Unsolved
This post is more than 5 years old
9 Posts
0
771
May 1st, 2006 15:00
Red dot with white x
This red dot kept poping up saying I had spyware... but when I clicked it nothing happened. So I did the Hijack This thing and am here to post my results so I can find out what is safe to get rid of...
Logfile of HijackThis v1.99.1
Scan saved at 12:02:36 PM, on 5/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Scan saved at 12:02:36 PM, on 5/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1140641979\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\termcaps.exe
C:\winstall.exe
C:\Documents and Settings\Marl\Start Menu\Programs\Startup\Adobe Gamma Loader.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Password book\pass32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1140641979\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\termcaps.exe
C:\winstall.exe
C:\Documents and Settings\Marl\Start Menu\Programs\Startup\Adobe Gamma Loader.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Password book\pass32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.yieldmanager.com/iframe3?AAAAADMyAAAO2AAAdmgAAAAAAAAAAP8AAP...wECAAIoPwAAgKIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG27VFKb8h5AMzMzMzMzIkAFz846ARsmQAAAAAAAACpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4aFkJTlpigAn7Mn1ka00TCDKu1LCUH0LQyaDcQAAAAA=,
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ticont.MyBHO - {2520BA45-3D97-4864-82FF-F47F951727BA} - C:\WINDOWS\System32\ticont.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: tisa.MyBHO - {9B053E00-78D3-47AE-B763-60FF36FF2886} - C:\WINDOWS\System32\tisa.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140641979\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [termcaps] C:\WINDOWS\System32\termcaps.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [termcaps] C:\WINDOWS\System32\termcaps.exe
O4 - HKCU\..\Run: [termcaps] C:\WINDOWS\System32\termcaps.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140371172304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144944555945
O16 - DPF: {EF98AF7B-1F54-4079-91BC-3996DEABA45A} - http://www.cursorcafe.com/bin/cursorcafe.cab
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.yieldmanager.com/iframe3?AAAAADMyAAAO2AAAdmgAAAAAAAAAAP8AAP...wECAAIoPwAAgKIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG27VFKb8h5AMzMzMzMzIkAFz846ARsmQAAAAAAAACpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4aFkJTlpigAn7Mn1ka00TCDKu1LCUH0LQyaDcQAAAAA=,
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ticont.MyBHO - {2520BA45-3D97-4864-82FF-F47F951727BA} - C:\WINDOWS\System32\ticont.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: tisa.MyBHO - {9B053E00-78D3-47AE-B763-60FF36FF2886} - C:\WINDOWS\System32\tisa.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140641979\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [termcaps] C:\WINDOWS\System32\termcaps.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [termcaps] C:\WINDOWS\System32\termcaps.exe
O4 - HKCU\..\Run: [termcaps] C:\WINDOWS\System32\termcaps.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140371172304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144944555945
O16 - DPF: {EF98AF7B-1F54-4079-91BC-3996DEABA45A} - http://www.cursorcafe.com/bin/cursorcafe.cab
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Please help me!
thanks
0 events found
No Events found!
zbestwun2001
4 Apprentice
•
8.8K Posts
0
May 1st, 2006 21:00
Double click on the file to extract it to it's own folder on the desktop.
er.
Place a shortcut to Panda ActiveScan on your desktop.
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!
Next, please reboot your computer in SafeMode by doing the following:
Run HiJackThis then:
1. Click " Config..."
2. Click " Misc Tools"
3. Click " Open Process manager"
Next, while holding down the CTRL key, locate ( if present) and click on ( highlight) each of the following:
C:\winstall.exe
Now double-check and make sure that only those item(s) above are highlighted, then click " Kill process". Now, click " Refresh", check again, and repeat this step if any remain.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.yieldmanager.com/iframe3?AAAAADMyAAAO2AAAdmgAAAAAAAAAAP8AAP...wECAAIoPwAAgKIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG27VFKb8h5AMzMzMzMzIkAFz846ARsmQAAAAAAAACpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4aFkJTlpigAn7Mn1ka00TCDKu1LCUH0LQyaDcQAAAAA=,
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: ticont.MyBHO - {2520BA45-3D97-4864-82FF-F47F951727BA} - C:\WINDOWS\System32\ticont.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: tisa.MyBHO - {9B053E00-78D3-47AE-B763-60FF36FF2886} - C:\WINDOWS\System32\tisa.dll
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
folders...
C:\Program Files\Need2Find
files...
C:\winstall.exe
C:\WINDOWS\System32\ticont.dll
C:\WINDOWS\System32\tisa.dll
C:\WINDOWS\SYSTEM32\msupdate32.dll
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Exit Explorer
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- NOTE: During some scans with ewido it is finding cases of false positives.
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
Close EwidoNext go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck " Security Info" if present.
Reboot back into Windows and click the Panda ActiveScan shortcut.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt, the contents of the two text folders from running SpyAxeFix.bat and the Ewido Log by using Add Reply.
Let us know if any problems persists.
Steve
momzzzzz
9 Posts
0
May 3rd, 2006 00:00
+ Report-Checksum: 9623CC30
C:\HijackThis\backups\backup-20060502-161212-166.dll -> Adware.Azesearch : Ignored
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : Error during cleaning
C:\ann.exe -> Downloader.Small.cpg : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\msupdate32.dll -> Backdoor.Delf.aml : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SitePager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SitePager\SitePagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SitePager\SitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@need2find[2].txt -> TrackingCookie.Need2find : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Alan\Local Settings\Temp\Del13.tmp -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\Q9SBG3KL\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@need2find[2].txt -> TrackingCookie.Need2find : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Marl\Local Settings\Temporary Internet Files\Content.IE5\4TIJ8XMZ\termdat[1].exe -> Proxy.Small.bo : Cleaned with backup
C:\Documents and Settings\Marl\Local Settings\Temporary Internet Files\Content.IE5\W9MN0DER\index1[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\Documents and Settings\Marl\Local Settings\Temporary Internet Files\Content.IE5\W9MN0DER\n[1].exe -> Downloader.Small.cpg : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-47723671-668a4a61.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Error during cleaning
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-47723671-668a4a61.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@need2find[2].txt -> TrackingCookie.Need2find : Cleaned with backup
C:\Program Files\filesubmit\myblueheaventh.zip\NNEZTA388.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\filesubmit\myblueheaventh.zip\TBEZA127Q.exe -> Adware.Quick : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\QuickSearch\__delete_on_reboot__QuickSearchBar1_27.dll -> Adware.Quick : Cleaned with backup
C:\Program Files\TrustIn Bar\trustin.dll -> Adware.Azesearch : Cleaned with backup
C:\Program Files\TrustIn Contextual\uninstall.exe -> Adware.Azesearch : Cleaned with backup
C:\Program Files\TrustIn Search\uninstall.exe -> Adware.Azesearch : Cleaned with backup
::Report End
momzzzzz
9 Posts
0
May 3rd, 2006 00:00
+ Report-Checksum: 9623CC30
C:\HijackThis\backups\backup-20060502-161212-166.dll -> Adware.Azesearch : Ignored
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : Error during cleaning
C:\ann.exe -> Downloader.Small.cpg : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\msupdate32.dll -> Backdoor.Delf.aml : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SitePager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SitePager\SitePagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\SitePager\SitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@need2find[2].txt -> TrackingCookie.Need2find : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Alan\Cookies\alan@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Alan\Local Settings\Temp\Del13.tmp -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\Q9SBG3KL\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@need2find[2].txt -> TrackingCookie.Need2find : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Marl\Cookies\marl@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Marl\Local Settings\Temporary Internet Files\Content.IE5\4TIJ8XMZ\termdat[1].exe -> Proxy.Small.bo : Cleaned with backup
C:\Documents and Settings\Marl\Local Settings\Temporary Internet Files\Content.IE5\W9MN0DER\index1[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\Documents and Settings\Marl\Local Settings\Temporary Internet Files\Content.IE5\W9MN0DER\n[1].exe -> Downloader.Small.cpg : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-47723671-668a4a61.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Error during cleaning
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-47723671-668a4a61.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@need2find[2].txt -> TrackingCookie.Need2find : Cleaned with backup
C:\Program Files\filesubmit\myblueheaventh.zip\NNEZTA388.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\filesubmit\myblueheaventh.zip\TBEZA127Q.exe -> Adware.Quick : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\QuickSearch\__delete_on_reboot__QuickSearchBar1_27.dll -> Adware.Quick : Cleaned with backup
C:\Program Files\TrustIn Bar\trustin.dll -> Adware.Azesearch : Cleaned with backup
C:\Program Files\TrustIn Contextual\uninstall.exe -> Adware.Azesearch : Cleaned with backup
C:\Program Files\TrustIn Search\uninstall.exe -> Adware.Azesearch : Cleaned with backup
momzzzzz
9 Posts
0
May 3rd, 2006 00:00
+ Report-Checksum: 9623CC30
C:\RECYCLER\NPROTECT\00925125.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00925126.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925127.TXT -> TrackingCookie.Atdmt : Error during cleaning
C:\RECYCLER\NPROTECT\00925129.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925130.TXT -> TrackingCookie.Com : Cleaned with backup
C:\RECYCLER\NPROTECT\00925131.TXT -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00925132.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00925133.TXT -> TrackingCookie.Findwhat : Cleaned with backup
C:\RECYCLER\NPROTECT\00925134.TXT -> TrackingCookie.Hotlog : Cleaned with backup
C:\RECYCLER\NPROTECT\00925135.TXT -> TrackingCookie.Mediaplex : Cleaned with backup
C:\RECYCLER\NPROTECT\00925136.TXT -> TrackingCookie.Onestat : Cleaned with backup
C:\RECYCLER\NPROTECT\00925137.TXT -> TrackingCookie.Pointroll : Cleaned with backup
C:\RECYCLER\NPROTECT\00925138.TXT -> TrackingCookie.Questionmarket : Cleaned with backup
C:\RECYCLER\NPROTECT\00925140.TXT -> TrackingCookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00925141.TXT -> TrackingCookie.Spylog : Cleaned with backup
C:\RECYCLER\NPROTECT\00925142.TXT -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\NPROTECT\00925143.TXT -> TrackingCookie.Zedo : Cleaned with backup
C:\RECYCLER\NPROTECT\00925145.TXT -> TrackingCookie.Zedo : Cleaned with backup
C:\RECYCLER\NPROTECT\00925146.TXT -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\NPROTECT\00925149.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925150.TXT -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\RECYCLER\NPROTECT\00925151.TXT -> TrackingCookie.Specificclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00925154.TXT -> TrackingCookie.Questionmarket : Cleaned with backup
C:\RECYCLER\NPROTECT\00925155.TXT -> TrackingCookie.Pointroll : Cleaned with backup
C:\RECYCLER\NPROTECT\00925156.TXT -> TrackingCookie.Mediaplex : Cleaned with backup
C:\RECYCLER\NPROTECT\00925157.TXT -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00925158.TXT -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00925159.TXT -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00925160.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00925161.TXT -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00925162.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925163.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925164.TXT -> TrackingCookie.Bluestreak : Cleaned with backup
C:\RECYCLER\NPROTECT\00925167.TXT -> TrackingCookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\00925168.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925169.TXT -> TrackingCookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\00925171.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00925172.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00925440.TXT -> TrackingCookie.Need2find : Cleaned with backup
C:\RECYCLER\NPROTECT\00925446.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925485.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00925486.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00925487.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925488.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925491.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925492.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925493.TXT -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00925494.TXT -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00925787.TXT -> TrackingCookie.Need2find : Cleaned with backup
C:\RECYCLER\NPROTECT\00925816.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925818.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925819.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925822.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925823.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925824.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925825.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925826.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925827.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925828.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925829.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925830.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925831.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925832.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925836.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925837.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925838.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925839.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925840.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925841.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925842.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925843.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925844.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925845.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925846.TXT -> TrackingCookie.Bluestreak : Cleaned with backup
C:\RECYCLER\NPROTECT\00925866.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925868.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925871.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925873.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925874.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925875.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925877.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925878.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925879.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925880.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925881.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925882.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925883.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925884.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925885.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925893.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925894.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925895.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925896.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925897.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925898.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00925912.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00925919.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925920.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925921.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925923.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00925924.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925925.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925926.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925941.TXT -> TrackingCookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\00925942.TXT -> TrackingCookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\00925945.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925946.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925947.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925948.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925949.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925953.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00925960.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00925961.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00925971.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925972.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925974.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00925980.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925981.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925982.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925983.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925984.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925991.TXT -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00925992.TXT -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00925994.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925995.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00925997.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925998.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00925999.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926006.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926007.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926008.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926020.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00926021.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00926027.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926028.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926029.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926031.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00926036.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00926047.TXT -> TrackingCookie.Valuead : Cleaned with backup
C:\RECYCLER\NPROTECT\00926048.TXT -> TrackingCookie.Valuead : Cleaned with backup
C:\RECYCLER\NPROTECT\00926049.TXT -> TrackingCookie.Valuead : Cleaned with backup
C:\RECYCLER\NPROTECT\00926050.TXT -> TrackingCookie.Valuead : Cleaned with backup
C:\RECYCLER\NPROTECT\00926051.TXT -> TrackingCookie.Valuead : Cleaned with backup
C:\RECYCLER\NPROTECT\00926058.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926060.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926061.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926063.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00926066.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00926067.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00926069.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00926070.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00926073.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926074.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926075.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00926700.TXT -> TrackingCookie.Need2find : Cleaned with backup
C:\RECYCLER\NPROTECT\00926868.exe -> Proxy.Small.bo : Cleaned with backup
C:\RECYCLER\NPROTECT\00927017.EXE -> Trojan.VB.ami : Cleaned with backup
C:\RECYCLER\NPROTECT\00927074.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00927075.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00927090.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00927091.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\TheMatrixHasYou.exe -> Proxy.Small.bo : Cleaned with backup
C:\WINDOWS\system32\ticads.exe -> Adware.Azesearch : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__termcaps.exe -> Proxy.Small.bo : Cleaned with backup
::Report End
momzzzzz
9 Posts
0
May 3rd, 2006 00:00
Incident Status Location
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\dftm.exe
smitRem � log file
version 2.8
Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 05/02/2006
The current time is: 16:26:02.34
C:\Documents and Settings\Marl\My Documents\anti spyware\Panda ActiveScan\smitRem
Copyright(C) 2006 BleepingComputer.com
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~ Program Files ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 740 'explorer.exe'
Copyright(C) 2006 BleepingComputer.com
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Program Files ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
momzzzzz
9 Posts
0
May 3rd, 2006 00:00
Scan saved at 8:53:24 PM, on 5/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1140641979\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Marl\My Documents\anti spyware\ewido\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Marl\My Documents\anti spyware\ewido\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\Marl\My Documents\anti spyware\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140641979\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [termcaps] C:\WINDOWS\System32\termcaps.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140371172304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144944555945
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF98AF7B-1F54-4079-91BC-3996DEABA45A} - http://www.cursorcafe.com/bin/cursorcafe.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Marl\My Documents\anti spyware\ewido\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Marl\My Documents\anti spyware\ewido\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
zbestwun2001
4 Apprentice
•
8.8K Posts
0
May 3rd, 2006 12:00
Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix.
When we're done cleaning off your system, i'd recommend that you install all the critical windows updates available from Microsoft, upto service pack 1. This will help to make your system more secure and prevent many ' problems' from reoccuring in the future.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.yieldmanager.com/iframe3?AAAAADMyAAAO2AAAdmgAAAAAAAAAAP8AAP...wECAAIoPwAAgKIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG27VFKb8h5AMzMzMzMzIkAFz846ARsmQAAAAAAAACpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4aFkJTlpigAn7Mn1ka00TCDKu1LCUH0LQyaDcQAAAAA=,
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing)
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll (file missing)
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
files...
C:\winstall.exe
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode"
Reboot normally and post back a new log.
Steve.
zbestwun2001
4 Apprentice
•
8.8K Posts
0
May 4th, 2006 13:00
-
Run HiJackThis and click " Scan", then check(tick) the following, if present:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
Now, with all windows closed except HiJackThis, click " Fix checked".
Reboot normally and post back a new log.
Steve.
momzzzzz
9 Posts
0
May 4th, 2006 13:00
Thank you so much!
My problem is fixed!
here is the last Hijack This log. But none of the things you said to look for were there.
Logfile of HijackThis v1.99.1
Scan saved at 10:06:04 AM, on 5/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140641979\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140371172304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144944555945
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF98AF7B-1F54-4079-91BC-3996DEABA45A} - http://www.cursorcafe.com/bin/cursorcafe.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Marl\My Documents\anti spyware\ewido\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Marl\My Documents\anti spyware\ewido\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
ty, Marl