Skip to main content

daddy of 4

7 Posts

June 9th, 2004 16:00

O3 - Toolbar: SafeSearch - {00000000-0000-0000-0000-000000000001} -
C:\WINDOWS\SYSTEM\SAFESEARCH.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} -
  C:\WINDOWS\ADROAR.DLL (file missing)
O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -
  C:\WINDOWS\DEALHLPR.DLL (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- c:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [PromulGate] "C:\Program
Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum
Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [BLUBSTER] C:\PROGRAM FILES\BLUBSTER\BLUBSTER.exe
SILENT
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [FPODBCV] C:\WINDOWS\SYSTEM\FPODBCV.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program
Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [SearchEnhancement] "C:\PROGRAM
FILES\SCBAR\V2\SCBAR.EXE" /U
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [8zi2z] C:\WINDOWS\TEMP\8ZI2Z.EXE
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [pbnx] C:\WINDOWS\qvsdkaa.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program
Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Enhance32] c:\windows\system\enhance32.exe
O4 - HKLM\..\RunServices: [Audioinf] c:\windows\system\audioinf.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common
files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy]
c:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [ALUAlert] C:\Program
Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [Symantec NetDriver Warning]
C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDWARN.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL
Companion\companion.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America
Online 8.0\aoltray.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\ya79d8zl.exe
O4 - Global Startup: NDA0OT0I.lnk = C:\WINDOWS\ya79d8zl.exe
O4 - Global Startup: R01M8P1T.lnk = C:\WINDOWS\r01m8p1t.exe
O4 - Global Startup: IW7PGHJ1.lnk = C:\WINDOWS\iw7pghj1.exe
O4 - Global Startup: BT8X90DY.lnk = C:\WINDOWS\bt8x90dy.exe
O4 - Global Startup: X0N22HHI.lnk = C:\WINDOWS\x0n22hhi.exe
O4 - Global Startup: 3O8FKRI1.lnk = C:\WINDOWS\3o8fkri1.exe
O4 - Global Startup: TD90IZJ2.lnk = C:\WINDOWS\td90izj2.exe
O4 - Global Startup: EGCU4LMQ.lnk = C:\WINDOWS\egcu4lmq.exe
O4 - Global Startup: ALE3170L.lnk = C:\WINDOWS\ale3170l.exe
O4 - Global Startup: Z7RAI7XF.lnk = C:\WINDOWS\z7rai7xf.exe
O4 - Global Startup: MLIXQT2I.lnk = C:\WINDOWS\mlixqt2i.exe
O4 - Global Startup: YA79D8ZL.lnk = C:\WINDOWS\ya79d8zl.exe
O4 - Global Startup: QN678M04.lnk = C:\WINDOWS\qn678m04.exe
O4 - Global Startup: QMC9AYFY.lnk = C:\WINDOWS\jz77pwc6.exe
O4 - Global Startup: ZTW47YE1.lnk = C:\WINDOWS\ztw47ye1.exe
O4 - Global Startup: AL0803J8.lnk = C:\WINDOWS\al0803j8.exe
O4 - Global Startup: THE2ILFX.lnk = C:\WINDOWS\the2ilfx.exe
O4 - Global Startup: MUGF3NB7.lnk = C:\WINDOWS\mugf3nb7.exe
O4 - Global Startup: ZBAYYPFZ.lnk = C:\WINDOWS\zbayypfz.exe
O4 - Global Startup: 2DO57F3K.lnk = C:\WINDOWS\2do57f3k.exe
O4 - Global Startup: LMN30ILT.lnk = C:\WINDOWS\lmn30ilt.exe
O4 - Global Startup: MWKONKJ9.lnk = C:\WINDOWS\mwkonkj9.exe
O4 - Global Startup: P56X3HJW.lnk = C:\WINDOWS\p56x3hjw.exe
O4 - Global Startup: M8XZB1TP.lnk = C:\WINDOWS\m8xzb1tp.exe
O4 - Global Startup: 3YCAGR1Z.lnk = C:\WINDOWS\3ycagr1z.exe
O4 - Global Startup: IL8ODPIV.lnk = C:\WINDOWS\il8odpiv.exe
O4 - Global Startup: 7MLIRKAJ.lnk = C:\WINDOWS\7mlirkaj.exe
O4 - Global Startup: 6Y560AMY.lnk = C:\WINDOWS\6y560amy.exe
O4 - Global Startup: FLNGLRD3.lnk = C:\WINDOWS\flnglrd3.exe
O4 - Global Startup: CNPHQ6F4.lnk = C:\WINDOWS\cnphq6f4.exe
O4 - Global Startup: QC2GHG6I.lnk = C:\WINDOWS\qc2ghg6i.exe
O4 - Global Startup: JUEVOJK5.lnk = C:\WINDOWS\juevojk5.exe
O4 - Global Startup: 2G4YZJCF.lnk = C:\WINDOWS\2g4yzjcf.exe
O4 - Global Startup: VT37CU9J.lnk = C:\WINDOWS\vt37cu9j.exe
O4 - Global Startup: 5LQWD472.lnk = C:\WINDOWS\5lqwd472.exe
O4 - Global Startup: V2N0KH2O.lnk = C:\WINDOWS\v2n0kh2o.exe
O4 - Global Startup: YGFFBVHJ.lnk = C:\WINDOWS\ygffbvhj.exe
O4 - Global Startup: MQFBOCTF.lnk = C:\WINDOWS\mqfboctf.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: MXRRFALG.lnk = C:\WINDOWS\mxrrfalg.exe
O4 - Global Startup: KT83FINT.lnk = C:\WINDOWS\kt83fint.exe
O4 - Global Startup: EVZJ10I5.lnk = C:\WINDOWS\evzj10i5.exe
O4 - Global Startup: R64PB7RO.lnk = C:\WINDOWS\r64pb7ro.exe
O4 - Global Startup: UQP3FV6N.lnk = C:\WINDOWS\uqp3fv6n.exe
O4 - Global Startup: MI0P4K52.lnk = C:\WINDOWS\mi0p4k52.exe
O4 - Global Startup: M04XQ5TO.lnk = C:\WINDOWS\m04xq5to.exe
O4 - Global Startup: F5U3ODHP.lnk = C:\WINDOWS\f5u3odhp.exe
O4 - Global Startup: VQKVRZNL.lnk = C:\WINDOWS\vqkvrznl.exe
O4 - Global Startup: 4U0CRLW4.lnk = C:\WINDOWS\4u0crlw4.exe
O4 - Global Startup: K8T9WH49.lnk = C:\WINDOWS\k8t9wh49.exe
O4 - Global Startup: FEU36EKR.lnk = C:\WINDOWS\feu36ekr.exe
O4 - Global Startup: MX0V5PE7.lnk = C:\WINDOWS\mx0v5pe7.exe
O4 - Global Startup: 0WIT6WL8.lnk = C:\WINDOWS\0wit6wl8.exe
O4 - Global Startup: O37ODZM0.lnk = C:\WINDOWS\o37odzm0.exe
O4 - Global Startup: PQRVM545.lnk = C:\WINDOWS\pqrvm545.exe
O4 - Global Startup: BU46T7K3.lnk = C:\WINDOWS\bu46t7k3.exe
O4 - Global Startup: 85M76YOO.lnk = C:\WINDOWS\85m76yoo.exe
O4 - Global Startup: PGZ5QZW9.lnk = C:\WINDOWS\pgz5qzw9.exe
O4 - Global Startup: LPWXAA5F.lnk = C:\WINDOWS\lpwxaa5f.exe
O4 - Global Startup: OWGPGF93.lnk = C:\WINDOWS\owgpgf93.exe
O4 - Global Startup: 6AJRY2H0.lnk = C:\WINDOWS\6ajry2h0.exe
O4 - Global Startup: BUKNNT4B.lnk = C:\WINDOWS\buknnt4b.exe
O4 - Global Startup: 2978XB1K.lnk = C:\WINDOWS\2978xb1k.exe
O4 - Global Startup: Q60IWPH7.lnk = C:\WINDOWS\q60iwph7.exe
O4 - Global Startup: O6AC6PYY.lnk = C:\WINDOWS\o6ac6pyy.exe
O4 - Global Startup: O59Q7GO5.lnk = C:\WINDOWS\o59q7go5.exe
O4 - Global Startup: FJ9012QH.lnk = C:\WINDOWS\fj9012qh.exe
O4 - Global Startup: 4W5YY8TJ.lnk = C:\WINDOWS\4w5yy8tj.exe
O4 - Global Startup: GYLN04XP.lnk = C:\WINDOWS\gyln04xp.exe
O4 - Global Startup: GRJPJTNH.lnk = C:\WINDOWS\grjpjtnh.exe
O4 - Global Startup: J6RGY1JB.lnk = C:\WINDOWS\j6rgy1jb.exe
O4 - Global Startup: KWAHY0C7.lnk = C:\WINDOWS\kwahy0c7.exe
O4 - Global Startup: 8HK05O4P.lnk = C:\WINDOWS\8hk05o4p.exe
O4 - Global Startup: 6G11RDQK.lnk = C:\WINDOWS\6g11rdqk.exe
O4 - Global Startup: NDU63FO7.lnk = C:\WINDOWS\ndu63fo7.exe
O4 - Global Startup: B3704Z3I.lnk = C:\WINDOWS\b3704z3i.exe
O4 - Global Startup: 221IKG10.lnk = C:\WINDOWS\221ikg10.exe
O4 - Global Startup: O4ZLVJ80.lnk = C:\WINDOWS\o4zlvj80.exe
O4 - Global Startup: 74WYZY5E.lnk = C:\WINDOWS\74wyzy5e.exe
O4 - Global Startup: HVEUO4MU.lnk = C:\WINDOWS\hveuo4mu.exe
O4 - Global Startup: ZAK24X90.lnk = C:\WINDOWS\zak24x90.exe
O4 - Global Startup: BZ0T0150.lnk = C:\WINDOWS\bz0t0150.exe
O4 - Global Startup: H8WRG0J0.lnk = C:\WINDOWS\h8wrg0j0.exe
O4 - Global Startup: GAEBP7C1.lnk = C:\WINDOWS\gaebp7c1.exe
O4 - Global Startup: W4TW100O.lnk = C:\WINDOWS\w4tw100o.exe
O4 - Global Startup: 1PLF3H88.lnk = C:\WINDOWS\1plf3h88.exe
O4 - Global Startup: 0T0YT0IA.lnk = C:\WINDOWS\0t0yt0ia.exe
O4 - Global Startup: QH5OVOUT.lnk = C:\WINDOWS\qh5ovout.exe
O4 - Global Startup: CQDI452W.lnk = C:\WINDOWS\cqdi452w.exe
O4 - Global Startup: 306M8RN9.lnk = C:\WINDOWS\306m8rn9.exe
O4 - Global Startup: X3UG70YZ.lnk = C:\WINDOWS\x3ug70yz.exe
O4 - Global Startup: KMY3OKW3.lnk = C:\WINDOWS\kmy3okw3.exe
O4 - Global Startup: JZ77PWC6.lnk = C:\WINDOWS\jz77pwc6.exe
O4 - Global Startup: Q3R8QONM.lnk = C:\WINDOWS\q3r8qonm.exe
O4 - Global Startup: VFM5I6WL.lnk = C:\WINDOWS\vfm5i6wl.exe
O4 - Global Startup: 7EGF6JPL.lnk = C:\WINDOWS\7egf6jpl.exe
O4 - Global Startup: 4CNUBIID.lnk = C:\WINDOWS\4cnubiid.exe
O4 - Global Startup: TG8PD092.lnk = C:\WINDOWS\tg8pd092.exe
O4 - Global Startup: AL0IRNTW.lnk = C:\WINDOWS\al0irntw.exe
O4 - Global Startup: 6504X2BT.lnk = C:\WINDOWS\6504x2bt.exe
O4 - Global Startup: X8DG25YU.lnk = C:\WINDOWS\x8dg25yu.exe
O4 - Global Startup: JTVLELDE.lnk = C:\WINDOWS\jtvlelde.exe
O4 - Global Startup: ZOA43L7P.lnk = C:\WINDOWS\zoa43l7p.exe
O4 - Global Startup: J2M5VEB8.lnk = C:\WINDOWS\j2m5veb8.exe
O4 - Global Startup: TWWE1ROK.lnk = C:\WINDOWS\twwe1rok.exe
O4 - Global Startup: TF5F0YZU.lnk = C:\WINDOWS\tf5f0yzu.exe
O4 - Global Startup: 28RVX3YZ.lnk = C:\WINDOWS\28rvx3yz.exe
O4 - Global Startup: OYJNMC8T.lnk = C:\WINDOWS\oyjnmc8t.exe
O4 - Global Startup: 4UIEM66M.lnk = C:\WINDOWS\4uiem66m.exe
O4 - Global Startup: PPKI48B9.lnk = C:\WINDOWS\ppki48b9.exe
O4 - Global Startup: D26U1E21.lnk = C:\WINDOWS\d26u1e21.exe
O4 - Global Startup: OQ0EPJI9.lnk = C:\WINDOWS\oq0epji9.exe
O4 - Global Startup: 091QXM04.lnk = C:\WINDOWS\091qxm04.exe
O4 - Global Startup: 10VDTPRU.lnk = C:\WINDOWS\10vdtpru.exe
O4 - Global Startup: TE5X7VQM.lnk = C:\WINDOWS\te5x7vqm.exe
O4 - Global Startup: LWP01JZ5.lnk = C:\WINDOWS\lwp01jz5.exe
O4 - Global Startup: 7J0YKVBO.lnk = C:\WINDOWS\7j0ykvbo.exe
O4 - Global Startup: R65W9PL0.lnk = C:\WINDOWS\r65w9pl0.exe
O4 - Global Startup: IAD2L160.lnk = C:\WINDOWS\iad2l160.exe
O4 - Global Startup: M5LRFB1B.lnk = C:\WINDOWS\m5lrfb1b.exe
O4 - Global Startup: J5ZBFVV2.lnk = C:\WINDOWS\j5zbfvv2.exe
O4 - Global Startup: 7CM0O4O4.lnk = C:\WINDOWS\7cm0o4o4.exe
O4 - Global Startup: 4CVEXR17.lnk = C:\WINDOWS\4cvexr17.exe
O4 - Global Startup: 4KBZNCGE.lnk = C:\WINDOWS\4kbzncge.exe
O4 - Global Startup: HW1MG1MI.lnk = C:\WINDOWS\hw1mg1mi.exe
O4 - Global Startup: WHMD2YNJ.lnk = C:\WINDOWS\whmd2ynj.exe
O4 - Global Startup: YBX6ED5W.lnk = C:\WINDOWS\ybx6ed5w.exe
O4 - Global Startup: 6IUCR1DX.lnk = C:\WINDOWS\6iucr1dx.exe
O4 - Global Startup: 8XI0R96O.lnk = C:\WINDOWS\8xi0r96o.exe
O4 - Global Startup: 4TJAFXGE.lnk = C:\WINDOWS\4tjafxge.exe
O4 - Global Startup: IK9H15C7.lnk = C:\WINDOWS\ik9h15c7.exe
O4 - Global Startup: FH0TGYP8.lnk = C:\WINDOWS\fh0tgyp8.exe
O4 - Global Startup: VHBK0JLT.lnk = C:\WINDOWS\vhbk0jlt.exe
O4 - Global Startup: IY9UQQLO.lnk = C:\WINDOWS\iy9uqqlo.exe
O4 - Global Startup: GPRM61VF.lnk = C:\WINDOWS\gprm61vf.exe
O4 - Global Startup: 7H0XO2A6.lnk = C:\WINDOWS\7h0xo2a6.exe
O4 - Global Startup: GPO85I6C.lnk = C:\WINDOWS\gpo85i6c.exe
O4 - Global Startup: 730FZR9M.lnk = C:\WINDOWS\730fzr9m.exe
O4 - Global Startup: 6EZ9GL32.lnk = C:\WINDOWS\6ez9gl32.exe

daddy of 4

7 Posts

June 9th, 2004 16:00

O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) -
http://207.188.7.105/1724b4ae9e91e515e120/netzip/RdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) -
http://aol.ea.com/downloads/games/common/ieell.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) -
file://C:\WINDOWS\TEMP\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} -
http://www.stop-sign.com/pub/download/stop-sign_stp.cab
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} -
http://download.mediacharger.com/swimsuitnetwork.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} -
http://dst.trafficsyndicate.com/Dnl/T_40/QDow.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search
Settings Control) -
http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net


 

baskar1234

181 Posts

June 9th, 2004 19:00

Click http://security.kolla.de to download Spybot Search & Destroy - install, update, scan and fix all RED items it finds. Reboot when done.


Click http://www.lavasoftusa.com/support/download to download Ad-Aware and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Then click the gear wheel at the top and check these options:


General -- activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"


Scanning -- activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"


Tweaks -- Scanning Engine-- activate this: "Unload recognized processes during scanning."


Tweaks -- Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."


Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".


Reboot when done, rescan with Hijackthis and post a new log here so that the remnants can be removed manually.


Also download this zip file from


http://www.wilderssecurity.com/attachments/9x_Adtomi_Cleanup.zip


 First If you have a Script Blocking Program enabled, disable it first so the scripts may run.

Unzip it to C:\Windows

See if there is an Adtomi or yahoo stocks icon in your system tray , it might be a red ?? and if so right click and select remove , you must be online for this part

A web page from Adtomi would appear "-uninstall was succesful!"
then go off line
(note not all infections have this icon, so if it isn't there then don't worry)

next press ctrl+ ALT+DEL once to bring up task manage & stop the running process on the funny named file with 8 assorted letters & numbers, that will be listed towards the bottom of the running process list in your hijackthis log,
and there might also be morze1 running, if so end that process as well

if you don't have any starnge named exe files running or you can't stop it running, then DO NOT CONTINUE, please ask for more help first

Now locate and Double Click Cleanup.bat that is in the folder you unzipped ( C:\Windows\Adtomi Cleanup )

Do not Touch the VBS files. The bat file will run the scripts.

It will remove the Adtomi Spyware files from the Windows Folder
Clean the Startup Folders
Create Backups of the Adtomi exe files it deletes and save them in this folder
Create a list of all oddly named files deleted from the Windows Folder
Uninstall the BHO
Start HijackThis and give you directions on what to remove.

When you have finished please restart the computer.

Run HijackThis again and post the contents of your new log and the contents of Adtomi.txt in your next reply in your Forum Topic.



Message Edited by baskar1234 on 06-09-2004 03:58 PM


Message Edited by baskar1234 on 06-09-2004 03:59 PM

Message Edited by baskar1234 on 06-09-2004 04:02 PM

Was this post helpful?

View All

No Events found!

Top