Eddy
15
Well, actually this is the result of my HijackThis log analyzer if you would have the latests databases ;D
CHECKING HIJACKTHIS, INTERNET EXPLORER, WINDOWS AND SOFTWARE FIREWALL:
You are using the latest version of HijackThis.
You are using the latest version of Internet Explorer.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.
THESE ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :
\program files\siber systems\ai roboform\robotaskbaricon.exe
r3 - urlsearchhook: (no name) - {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\copern~1.dll
o2 - bho: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
o2 - bho: iewatchobj class - {9527d42f-d666-11d3-b8dd-00600838cd5f} - c:\windows\system32\ietie.dll
o2 - bho: (no name) - {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - (no file)
o3 - toolbar: &roboform - {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
o3 - toolbar: (no name) - {e0e899ab-f487-11d5-8d29-0050ba6940e3} - (no file)
o8 - extra context menu item: clear fields&0 - file://c:\program files\siber systems\ai roboform\roboformcomclearfields.html
o8 - extra context menu item: customize menu&4 - file://c:\program files\siber systems\ai roboform\roboformcomcustomizeiemenu.html
o8 - extra context menu item: fill forms&] - file://c:\program files\siber systems\ai roboform\roboformcomfillforms.html
o8 - extra context menu item: roboform&2 - file://c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html
o8 - extra context menu item: save forms&[ - file://c:\program files\siber systems\ai roboform\roboformcomsavepass.html
o9 - extra button: fill forms - {320af880-6646-11d3-abee-c5dbf3571f46} - file://c:\program files\siber systems\ai roboform\roboformcomfillforms.html
o9 - extra ‘tools’ menuitem: fill forms&] - {320af880-6646-11d3-abee-c5dbf3571f46} - file://c:\program files\siber systems\ai roboform\roboformcomfillforms.html
o9 - extra button: save - {320af880-6646-11d3-abee-c5dbf3571f49} - file://c:\program files\siber systems\ai roboform\roboformcomsavepass.html
o9 - extra ‘tools’ menuitem: save forms&[ - {320af880-6646-11d3-abee-c5dbf3571f49} - file://c:\program files\siber systems\ai roboform\roboformcomsavepass.html
o9 - extra button: clear fields - {320af880-6646-11d3-abee-c5dbf3571f54} - file://c:\program files\siber systems\ai roboform\roboformcomclearfields.html
o9 - extra ‘tools’ menuitem: clear fields&0 - {320af880-6646-11d3-abee-c5dbf3571f54} - file://c:\program files\siber systems\ai roboform\roboformcomclearfields.html
o9 - extra button: roboform - {724d43aa-0d85-11d4-9908-00400523e39a} - file://c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html
o9 - extra ‘tools’ menuitem: roboform&2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html
o9 - extra button: (no name) - {9819cc0e-9669-4d01-9cd7-2c66da43ac6c} - (no file)
o9 - extra button: trashcan - {072f3b8a-2da2-40e2-b841-88899f240200} - c:\program files\agnitum\outpost firewall\trash.exe (file missing) (hkcu)
o9 - extra ‘tools’ menuitem: show trashcan - {072f3b8a-2da2-40e2-b841-88899f240200} - c:\program files\agnitum\outpost firewall\trash.exe (file missing) (hkcu)
Also fix all lines starting with o16 - dpf
THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTIME FOR THE SYSTEM TO WORK PROPERLY:
o4 - hklm..\run: [sis khooker] “c:\windows\system32\khooker.exe”
o4 - hklm..\run: [tkbellexe] c:\program files\common files\real\update_ob\evntsvc.exe -osboot
o4 - hklm..\run: [nuonsoft wallpaper cycler startuphelper] c:\program files\nuonsoft\wallpapercycler\startuphelper.exe
o4 - hklm..\run: [diskeepersystray] “c:\program files\executive software\diskeeper\dkicon.exe”
o4 - hklm..\run: [traybar] c:\program files\traybar\traybar.exe
o4 - hkcu..\run: [msmsgs] “c:\program files\messenger\msmsgs.exe” /background
o4 - hkcu..\run: [tracks eraser pro] c:\program files\acesoft\tracks eraser pro\te.exe min
o4 - hkcu..\run: [screensavercontrol] c:\program files\screensaver control\screensavercontrol.exe
o4 - hkcu..\run: [wpchanger] “c:\program files\wpchanger\wpchanger.exe”
o4 - hkcu..\run: [mwsnap] “c:\program files\mwsnap\mwsnap.exe”
o4 - hkcu..\run: [adsl tray icon] c:\windows\system32\rundll32.exe amecsa.cpl,run_dll
o4 - hkcu..\run: [netlaunchxp] c:\program files\netlaunch xp\netlaunchxp.exe
o4 - hkcu..\run: [xreminder pro] “c:\program files\xreminder pro\xremind.exe”
o4 - hkcu..\run: [roboform] “c:\program files\siber systems\ai roboform\robotaskbaricon.exe”
o4 - hkcu..\run: [idman] c:\program files\internet download manager\idman.exe /onboot
o4 - hkcu..\run: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\netmeter.exe
o4 - startup: aisbackup.lnk = c:\program files\aquarius is consultancy\aisbackup\aisbackup.exe
o4 - startup: better memory meter.lnk = c:\program files\zinious software corporation\better memory meter\better memory meter.exe
o4 - startup: digiguide.lnk = c:\program files\digiguide tv guide\client.exe
o4 - startup: eldos timelyweb.lnk = c:\program files\eldos\timelyweb\timelyweb.exe
o4 - global startup: microsoft office.lnk = c:\program files\microsoft office\office\osa9.exe
WE HAVE NO INFO ON THE FOLLOWING ITEMS. THEY CAN BE BAD OR GOOD.
YOU HAVE TO VERIFY THEM MANUALLY. PLEASE TELL US IF YOU HAVE INFO ON THEM :
\windows\system32\notifyphonebook.exe
\program files\pimex\pimex.exe
\program files\zzee\enh1\zenh1.exe
o4 - hkcu..\run: [cookie monster auto-deletion] c:\program files\cookie monster\cookiemonster.exe -auto
o4 - global startup: pimex reminder.lnk = c:\program files\pimex\pimex.exe
o4 - global startup: zzee 1st email anti-virus.lnk = c:\program files\zzee\enh1\zenh1.exe