Adware/Spyware Problem...involves YooGee search

Question

Somehow somewhere, I got this thing called YooGee search, after attempting to remove it with both Adaware, and Spybot Search and Destroy, I now just get blank wen pages when I search, following is my hijackthis file.. any help would be wonderful..   Thanks Dave O.   Logfile of HijackThis v1.97.7 Scan saved at 6:35:12 PM, on 11/30/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\System32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\LEXBCES.EXE F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\LEXPPS.EXE F:\WINDOWS\Explorer.EXE F:\Program Files\Lexmark X5100 Series\lxbabmgr.exe F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe F:\WINDOWS\system32\CTHELPER.EXE F:\Program Files\Common Files\Symantec Shared\ccApp.exe F:\Program Files\QuickTime\qttask.exe F:\Program Files\Lexmark X5100 Series\lxbabmon.exe F:\Program Files\Logitech\iTouch\iTouch.exe F:\Program Files\Windows TaskAd\WinTaskAd.exe F:\Program Files\Internet Optimizer\optimize.exe F:\Program Files\Logitech\MouseWare\system\em_exec.exe F:\Program Files\Windows TaskAd\WinSched.exe F:\Program Files\Messenger\msmsgs.exe F:\PROGRA~1\AIM\aim.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Yahoo!\Messenger\ypager.exe F:\Program Files\Common Files\Symantec Shared\ccProxy.exe F:\PROGRA~1\COMMON~1	sa	sm2.exe F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe F:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe F:\Program Files\Handspring\HotSync.exe F:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe F:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe F:\PROGRA~1\COMMON~1	sa	sl2.exe F:\Program Files\Kazaa Lite K++\Kazaa.kpp F:\WINDOWS\system32\mmc.exe F:\WINDOWS\system32\DfrgNtfs.exe F:\Program Files\Common Files\Real\Update_OBealsched.exe F:\PROGRA~1\COMMON~1	sa	s2.exe F:\WINDOWS\system32\DfrgNtfs.exe f:\program files\internet explorer\iexplore.exe F:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE F:\Program Files\Web_Rebates\WebRebates0.exe C:\Appz\HijackThis.exe F:\Program Files\Web_Rebates\WebRebates1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://indylarp.org/phpnuke/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - F:\PROGRA~1\SEARCH~1\SEARCH~1.DLL O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\system32\msbe.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Lexmark X5100 Series] 'F:\Program Files\Lexmark X5100 Series\lxbabmgr.exe' O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] 'F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe' O4 - HKLM\..\Run: [ccApp] 'F:\Program Files\Common Files\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [TkBellExe] 'F:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot O4 - HKLM\..\Run: [QuickTime Task] 'F:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Windows TaskAd] F:\Program Files\Windows TaskAd\WinTaskAd.exe O4 - HKLM\..\Run: [salm] f:	emp\salm.exe O4 - HKLM\..\Run: [WebRebates0] 'F:\Program Files\Web_Rebates\WebRebates0.exe' O4 - HKCU\..\Run: [MSMSGS] 'F:\Program Files\Messenger\msmsgs.exe' /background O4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Tsa2] F:\PROGRA~1\COMMON~1	sa	sm2.exe O4 - HKLM\..\RunOnce: [SpyBotSnD] 'F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe' /autocheck O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HotSync Manager.lnk = F:\Program Files\Handspring\HotSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: OpenMG Jukebox Startup.lnk = F:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Web Rebates - file://F:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O9 - Extra button: WeatherBug (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d5ce257857a083868c1f4672b0407c8b9379fe5496c0e7d74dd5b79e931ad6d6d9b0f3669e53e51b8fba848fa8088c3fc64cb0edfedca287d6c4c1b056f368:c05c8ac2b23f939ff11a0351cafa03db O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/108ccb1cc5a4975f2a03/netzip/RdxIE601.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38200.9025462963 O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab

Midnight Star · Answer

Dave O,

First, let's go to www.trendmicro.com and click on "Free Online Scan". It'll take a few minutes to download. when it's done, select all available drives, then click "Scan".

-----

Next, download HiJackThis version 1.98.2 and repost your log. It can pick up more problems than the prior one.

http://www.majorgeeks.com/download3155.html

-----

Mike.

Message Edited by Midnight Star on 11-30-2004 09:45 PM

OniNoDeibbido · Answer

Thnaks for the advice, here is the recent hijackthis file.   Dave O. Logfile of HijackThis v1.98.2Scan saved at 11:29:49 PM, on 11/30/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\System32\Ati2evxx.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\system32\Ati2evxx.exeF:\WINDOWS\system32\LEXBCES.EXEF:\WINDOWS\system32\spoolsv.exeF:\WINDOWS\system32\LEXPPS.EXEF:\WINDOWS\Explorer.EXEF:\Program Files\Lexmark X5100 Series\lxbabmgr.exeF:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeF:\WINDOWS\system32\CTHELPER.EXEF:\Program Files\Common Files\Symantec Shared\ccApp.exeF:\Program Files\QuickTime\qttask.exeF:\Program Files\Lexmark X5100 Series\lxbabmon.exeF:\Program Files\Logitech\iTouch\iTouch.exeF:\Program Files\Windows TaskAd\WinTaskAd.exeF:\Program Files\Internet Optimizer\optimize.exeF:\Program Files\Logitech\MouseWare\system\em_exec.exeF:\Program Files\Windows TaskAd\WinSched.exeF:\Program Files\Messenger\msmsgs.exeF:\PROGRA~1\AIM\aim.exeF:\WINDOWS\system32\ctfmon.exeF:\Program Files\Yahoo!\Messenger\ypager.exeF:\Program Files\Common Files\Symantec Shared\ccProxy.exeF:\PROGRA~1\COMMON~1	sa	sm2.exeF:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeF:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeF:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exeF:\Program Files\Handspring\HotSync.exeF:\Program Files\Sony\OpenMG Jukebox\Omgtray.exeF:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeF:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeF:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeF:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeF:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeF:\PROGRA~1\COMMON~1	sa	sl2.exeF:\Program Files\Common Files\Real\Update_OBealsched.exeF:\Program Files\Web_Rebates\WebRebates1.exeF:\Program Files\Web_Rebates\WebRebates0.exef:\program files\internet explorer\iexplore.exeF:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXEF:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEF:\PROGRA~1\COMMON~1	sa	s2.exeF:\DOCUME~1\DS5F6D~1.ONG\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jspR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://indylarp.org/phpnuke/index.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jspR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - F:\PROGRA~1\SEARCH~1\SEARCH~1.DLLO2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\system32\msbe.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [Lexmark X5100 Series] 'F:\Program Files\Lexmark X5100 Series\lxbabmgr.exe'O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\NeroCheck.exeO4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [Jet Detection] 'F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe'O4 - HKLM\..\Run: [ccApp] 'F:\Program Files\Common Files\Symantec Shared\ccApp.exe'O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Program Files\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [TkBellExe] 'F:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osbootO4 - HKLM\..\Run: [QuickTime Task] 'F:\Program Files\QuickTime\qttask.exe' -atboottimeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [Windows TaskAd] F:\Program Files\Windows TaskAd\WinTaskAd.exeO4 - HKLM\..\Run: [salm] f:	emp\salm.exeO4 - HKLM\..\Run: [WebRebates0] 'F:\Program Files\Web_Rebates\WebRebates0.exe'O4 - HKLM\..\RunOnce: [SpyBotSnD] 'F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe' /autocheckO4 - HKCU\..\Run: [MSMSGS] 'F:\Program Files\Messenger\msmsgs.exe' /backgroundO4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [Tsa2] F:\PROGRA~1\COMMON~1	sa	sm2.exeO4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeO4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: HotSync Manager.lnk = F:\Program Files\Handspring\HotSync.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: OpenMG Jukebox Startup.lnk = F:\Program Files\Sony\OpenMG Jukebox\Omgtray.exeO8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmO8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO8 - Extra context menu item: Web Rebates - file://F:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htmO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exeO9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - F:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cabO16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d5ce257857a083868c1f4672b0407c8b9379fe5496c0e7d74dd5b79e931ad6d6d9b0f3669e53e51b8fba848fa8088c3fc64cb0edfedca287d6c4c1b056f368:c05c8ac2b23f939ff11a0351cafa03dbO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/108ccb1cc5a4975f2a03/netzip/RdxIE601.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab

Midnight Star · Answer

Dave O,

Ok, let's see if we can get some of that cleaned off...

Go to " Add/Remove programs" and remove(uninstall) the following, if present:

Win TaskAd

WebRebates

'search'

...or anything with that in the name.

Be careful not to uninstall any personal or system software.

Next, run HiJackThis and click " Scan", then check(tick) the following entry(s), if present:

F:\Program Files\Windows TaskAd\WinTaskAd.exe
F:\Program Files\Windows TaskAd\WinSched.exe
F:\PROGRA~1\COMMON~1\tsa\tsm2.exe
F:\PROGRA~1\COMMON~1\tsa\tsl2.exe
F:\Program Files\Web_Rebates\WebRebates1.exe
F:\Program Files\Web_Rebates\WebRebates0.exe
F:\PROGRA~1\COMMON~1\tsa\ts2.exe

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - F:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\system32\msbe.dll

O4 - HKLM\..\Run: [Windows TaskAd] F:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [salm] f:\temp\salm.exe
O4 - HKLM\..\Run: [WebRebates0] "F:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [Tsa2] F:\PROGRA~1\COMMON~1\tsa\tsm2.exe

O8 - Extra context menu item: Web Rebates - file://F:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/108ccb1cc5a4975f2a03/netzip/RdxIE601.cab

Now, with all windows closed except HiJackThis, click " Fix checked".

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

Files...

F:\WINDOWS\system32\msbe.dll
F:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
(Check this one's folder. You might be able to remove the folder along with the file.)

Folders...

F:\PROGRA~1\COMMON~1\tsa

F:\Program Files\Web_Rebates

" F:\Program Files\Windows TaskAd"

Run " Disk Cleanup" and allow it to remove anything that it finds.

Reboot your computer.

Post back a new log.

Mike.

OniNoDeibbido · Answer

Thanks Again, here is the next hijackthis file. Dave O.   Logfile of HijackThis v1.98.2 Scan saved at 12:25:24 AM, on 12/2/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\System32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\LEXBCES.EXE F:\WINDOWS\system32\LEXPPS.EXE F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Lexmark X5100 Series\lxbabmgr.exe F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe F:\WINDOWS\system32\CTHELPER.EXE F:\Program Files\Common Files\Symantec Shared\ccApp.exe F:\Program Files\Common Files\Real\Update_OBealsched.exe F:\Program Files\Lexmark X5100 Series\lxbabmon.exe F:\Program Files\QuickTime\qttask.exe F:\Program Files\Logitech\iTouch\iTouch.exe F:	emp\salm.exe F:\Program Files\Messenger\msmsgs.exe F:\PROGRA~1\AIM\aim.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Yahoo!\Messenger\ypager.exe F:\PROGRA~1\COMMON~1	sa	sm2.exe F:\Program Files\Logitech\MouseWare\system\em_exec.exe F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe F:\Program Files\Handspring\HotSync.exe F:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe F:\PROGRA~1\COMMON~1	sa	s2.exe F:\Program Files\Common Files\Symantec Shared\ccProxy.exe F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe F:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe F:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe F:\DOCUME~1\DS5F6D~1.ONG\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe F:\PROGRA~1\COMMON~1	sa	sl2.exe F:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE F:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://indylarp.org/phpnuke/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Lexmark X5100 Series] 'F:\Program Files\Lexmark X5100 Series\lxbabmgr.exe' O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] 'F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe' O4 - HKLM\..\Run: [ccApp] 'F:\Program Files\Common Files\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [TkBellExe] 'F:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot O4 - HKLM\..\Run: [QuickTime Task] 'F:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [foj] F:\WINDOWS\foj.exe O4 - HKCU\..\Run: [MSMSGS] 'F:\Program Files\Messenger\msmsgs.exe' /background O4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Tsa2] F:\PROGRA~1\COMMON~1	sa	sm2.exe O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HotSync Manager.lnk = F:\Program Files\Handspring\HotSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: OpenMG Jukebox Startup.lnk = F:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - F:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d5ce257857a083868c1f4672b0407c8b9379fe5496c0e7d74dd5b79e931ad6d6d9b0f3669e53e51b8fba848fa8088c3fc64cb0edfedca287d6c4c1b056f368:c05c8ac2b23f939ff11a0351cafa03db O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab

Midnight Star · Answer

Dave O,

That's looking better!, just a few more stragglers to go...

First, let's move HiJackThis to it's own folder; like " C:\HJT". That way, any backups that are made from 'fixed' entry(s) can be easily restored.

Reboot your computer into " Safe Mode".

Go to " Windows Task Manager" and 'end' the following processes, if present:

salm.exe
tsm2.exe
ts2.exe
tsl2.exe
foj.exe

Now, run HiJackThis and click " Scan", then check(tick) the following entry(s), if present:

F:\temp\salm.exe
F:\PROGRA~1\COMMON~1\tsa\tsm2.exe
F:\PROGRA~1\COMMON~1\tsa\ts2.exe
F:\PROGRA~1\COMMON~1\tsa\tsl2.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [foj] F:\WINDOWS\foj.exe
O4 - HKCU\..\Run: [Tsa2] F:\PROGRA~1\COMMON~1\tsa\tsm2.exe

Now, with all windows closed except HiJackThis, click " Fix checked".

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

files...

F:\temp\salm.exe
F:\WINDOWS\foj.exe

folders...

F:\PROGRA~1\COMMON~1\tsa

Reboot your computer normally.

Post back a new log.

Mike.

Midnight Star · Answer

Dave O,   That looks much better! Good work!     Now, for final cleanup, i'd suggest you:   Disable, then re-enable system restore to flush your restore points, then  immediately set create a new restore point manually. Run 'Disk Cleanup' one more time and allow it to remove all that it finds. Scan with AdAware SE Personal & Spybot S&D to remove any stray registry entry(s) present from the prior 'infection'. Happy surfing, Mike. Edits: spelling. Message Edited by Midnight Star on 12-07-2004 06:19 PM

OniNoDeibbido · Answer

Okay that is done, how does this look.   Dave O.   Logfile of HijackThis v1.98.2 Scan saved at 7:04:29 PM, on 12/7/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\System32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\LEXBCES.EXE F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\LEXPPS.EXE F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Lexmark X5100 Series\lxbabmgr.exe F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe F:\WINDOWS\system32\CTHELPER.EXE F:\Program Files\Common Files\Symantec Shared\ccApp.exe F:\Program Files\Common Files\Real\Update_OBealsched.exe F:\Program Files\QuickTime\qttask.exe F:\Program Files\Lexmark X5100 Series\lxbabmon.exe F:\Program Files\Logitech\iTouch\iTouch.exe F:\Program Files\Messenger\msmsgs.exe F:\PROGRA~1\AIM\aim.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Yahoo!\Messenger\ypager.exe F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe F:\Program Files\Handspring\HotSync.exe F:\Program Files\Logitech\MouseWare\system\em_exec.exe F:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe F:\Program Files\Common Files\Symantec Shared\ccProxy.exe F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe F:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe F:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe F:\Program Files\HijackThis.exe F:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://indylarp.org/phpnuke/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Lexmark X5100 Series] 'F:\Program Files\Lexmark X5100 Series\lxbabmgr.exe' O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] 'F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe' O4 - HKLM\..\Run: [ccApp] 'F:\Program Files\Common Files\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [TkBellExe] 'F:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot O4 - HKLM\..\Run: [QuickTime Task] 'F:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [MSMSGS] 'F:\Program Files\Messenger\msmsgs.exe' /background O4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HotSync Manager.lnk = F:\Program Files\Handspring\HotSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: OpenMG Jukebox Startup.lnk = F:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - F:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d5ce257857a083868c1f4672b0407c8b9379fe5496c0e7d74dd5b79e931ad6d6d9b0f3669e53e51b8fba848fa8088c3fc64cb0edfedca287d6c4c1b056f368:c05c8ac2b23f939ff11a0351cafa03db O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab

Virus & Spyware

Adware/Spyware Problem...involves YooGee search

Was this post helpful?