Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Dimentia

3 Posts

1042

October 16th, 2006 18:00

http://isafetypage.com homepage problem! Please help?

My Internet (IE) opens with http://isafetypage.com/ no matter what I try?
 
I have used HiJackThis and saved the LogFile as I read was suggested on this site.
 
Please help. Thanks.
 
Dell DIMENSION 5150 home user.
 
Logfile of HijackThis v1.99.1
Scan saved at 20:11:18, on 16/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MMediaCodec\isamonitor.exe
C:\Program Files\MMediaCodec\pmsngr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\MMediaCodec\pmmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\MMediaCodec\isamini.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Noel Mc Dermott\Local Settings\Temporary Internet Files\Content.IE5\ZTSW1NBP\Windows-KB890830-V1.21[1].exe
c:\5662055af7d81b19ac65dbd98f5736\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegEasy.exe] C:\Program Files\RegistryEasy\RegEasy.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe"  -startminimize
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152219717140
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Bugbatter

4 Apprentice

 • 

20.5K Posts

October 16th, 2006 21:00

Welcome :) Sorry you had to wait. We have been really swamped. Thank you for being patient.

Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

  2. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  3. Select Change state" to inactivate 'Resident Shield' and 'Automatic Updates'
  4. Right click on ewido in the system tray and uncheck "Start with Windows".
    Go to Start > Run and type: services.msc
  5. Press "OK".
  6. In Services, click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
  7. When you find the guard service, double-click on it.
  8. In the Properties Window > General Tab that opens, click the "Stop" button.
  9. From the drop-down menu next to "Startup Type", click on "Manual".
  10. Now click "Apply", then "OK" and close the Services window.
  11. Once the setup is complete you will need run AVG AS and update the definition files.
  12. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you are having problems with the updater, manually update with the AVG AS Full database installer from here.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
      • Close AVG Anti-Spyware, Do Not run a scan just yet. We will shortly.


        Open the SmitfraudFix folder and double-click smitfraudfix.cmd
        Select option #1 - Search by typing 1 and press " Enter"; a text file will appear, which lists infected files (if present).
        Please copy/paste the content of that report into your next reply.

        IMPORTANT: Do NOT run any other options until you are asked to do so!

        Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
        http://www.beyondlogic.org/consulting/proc...processutil.htm

      Dimentia

      3 Posts

      October 17th, 2006 01:00

      ---------------------------------------------------------
      AVG Anti-Spyware - Scan Report
      ---------------------------------------------------------
       + Created at: 03:40:27 17/10/2006
       + Scan result: 
       
      HKLM\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2160621638-643332015-519469371-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2160621638-643332015-519469371-1009\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
      C:\Documents and Settings\Noel Mc Dermott\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-5a8a5bd2-4d71e71f.class -> Downloader.OpenStream.y : Cleaned with backup (quarantined).
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
      C:\Documents and Settings\Unknown\Cookies\unknown@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
      C:\Documents and Settings\Unknown\Cookies\unknown@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@overture[2].txt -> TrackingCookie.Overture : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
      C:\Documents and Settings\Unknown\Cookies\unknown@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
      C:\Documents and Settings\Aoife Mc Dermott\Cookies\aoife mc dermott@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

      ::Report end
       
      ---------------------------------------------------------
      AVG Anti-Spyware - Scan Report
      ---------------------------------------------------------
       + Created at: 02:51:26 17/10/2006
       + Scan result: 
       
      HKLM\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e} -> Adware.HQVideoCodec : No action taken.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e} -> Adware.HQVideoCodec : No action taken.
      :mozilla.6:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
      :mozilla.7:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
      C:\Documents and Settings\Noel Mc Dermott\Cookies\noel mc dermott@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
      :mozilla.12:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
      :mozilla.13:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
      :mozilla.14:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
      :mozilla.155:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
      :mozilla.17:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
      :mozilla.18:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
      :mozilla.33:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
      C:\Documents and Settings\Noel Mc Dermott\Cookies\noel mc dermott@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
      :mozilla.34:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Com : No action taken.
      :mozilla.146:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
      :mozilla.147:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
      :mozilla.148:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
      :mozilla.149:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
      :mozilla.150:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
      :mozilla.151:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
      :mozilla.19:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
      :mozilla.20:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
      :mozilla.21:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
      :mozilla.22:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
      :mozilla.23:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
      :mozilla.158:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
      :mozilla.159:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
      :mozilla.160:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
      :mozilla.161:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
      :mozilla.162:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
      :mozilla.163:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
      C:\Documents and Settings\Noel Mc Dermott\Cookies\noel mc dermott@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
      :mozilla.102:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
      :mozilla.103:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
      :mozilla.104:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
      :mozilla.105:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
      :mozilla.106:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
      :mozilla.117:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
      :mozilla.118:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
      :mozilla.110:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
      :mozilla.111:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
      :mozilla.112:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
      C:\Documents and Settings\Noel Mc Dermott\Cookies\noel mc dermott@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
      :mozilla.11:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
      :mozilla.143:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
      :mozilla.144:C:\Documents and Settings\Noel Mc Dermott\Application Data\Mozilla\Firefox\Profiles\cxctjvnf.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
      C:\Documents and Settings\Noel Mc Dermott\Cookies\noel mc dermott@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.

      ::Report end
       
       
      ---------------------------------------------------------
      AVG Anti-Spyware - Scan Report
      ---------------------------------------------------------
       + Created at: 02:41:41 17/10/2006
       + Scan result: 
       
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.Generic : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e} -> Adware.HQVideoCodec : Error during cleaning.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2160621638-643332015-519469371-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2160621638-643332015-519469371-1009\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Cleaned with backup (quarantined).

      ::Report end
       

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      October 17th, 2006 02:00

      I'm not sure why you posted three reports from AVG.

      I specified above:
      "Close AVG Anti-Spyware, Do Not run a scan just yet. We will shortly."

      Dimentia

      3 Posts

      October 17th, 2006 18:00

      Thanks so much for your help, got to step 16 of your advice but could not go further. I ran the scans, found the problems and resolved all the issues.
       
      Thanks again, I think I'm over the problem, all's working well again.
       
      The 'stuff' was residing in the directory MMediaCodec in my Program Files directory.
       
      I had some annoying registry entries, and also some virus problems.
       
      If you want more info on the issues, please request.
       
      Greatful regards,
       
      Dimentia, (wouldn't accept Dimension as a user name so guess what!).

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      October 17th, 2006 19:00

      It is hard for me to know exactly what you did without a report, but if you are happy, and you are no longer having any problems, we'll leave it at that.

      I suggest running CCleaner. It is a good utility to keep and use for regular maintenance.
      Download and scan each user profile with CCleaner:
      http://www.ccleaner.com/downloadbuilds.asp
      ** Select to download the BASIC version.
      1. Before first use, select Options > Advanced and UNCHECK
      " Only delete files in Windows Temp folder older than 48 hours"
      2. Then select the items you wish to clean up.
      In the Windows Tab:
      • Clean all entries in the "Internet Explorer" section except Cookies (if you want to keep those).
      • Clean all the entries in the "Windows Explorer" section.
      • Clean all entries in the "System" section.
      • Clean all entries in the "Advanced" section.
      • Clean any others that you choose.
      In the Applications Tab:
      • Clean all except cookies (if you want to keep those) in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.
      3. Click the " Run Cleaner" button.
      4. A pop up box will appear advising this process will permanently delete files from your system.
      5. Click " OK" and it will scan and clean your system.
      6. Click " exit" when done.
      REBOOT.


      Please make sure you are running the latest version of Java. See #10 below.
      After updating Java, if everything is running smoothly, it would be good to flush System Restore.
      If everything is running well....
      To flush the XP System Restore Points:
      (Using XP, you must be logged in as Administrator to do this.)
      Go to Start>Run and type msconfig Press enter.
      When msconfig opens, click the Launch System Restore Button.
      On the next page, click the System Restore Settings Link on the left.
      Check the box labeled Turn Off System Restore.

      Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

      Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

      You may have already taken some of these steps:
      1. Visit Windows Update:
      Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
      Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

      2. Adjust your security settings for ActiveX:
      Go to Internet Options/Security/Internet, press 'default level', then OK.
      Now press "Custom Level."
      In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

      3. Download and install the following free programs:
      a. SpywareBlaster:
      http://www.javacoolsoftware.com/spywareblaster.html
      Tutorial here: http://www.bleepingcomputer.com/forums/tutorial49.html
      b. SpywareGuard:
      http://www.javacoolsoftware.com/spywareguard.html
      Tutorial here: http://www.bleepingcomputer.com/tutorials/tutorial50.html
      Periodically check for updates in both programs.

      4. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
      Note: Zone Alarm Firewall (Zone Labs) http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads
      Sunbelt Kerio has a free version: http://www.kerio.com/kpf_download.html

      5. You might consider installing Mozilla / Firefox.
      http://www.mozilla.org/

      6. Install spyware detection and removal programs:
      You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.

      a. Ad-aware: http://www.lavasoft.de/software/adaware/

      b. SpyBot S&D: http://safer-networking.org/en/news/2005-05-31.html

      I would check for updates in SpyBot once a week or so.
      Check for updates in Ad-aware frequently.

      If you have recently installed AVG Anti-Spyware, it is a free trial product for 30 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
      You will still be able to manually update it using the *update* button

      7. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List.
      Here is the link:
      http://www.spywarewarrior.com/rogue_anti-spyware.htm


      8. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/
      ** UNcheck the option to install the Yahoo toolbr.

      9. If you use Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 7.08. It would be best to remove prior versions before updating to a new version.
      Info here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
      If you need additional assistance, the Adobe forums are here: If you need additional assistance, the Adobe forums are here: http://www.adobe.com/support/forums/main.html


      10. Make sure you are using the most updated version of Java. The most updated version is jre-1_5_0_09.
      Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
      • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
      • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
      • Click the "Download" button to the right.
      • Check the box that says: "Accept License Agreement".
      • The page will refresh.
      • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
      • Close any programs you may have running - especially your web browser.
      • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
      • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
      • Click the Remove or Change/Remove button.
      • Repeat as many times as necessary to remove each Java versions.
      • Reboot your computer once all Java components are removed.
      • Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.

      Official JAVA Installation Instructions if needed.


      11. Here are some helpful articles:
      "So how did I get infected in the first place?"
      http://computercops.biz/postlite7736-.html

      "I'm not pulling your leg, honest"
      by Sandi Hardmeier
      http://www.microsoft.com/windows/IE/community/columns/pulling.mspx

      Let us know if we have not resolved your problem. Otherwise, you are good to go.
      Happy and Safe Surfing!

      Was this post helpful?

      View All

      No Events found!

      Top