I have a process runnin Duce6.exe an keep gettin a million popups ...Heres my Hijack This log
Logfile of HijackThis v1.99.1
Scan saved at 6:19:13 PM, on 8/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\thiselt.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Common Files\{208D185F-05D7-1033-0425-011207000001}\Update.exe
C:\WINDOWS\sys01461177275.exe
C:\Program Files\Opera\opera.exe
C:\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsz95.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [sys01461177275] C:\WINDOWS\sys01461177275.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} - http://209.190.16.26/webnetcounters/PopupSh.ocx
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
Help Me Please...
Full Version: Duce6.exe and a million popups
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
QUOTE(kleptoned @ Aug 30 2006, 02:23 AM) 
I have a process runnin Duce6.exe an keep gettin a million popups ...Heres my Hijack This log
Logfile of HijackThis v1.99.1
Scan saved at 6:19:13 PM, on 8/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\thiselt.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Common Files\{208D185F-05D7-1033-0425-011207000001}\Update.exe
C:\WINDOWS\sys01461177275.exe
C:\Program Files\Opera\opera.exe
C:\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsz95.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [sys01461177275] C:\WINDOWS\sys01461177275.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} - http://209.190.16.26/webnetcounters/PopupSh.ocx
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
Help Me Please...
Logfile of HijackThis v1.99.1
Scan saved at 6:19:13 PM, on 8/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\thiselt.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Common Files\{208D185F-05D7-1033-0425-011207000001}\Update.exe
C:\WINDOWS\sys01461177275.exe
C:\Program Files\Opera\opera.exe
C:\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsz95.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [sys01461177275] C:\WINDOWS\sys01461177275.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} - http://209.190.16.26/webnetcounters/PopupSh.ocx
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
Help Me Please...
Heres mt Ewido Log
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:19:18 PM 8/29/2006
+ Scan result:
C:\WINDOWS\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin\Local Settings\Temp\NNBar_VCSetup_876072.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin\Local Settings\Temp\mit1A.tmp.cab/NNBar_VCSetup_876072.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin\Local Settings\Temp\mit1A.tmp/NNBar_VCSetup_876072.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin\Local Settings\Temp\i8A.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-57989841-706699826-854245398-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-57989841-706699826-854245398-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adrotate.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin\Local Settings\Temp\a58c8a4a.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\ac3_0002.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin\Local Settings\Temp\bl4ck.com -> Downloader.Small.dmj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\a.exe -> Downloader.Small.dmj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Proof\timeupdate.exe -> Proxy.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Kevin\Cookies\kevin@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Common Files\{208D185F-05D7-1033-0425-011207000001}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
C:\WINDOWS\sys09546117727.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\uni_ehhhh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\uninst104.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
::Report end
And my new HIJACKTHIS Log
Logfile of HijackThis v1.99.1
Scan saved at 8:29:40 PM, on 8/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsz95.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing)
O4 - HKLM\..\Run: [nod32upd] rundll32 "C:\Program Files\Eset\fc_upd.dll",NOD32Ioctl
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} - http://209.190.16.26/webnetcounters/PopupSh.ocx
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
Hope this is enough info for yall to help me...Thanks in advance...
Hi ,
Apologies for the late reply, we've been quite swamped in here as you can probably see.
Are you still needing help?
I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.
If you still need help we need two things:
1. Your Adaware Scan log with the latest reference file update.
Please make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R121 28.08.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
...............
2. A fresh HijackThis log for review to see where you are now.
Apologies for the late reply, we've been quite swamped in here as you can probably see.
Are you still needing help?
I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.
If you still need help we need two things:
1. Your Adaware Scan log with the latest reference file update.
Please make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R121 28.08.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
...............
2. A fresh HijackThis log for review to see where you are now.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.