Skip to main content

Bugbatter

3 Apprentice

 • 

20.5K Posts

November 27th, 2006 01:00

Welcome back :)

Please print these instructions so you can follow them exactly.

Look in your Control Panel's Add/Remove Programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets

Reboot and download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Reboot

Next Step: Download and install AVG Anti-Spyware 7.5
1. After download, double click on the file to launch the install process.
2. Choose a language, click " OK" and then click " Next".
3. Read the " License Agreement" and click " I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click " Next", then click " Install".
5. After setup completes, click " Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main " Status" menu will appear. Select " Change state" to inactivate ' Resident Shield' and ' Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck " Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the " Update" button and click " Start update". Wait until you see the " Update succesful message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in " SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
1. Launch AVG Anti-Spyware, click on the " Scanner" button and choose the " Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the " Scan" tab to return to scanning options. 3. Click " Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click " Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate " No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on " Save Report" to view all completed scans. Click on the most recent scan you just performed and select " Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally.

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click Apply then OK.

    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin

    Please reboot.

    Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
    • Once you get to the Panda site, scroll down a bit and click on Scan your PC
    • A new window will appear; click on Check Now!
    • A new window will appear; fill in the boxes (Country, State, email addy)
    • Click on Scan Now! >
    • If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
    • From "Select a device to scan...", choose "My Computer"
    • Allow the scan to run. It'll take a while.
    • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
    • Please post that report in your next reply. Simply open the text file, then copy/paste the content here.

    • In addition, please include a fresh HJT log and the log from AVG AS.

Undertaker_282

145 Posts

November 27th, 2006 19:00

I have also removed programs such as "888 bar" and " IP Wins", which have the same date as some of the other programs that are part of this virus I guess.  I dont even know what they are so I removed them also.  There are a few other programs I have no clue about, but it doesnt give a date under it, so I just left them.
 
I have a question though:
Are all of the names you put supposed to be on the list?  I dont see any of them on it, only like 1 or 2 of them.  Also there are a few that I think you forgot to mention?  What do I do?

 

Message Edited by Undertaker_282 on 11-27-200603:39 PM

Message Edited by Undertaker_282 on 11-27-200603:41 PM

Message Edited by Undertaker_282 on 11-27-200603:41 PM

Undertaker_282

145 Posts

November 28th, 2006 22:00

AVG Log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
 + Created at: 18:45 06-11-27
 + Scan result: 
 
C:\WINDOWS\WmFpZCBIYW1kYW5p\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\WmFpZCBIYW1kYW5p\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-2382750585-97400744-4212676017-1020\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-2382750585-97400744-4212676017-1020\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-2382750585-97400744-4212676017-1020\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Documents and Settings\KAKA\Local Settings\Temp\b122.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1240\A0418248.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\WINDOWS\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1240\A0418211.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\Documents and Settings\KAKA\Desktop\OiUninstaller.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\vzbb.dll -> Adware.MegaSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1240\A0418252.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\KAKA\Local Settings\Temp\b116.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{6C711EE3-07D0-1033-0725-020402200001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{6C711EE3-07D0-1033-0725-020402200001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1239\A0418109.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1240\A0418244.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1240\A0418246.exe -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\Common Files\rzfo\rzfod\rzfoc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\QooBox\Purity\Documents and Settings\KAKA\Application Data\YSTEM~1\cmd.exe -> Downloader.PurityScan.cx : Cleaned with backup (quarantined).
C:\Documents and Settings\KAKA\Local Settings\Temp\!update.exe -> Downloader.PurityScan.da : Cleaned with backup (quarantined).
C:\Program Files\ComPlus Applications\megoqa.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Program Files\Common Files\rzfo\rzfop.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\rzfo\rzfod\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1240\A0418259.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1240\A0418260.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\Documents and Settings\KAKA\Local Settings\Temp\b103.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\Program Files\Common Files\rzfo\rzfol.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1240\A0418215.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Motive\InstallHelper.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\KAKA\Cookies\kaka@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@geosign.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@meetupcom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@solmeliahotels.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@tgn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@vitacost.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@youtube.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ads.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@as.casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@www.etracker[1].txt -> TrackingCookie.Etracker : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-accuweather.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-attworldnet.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-flextech.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-foxinteractive.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-foxsports.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-gamedaily.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-gamespot.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-ifilm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-inforspaceinc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-randomhouse.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-segaofamerica.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-sonycomputer.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-space.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-techtarget.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-verizon.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-viacom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-wizardsofthecoast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-worldwildlifefund.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg-zoom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@ehg-sonycomputer.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@c2.zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\KAKA\Cookies\kaka@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

::Report end
 

Undertaker_282

145 Posts

November 28th, 2006 22:00

Panta ActiveScan:

Incident                                                                        Status                        Location                                                                                                                                                                                                                                                       

Adware:adware/sqwire                                                            Not disinfected               c:\windows\system32\tsuninst.exe                                                                                                                                                                                                                               
Potentially unwanted tool:application/bestoffer                                 Not disinfected               c:\windows\smdat32m.sys                                                                                                                                                                                                                                        
Adware:adware/secure32                                                          Not disinfected               c:\windows\uninstDsk.exe                                                                                                                                                                                                                                       
Adware:adware/sidesearch                                                        Not disinfected               c:\program files\Lycos                                                                                                                                                                                                                                         
Potentially unwanted tool:application/myway                                     Not disinfected               c:\program files\MyWay                                                                                                                                                                                                                                         
Spyware:spyware/media-motor                                                     Not disinfected               Windows Registry                                                                                                                                                                                                                                               
Adware:adware/alfacleaner                                                       Not disinfected               Windows Registry                                                                                                                                                                                                                                               
Potentially unwanted tool:application/altnet                                    Not disinfected               hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM                                                                                                                                                                  
Spyware:Cookie/2o7                                                              Not disinfected               C:\Documents and Settings\KAKA\Cookies\kaka@2o7[2].txt                                                                                                                                                                                                         
Spyware:Cookie/YieldManager                                                     Not disinfected               C:\Documents and Settings\KAKA\Cookies\kaka@ad.yieldmanager[1].txt                                                                                                                                                                                             
Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\KAKA\Cookies\kaka@atdmt[2].txt                                                                                                                                                                                                       
Spyware:Cookie/FastClick                                                        Not disinfected               C:\Documents and Settings\KAKA\Cookies\kaka@fastclick[1].txt                                                                                                                                                                                                   
Spyware:Cookie/Mediaplex                                                        Not disinfected               C:\Documents and Settings\KAKA\Cookies\kaka@mediaplex[1].txt                                                                                                                                                                                                   
Spyware:Cookie/Atwola                                                           Not disinfected               C:\Documents and Settings\KAKA\Local Settings\Temp\Cookies\kaka@atwola[1].txt                                                                                                                                                                                  
Adware:Adware/Sqwire                                                            Not disinfected               C:\Documents and Settings\KAKA\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe                                                                                                                                                                                    
Adware:Adware/Sqwire                                                            Not disinfected               C:\Documents and Settings\KAKA\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe                                                                                                                                                                                     
Possible Virus.                                                                 Not disinfected               C:\Program Files\Internet Explorer\cdcknpro.exe                                                                                                                                                                                                                
Adware:Adware/PsGuard                                                           Not disinfected               C:\Recycled\Q330995.exe                                                                                                                                                                                                                                        
Adware:Adware/CommAd                                                            Not disinfected               C:\WINDOWS\WmFpZCBIYW1kYW5p\qAIDtF1KsqY4sqcD.vbs                                                                                                                                                                                                               

Message Edited by Undertaker_282 on 11-28-200606:06 PM

Undertaker_282

145 Posts

November 28th, 2006 22:00

Here it is.  While I was in safe mode for the AVG Scanning, this part: "Under " Possibly unwanted software" check all (default).", I couldnt scroll down so I didnt know if it was checked or not, but since you said its default, it probably was.

HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 18:26, on 06-11-28
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\KAKA\My Documents\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\KAKA\MYDOCU~1\RACLE~1\userinit.exe" -vt yazr
O4 - HKCU\..\Run: [rzfo] C:\PROGRA~1\COMMON~1\rzfo\rzfom.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136849239576
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138402583077
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)

Bugbatter

3 Apprentice

 • 

20.5K Posts

November 28th, 2006 23:00

No, not all of those programs would have been listed in Add/Remove, but I listed all just in case you had any of them.

Configure to show all files/folders:
Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
Uncheck: Hide protected operating system files
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
Exit that window.

Please launch Hijackthis and place a checkmark next to these:
R3 - Default URLSearchHook is missing
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKCU\..\Run: [rzfo] C:\PROGRA~1\COMMON~1\rzfo\rzfom.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab

If you no longer use SpySweeper, fix this one:
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Close all windows except HijackThis and click "Fix Checked".

Reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key
Use the arrow keys to highlight Safe Mode and press the Enter key.

Delete the specified files if they still exist:
c:\windows\system32\ tsuninst.exe --file
c:\windows\ smdat32m.sys --file
c:\windows\ uninstDsk.exe --file

FOLDERS to delete if they still exist:
C:\PROGRAM FILES\COMMON FILES\ rzfo --FOLDER
C:\Program Files\Internet Explorer\ cdcknpro.exe --If you do not know what this is delete this FOLDER if it still exists.

Reboot normally.
Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
Check: Hide protected operating system files
Click on Apply.

Download and scan each user profile with CCleaner:
http://www.ccleaner.com/downloadbuilds.asp
** Select to download the BASIC version.
1. Before first use, select Options > Advanced and UNCHECK
" Only delete files in Windows Temp folder older than 48 hours"
2. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies (if you want to keep those).I suggest removing them and starting fresh.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all except cookies (if you want to keep those) in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
3. Click the " Run Cleaner" button.
4. A pop up box will appear advising this process will permanently delete files from your system.
5. Click " OK" and it will scan and clean your system.
6. Click " exit" when done.
REBOOT.

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen.
Click on the Save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply in this topic.

Also, please post a fresh HijackThis log and let me know how things are running. Thanks.

Message Edited by Bugbatter on 11-28-200608:42 PM

Undertaker_282

145 Posts

November 29th, 2006 21:00

Just a few quick questions:

About the C Cleaner program.Where you say this, " Clean all entries in the "Advanced" section.", when I check them off, I get messages like your Internet Explorer locations will be reset, and your start menu will reset and stuff like that.  Is this going to delete any programs or like make me have to set homepages, internet settins all over again?
 
This is the one I'm worried about.  For User Assist History, if I check it off, it says : "This will clear the most used programs list on the XP Start menu"  Will this get rid of any programs or delte stuff that i need?
Thanks

Bugbatter

3 Apprentice

 • 

20.5K Posts

November 30th, 2006 02:00

It won't uninstall programs. It will just clean the list of recently used programs. It will delete cookies so you will have to enter them again when you go to those sites. As you can see you had quite a mess with those.

Undertaker_282

145 Posts

November 30th, 2006 22:00

If theres anything else I needed to add please let me know, but I think this is what you asked for. 

My computer is running just like it used to now, also those annoying pop-ups have stopped.  Its just that I noticed while I was browsing and I opened up a new window, and for some reason the screen was just blank and it said "done".  I tried going to the same site on the original window and the same thing happened.  This only happened like once or twice, I'll let you know if it is still occuring.

Other thank that, thanks a whole lot for all of your work, appreciate it.  Thank you.

Message Edited by Undertaker_282 on 11-30-200606:41 PM

Undertaker_282

145 Posts

November 30th, 2006 22:00

Hi JackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 19:35, on 06-11-30
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\KAKA\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\KAKA\MYDOCU~1\RACLE~1\userinit.exe" -vt yazr
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136849239576
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138402583077
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)

 

Undertaker_282

145 Posts

November 30th, 2006 22:00

This is from the HJT Uninstall part.

Ad-Aware SE Personal
Adobe Acrobat 5.0
AOL Coach Version 1.0(Build:20030807.3)
AOL Instant Messenger
AVG Anti-Spyware 7.5
AviSynth 2.5
CCleaner (remove only)
Classic PhoneTools
Click'N Burn Pro 2.0 (English)
Conexant HSF V92 56K Data Fax PCI Modem
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Dell Solution Center
Desktop Uninstall
Digital Line Detect
DivX 4.12 Codec
Download Accelerator Plus (DAP)
DVDx
Easy CD Creator 5 Basic
FIFA 2002
FileRestore
GTA3 Smart Dodo Mod
HijackThis 1.99.1
hp deskjet 640c series (Remove only)
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
HyperLoad
ImageDrive (ahead software)
Intel(R) Extreme Graphics Driver
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
LimeWire PRO 4.8.1
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player 8
MathPlayer
McAfee SecurityCenter
McAfee VirusScan
Mentor for Networking
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Encarta 96 Encyclopedia
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internet Explorer 6 SP1
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office 2000 SR-1 Premium
Microsoft Picture It! Photo 2002
Microsoft Plus! for Windows XP
Microsoft Streets and Trips 2002
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSN
MSN Add-in for Windows Messenger
MSN Messenger 6.2
MSN Messenger 7.5
MSXML 4.0 SP2 Parser and SDK
NoLimits Demo (remove only)
One-on-One Diagnostic
P2P Networking
Paint Shop Pro 7
Panda ActiveScan
PlayLinc
Pop Up Stopper and Ad Killer
QuickTime
RamBooster
RealPlayer
Rhapsody Player Engine
Roll
Shockwave
SpywareBlaster v3.5.1
Starcraft
SwiftDisc 1.67
SwiftSwitch
TargetSaver
TeamSpeak 2 RC2
Update for Windows XP (KB898461)
Verizon Broadband Toolbar
Verizon Online
Verizon Online Help and Support
Verizon Online Support Center
Video Server Wrapper Codec (remove only)
Viewpoint Media Player
Webshots Desktop
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q817606
Windows XP Service Pack 1a
Xara3D 5

 

Bugbatter

3 Apprentice

 • 

20.5K Posts

November 30th, 2006 23:00

We still have some things to address. You have some optional items that we can clean up if you would like to.

You have Viewpoint Media Player in your Add/Remove list.
Viewpoint media player is installed with AIM, AOL and a number of other products. For AOL and AIM it is needed to use their 3D icons known as Super Buddies and for customized themes, etc.
Viewpoint collects data on users who have installed the Viewpoint media player, then uses that data to target ads and content on the company's partner sites.
You may want to remove Viewpoint Media Player. It is your choice.

Have you ever used Kazaa? P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns.
I see P2P Networking in your Add/Remove as well. I'll let you decide if you want to remove it.

You are running LimeWire PRO 4.8.1
Limewire is not technically malware by itself, but it can install malware because it opens the door for any number of
worms, adware, and spyware infections when you use their network. LimeWire 4.9.28 is clean.
Older and newer versions may not be.

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088059
http://www.benedelman.org/spyware/p2p/

It's up to you, but I suggest that you uninstall Limewire.
If you decide to remove Limewire, use the uninstaller:
Open the LimeWire folder.
Double click on the Uninstall LimeWire 18c icon.
Then delete the Limewire folder if it still exists:
C:\Program Files\ LimeWire

Launch HjiackThis and place a checkmark next to this if it still exists:
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (It will probably say "no file" if it has been removed)

Close all windows except HijackThis and click "Fix Checked".
Close HijackThis.

Reboot.

Run CCleaner again.

This is not optional. It is necessary. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    It looks as if you have these two:
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 2=
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_10-windowsi586-p.exe to install the newest version.


If everything is running smoothly after that, flush System Restore so you have a clean Restore Point and can start fresh.
To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

You may have already taken some of these steps:
1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

3. Download and install the following free programs:
a. SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Tutorial here: http://www.bleepingcomputer.com/forums/tutorial49.html
b. SpywareGuard:
http://www.javacoolsoftware.com/spywareguard.html
Tutorial here: http://www.bleepingcomputer.com/tutorials/tutorial50.html
Periodically check for updates in both programs.

4. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
Note: Zone Alarm Firewall (Zone Labs) http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads
Sunbelt Kerio has a free version: http://www.kerio.com/kpf_download.html

5. You might consider installing Mozilla / Firefox.
http://www.mozilla.org/

6. Install spyware detection and removal programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.

a. Ad-aware: http://www.lavasoft.de/software/adaware/

b. SpyBot S&D: http://safer-networking.org/en/news/2005-05-31.html

I would check for updates in SpyBot once a week or so.
Check for updates in Ad-aware frequently.

If you have recently installed AVG Anti-Spyware, it is a free trial product for 30 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update it using the *update* button

7. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List.
Here is the link:
http://www.spywarewarrior.com/rogue_anti-spyware.htm


8. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/
** UNcheck the option to install the Yahoo toolbr.

9. If you use Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 7.08. It would be best to remove prior versions before updating to a new version.
Info here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
If you need additional assistance, the Adobe forums are here: http://www.adobe.com/support/forums/main.html


10. Make sure you are using the most updated version of Java.
The current version is Java Runtime Environment (JRE) 5.0 Update 10
If you need to update, remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files. You can go back here to download the latest version: http://java.sun.com/javase/downloads/index.jsp
Or here: http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html
Click the link to download the Windows (Offline Installation) package: Save it, do not run it. When the download is complete, close the browser.
Proceed with reinstalling Java. Reboot.


11. Here are some helpful articles:
"So how did I get infected in the first place?"
http://computercops.biz/postlite7736-.html

"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!

Was this post helpful?

View All

No Events found!

Top