.0.1 [url]www.kaspersky.com[/url]
HOSTS: 127.0.0.1 [url]www.f-secure.com[/url]
HOSTS: 127.0.0.1 dispatch.mcafee.com
HOSTS: 127.0.0.1 nai.com
HOSTS: 127.0.0.1 [url]www.nai.com[/url]
HOSTS: 127.0.0.1 rads.mcafee.com
HOSTS: 127.0.0.1 trendmicro.com
HOSTS: 127.0.0.1 liveupdate.symantecliveupdate.com
HOSTS: 127.0.0.1 [url]www.mcafee.com[/url]
HOSTS: 127.0.0.1 mcafee.com
HOSTS: 127.0.0.1 viruslist.com
HOSTS: 127.0.0.1 [url]www.my-etrust.com[/url]
HOSTS: 127.0.0.1 download.mcafee.com
HOSTS: 127.0.0.1 kaspersky.com
HOSTS: 127.0.0.1 [url]www.trendmicro.com[/url]
HOSTS: 127.0.0.1 [url]www.trendmicro.com[/url]


**** IE Settings ****

IEBypass: <local>
Default Page: [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[/url]
Default Search: [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
Local Page: C:\WINNT\System32\blank.htm
Search Bar: [url]http://www.google.com/ie[/url]
Search Page: [url]http://www.google.com[/url]


**** IE Context Menu (Right click) ****

IEContext: [&Google Search] res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
IEContext: [Backward Links] res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
IEContext: [Cached Snapshot of Page] res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
IEContext: [Similar Pages] res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
IEContext: [Translate into English] res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A0AE98FC-BA20-4B0D-8F87-C919DC48A389}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A0AE98FC-BA20-4B0D-8F87-C919DC48A389}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9464A5A-07D4-4F7C-8E3D-D40709395F56}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9464A5A-07D4-4F7C-8E3D-D40709395F56}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A5B7BE4B-BC0C-4EF0-B9BF-0D5BBD1BEA65}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A5B7BE4B-BC0C-4EF0-B9BF-0D5BBD1BEA65}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3897F9D1-4570-4E5A-97AA-6576CDBD00A8}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3897F9D1-4570-4E5A-97AA-6576CDBD00A8}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB85E63B-6AB4-459A-8188-2BCEA46DA49D}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB85E63B-6AB4-459A-8188-2BCEA46DA49D}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINNT\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINNT\Java\classes\xmldso.cab]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [[url]http://www.apple.com/qtactivex/qtplugin.cab][/url]
{33564D57-0000-0010-8000-00AA00389B71} [[url]http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB][/url]
{6414512B-B978-451D-A0D8-FCFDF33E833C} [[url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096923745233][/url] C:\WINNT\System32\wuweb.dll
{D27CDB6E-AE6D-11CF-96B8-444553540000} [[url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab][/url]


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] [url]http://www.google.com/ie[/url]
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

What did you click to get this?

My mistake, I was not clear.

Close all open windows.

Open CWShREDDER.

Click Update. After the program updates and runs again.

Click Fix

Post the results

sorry. there is a reporting feature within the programme you said to install. that is what is above. below is my hijack this log. is this what you need? sorry, like i said i am complete novice and all this is a little above me i am afraid


Logfile of HijackThis v1.98.2
Scan saved at 18:08:03, on 12/5/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\System32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\TBC.exe
C:\WINNT\SYSCFG16.EXE
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\PAL\KLP\svchost.exe
C:\Documents and Settings\AMD\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B388} - C:\WINNT\System32\CustIE32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnmsg] C:\TBC.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096923745233

Did click on fix for the CWHREDDER program?

Are you running version 2.0?

Please answer these questions?

Did you get my private message?

Angela, until Classicsoftware can advise you on how to secure your system from within--check with him on everything-- one of the easiest ways to secure your system is to simply remove the power cord AFTER you shut down, take it with you or store it some place secure--locked desk drawer maybe. Also, AFTER you shutdown and AFTER you remove the power cord, then take the mouse off and put it with the power cord.

If someone is dedicated though, of course, they can bring their own power cord and mouse, but this should suffice for a few days. When you put them back, put the mouse connection in the back first, then the power cord, then turn it on. Do it in that order please. Taking the mouse or keyboard off or putting them in while there is power on, or even when it is plugged in but turned off can be damaging.

edit: Also, put a little bath powder or chalk dust on the chair at the PC, just enough so you can see it and remember it, then put a piece of paper on it--note paper or someting like that. If you come back and the paper is moved or the powder is disturbed that may tell you something.

Huh????????????????

Is this the PCGuide or did I slip through a tear in the time-space continue..um? :confused:

Huh????????????????

Is this the PCGuide or did I slip through a tear in the time-space continue..um? :confused:

Angela Implied others may be using her pc w/o her permission when she is not there. He gave her an old fashioned way to determine if someone has been near the PC.