Jump to content


Photo

MySearch problem


  • Please log in to reply
8 replies to this topic

#1 sbsd

sbsd

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 03 July 2004 - 08:52 AM

I use Windows XP with several accounts. You know in XP you can change the accounts status in two different modes - either "administrator" or "limited account" or what the translation in English is.

Well itīs like this. One of these accounts I have is a "limited account". When I do a Spybot S&D scan in that account I always find a MySearch file. And S&D canīt delete it until I restart the computer. But the MySearch file immediately appears on the Recovery list.

If I then change this accountīs status to "administator", the MySearch file disappears from the Recovery list. But if I change back the status of the account to "limited account" the MySearch file is visible on the Recovery list once again!

And another thing, Iīve done multiple scans on this account both as "administrator" and "limited account". Whenever I do the scan as "administrator", I never ever get MySearch in the scan results. But always when I change the status to "limited account" the MySearch file always show in the results.

Please help! What should I do?





Logfile of HijackThis v1.98.0
Scan saved at 21:54:51, on 2004-07-02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\F-Secure\Common\FSMA32.EXE
C:\Program\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\F-Secure\Common\FCH32.EXE
C:\Program\F-Secure\Common\FAMEH32.EXE
C:\Program\F-Secure\Common\FSGK32.EXE
C:\Program\F-Secure\Common\FNRB32.EXE
C:\Program\F-Secure\Anti-Virus\fsav32.exe
C:\Program\F-Secure\Common\FIH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\D-Tools\daemon.exe
C:\program\Quicktime\qttask.exe
D:\Program\Real\RealPlayer\RealPlay.exe
C:\verktyg\telia\LFConnectionKeeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
D:\antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "D:\Program\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\program\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] D:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [LF Connection Keeper] C:\verktyg\telia\LFConnectionKeeper.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.8.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt....x/regdload.cab

#2 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 03 July 2004 - 09:15 AM

One MAJOR problem you have is you are several Critical Updates behind from Windows Updates..these are very important to patching your system and keeping Sasser and other baddies off of your computer. Go to Windows Update and get all CRITICAL Updates.

Press Ctrl+Alt+Del and 'end task' on any of the follow that are present

Put a check next to these in hijackthis:
O4 - HKCU\..\Run: [LF Connection Keeper] C:\verktyg\telia\LFConnectionKeeper.exe <-------- Not a lot of info on this; but it could be legit; are you familiar with this and did you install it?? If so do NOT mark for removal

O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office\OSA9.EXE <---Optional but Highly recommended to remove not needed at start and huge resource hog
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.8.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt....x/regdload.cab
THEN WITH ALL OTHER WINDOWS CLOSED ,press "Fix".


Make sure you are set to Show Hidden Files and Folders and delete the following files/folders:-
Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)
[*]C:\Windows\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\
[*]Empty your "Recycle Bin"



If you already have Ad-Aware use the setting in the 'speech' below..and make sure it's updated.
Now download Ad-Aware at http://www.lavasoftu...pport/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
- On the main AdAware screen hit the Check for Updates, hit the 'Connect' key; it will then connect, check for then ask if you want to download latest Ref. files (if one is available), accept. Once downloaded hit "Finish" (Green Checkmark)

Now do the following:

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys. Click 'Next' again
Right-click in that pane and choose "select all"

If it finds "bad" files and registry keys, press "Next" again
It will ask you whether you'd like to remove all checked items. Click OK.

Finally, close Ad-Aware, and reboot.

Then Reboot and post a fresh log back to this thread.
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004

#3 sbsd

sbsd

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 03 July 2004 - 03:39 PM

First of all - Thank you so much.

I did what you asked mostly and have posted my new log at the end of this post. I just have a few questions before.

First of all I couldnīt download and install all Critical Updates, but I have installed all those I could.

Second of all I didnīt really understand what you meant by this:
"Press Ctrl+Alt+Del and 'end task' on any of the follow that are present"
There were only this Internet Explorer window in that list.

LFConnection is nothing bad, I am familiar with it. But I wondered about this:
O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office\OSA9.EXE
What is it really? If I check it and fix it with HiJackThis, will Microsoft Word, Excel, PowerPoint etc work after that?

I also have a question about C:\Windows\Temp\. You told me to delete everything in that folder. There was a folder named Cookies in it, should I have deleted that folder to?
Also in the Temporary Internet Files folders, there were folders like Cookies etc, I deleted those, was that correct?

The next thing I wonder about is this - All other user profiles, except mine, had a folder named Content.IE5 in their Temporary Internet Files folder. I didnīt dare to delete it? Should I? That folders size was like 100MB BIG.

At last I did the Ad-Aware scan, but Ad-Aware didnīt find any problems.

I didnīt though understand exactly what scan mode you wanted me to scan with. I selected "Use custom scanning options" as this is what I figured you were meaning, but I got confused because you also said:

"Press "Select drives\folders to scan"
- Select the active partition which is usually C:"

But if one chose to scan by scan mode "Use custom scanning options", then the "Select drives\folders to scan" doesnīt really matter right? But I did change it to C: as you said though :)

Just have another quick question. What are these two?:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

and

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab









Logfile of HijackThis v1.98.0
Scan saved at 22:15:26, on 2004-07-03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\D-Tools\daemon.exe
C:\program\Quicktime\qttask.exe
D:\Program\Real\RealPlayer\RealPlay.exe
C:\verktyg\telia\LFConnectionKeeper.exe
C:\Program\F-Secure\Common\FSMA32.EXE
C:\Program\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\F-Secure\Common\FCH32.EXE
C:\Program\F-Secure\Common\FAMEH32.EXE
C:\Program\F-Secure\Common\FSGK32.EXE
C:\Program\F-Secure\Common\FNRB32.EXE
C:\Program\F-Secure\Common\FIH32.EXE
C:\Program\F-Secure\Anti-Virus\fsav32.exe
D:\antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "D:\Program\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\program\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] D:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [LF Connection Keeper] C:\verktyg\telia\LFConnectionKeeper.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab

#4 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 03 July 2004 - 08:19 PM

First of all - Thank you so much.

I did what you asked mostly and have posted my new log at the end of this post. I just have a few questions before.

First of all I couldnīt download and install all Critical Updates, but I have installed all those I could.

What happens when you try to do the rest?????

Second of all I didnīt really understand what you meant by this:
"Press Ctrl+Alt+Del and 'end task' on any of the follow that are present"
There were only this Internet Explorer window in that list.

Were you running in safe mode????The list of" Running Proceses" should be seen. 

LFConnection is nothing bad, I am familiar with it.
I figured as much.

But I wondered about this:
O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office\OSA9.EXE

What is it really? If I check it and fix it with HiJackThis, will Microsoft Word, Excel, PowerPoint etc work after that?

It's just an UN-NEEDED entry at start-up.  Yes all Office proggies will be fine; just meant to save your initial resources.

I also have a question about C:\Windows\Temp\. You told me to delete everything in that folder. There was a folder named Cookies in it, should I have deleted that folder to?

Yes

Also in the Temporary Internet Files folders, there were folders like Cookies etc, I deleted those, was that correct?

Yes

The next thing I wonder about is this - All other user profiles, except mine, had a folder named Content.IE5 in their Temporary Internet Files folder. I didnīt dare to delete it? Should I?
Absoutly
That folders size was like 100MB BIG.

Good now you have that much disk space extra

At last I did the Ad-Aware scan, but Ad-Aware didnīt find any problems.

That's OK
I didnīt though understand exactly what scan mode you wanted me to scan with. I selected  "Use custom scanning options" as this is what I figured you were meaning, but I got confused because you also said:

"Press "Select drives\folders to scan"
- Select the active partition which is usually C:"

But if one chose to scan by scan mode "Use custom scanning options", then the "Select drives\folders to scan" doesnīt really matter right? But I did change it to C: as you said though :)
These are the important settings for AdAware
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
and
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Just have another quick question. What are these two?:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
Just an extra button that only shows up in the new version of HJT
No worry; just ignore

and

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab

Just a media player.  You can check and remove ANY 016 entry; if your computer needs it in the future it wil get it again...I only recommend deleting ALL 016 if you have Broadband or DSL.






I replied inline in your questions look in the "quoted" above for answers to your questions.

The rest if your log looks.........Great

Congratulations, your log is clean.

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.

More info and download is available at link in my signature

And also see TonyKlein's good advice in
So how did I get infected in the first place?
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004

#5 sbsd

sbsd

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 04 July 2004 - 05:01 AM

Oh, it is fixed already? Simple as that? :)

Thanks, can I just bother you a little more :)

I wonder if Paltalk is a bad program, my dad uses it, I know itīs a chat program, but not if it has any viruses or parasites?


Also
On Add or Remove Programs I have something called "Search Assistant - My Search" that is 9,34 MB in size.
If I try to remove it, a warning message pops up and say (donīt know the exact translation to English, but anyway):

"It wasnīt possible to read C:\MyWay\SrchAstt\1.bin\mysrchas.dll
The mentioned module canīt be found"

To the case I can say that I have deleted the C:\MyWay folder to the Recycle Bin a long time ago. At the same time I also deleted another MyWay related program at the Add or Remove Programs. Anyway what I want to know most is how to remove "Search Assistant - My Search" from Add or Remove Programs?

Third question:
What happens now to my internet cookies when I have deleted the folder named Cookies in Temporary Internet Files? I didnīt just delete the files in Cookies, but I deleted the Cookies folder itself.

Thank you for your great help!

Edited by sbsd, 04 July 2004 - 05:03 AM.


#6 sbsd

sbsd

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 04 July 2004 - 05:29 AM

Bad news :(
I just did a Spybot S&D scan on that limited account I have and it found MySearch again, and once again I couldnīt delete it until restart.

I saved a log. Here it is, but I just wonder - is it dangerous to put out this information?
MySearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}

#7 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 04 July 2004 - 01:58 PM

Can you post a HJT log from the "limited account"??

is it dangerous to put out this information? <------ Not at all, no useable/personaly identifiable info is contained in the log's....most you can disclose is you IP
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004

#8 sbsd

sbsd

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 04 July 2004 - 07:01 PM

That log on MySearch was saved from Spybot S&D, but that is also not dangerous to put out?

Anyway, hereīs the hijackthis log from the limited account:

Logfile of HijackThis v1.98.0
Scan saved at 01:56:47, on 2004-07-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\D-Tools\daemon.exe
C:\program\Quicktime\qttask.exe
D:\Program\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\ctfmon.exe
C:\verktyg\telia\LFConnectionKeeper.exe
D:\antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "D:\Program\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\program\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] D:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LF Connection Keeper] C:\verktyg\telia\LFConnectionKeeper.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab

#9 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 06 July 2004 - 07:09 AM

Nothing in that log to be concerned about...For what it's worth MySearch is not technically "Malware" althought many pple treat it as such..If you are still finding traces of it re-run updated Ad-Aware; make sure to change the settings to those in the example of my 1st post....then Go here download Spybot S&D. Install Spybot, close all other windows and run it. [b]ALWAYS[b] use the search for update button when you first open Spybot. Let Spybot download and install any updates it finds..Now you are ready to click the Check for problems button. Let Spybot fix any entries marked in RED
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button