• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Dostalgia

mysearchnow + dotcomtoolbar

21 posts in this topic

I have this problem with mysearchnow and www.dotcomtoolbar.com tt keeps changing my homepage to someother shitz like searchnow2.com or searchweb2.com...

 

and the worst thing is... i think i have sooo much spyware tt the spyware are "challenging" one another to replace my damm homepage !

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 11:52:59 PM, on 09-Jul-04

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\TrayIcon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Customizer XP\RAMIdle.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\ahead\InCD\InCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\windows\redirect7.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Messenger Plus! 2\MsgPlus.exe

C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe

C:\WINDOWS\System32\msstart.exe

C:\WINDOWS\System32\rundll32.exe

C:\My Files\Kazaa Lite\KazaaLite.kpp

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\ICQ\ICQ.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Winamp\winamp.exe

D:\My Files\mirc\mirc32.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

D:\My Files\mirc5.8\Mirc32.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

H:\HijackThis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Watch for Browser Events - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\iCapture.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Borepingfast - {E9C74B0E-EF33-D7DE-0DBC-AC0EC2CA3A83} - C:\PROGRA~1\LOUDTY~1\corn stop.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe

O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [Face plus] C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe

O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe

O4 - HKLM\..\Run: [KAZAA] "C:\My Files\Kazaa Lite\kpp.exe" "C:\My Files\Kazaa Lite\KazaaLite.kpp" /SYSTRAY

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://free.aol.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab

O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/combat_medic/CMonline.dll

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28177.cab

Edited by Dostalgia

Share this post


Link to post
Share on other sites

Tick the boxes next to all these, then close all browser and explorer windows, and tell HijackThis to "Fix checked". Then Reboot.

 

O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe

O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe

 

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab

 

this one is optional - harmless resource hog -

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

After fix and reboot, delete these files:

C:\windows\easywww2.exe

C:\WINDOWS\System32\msstart.exe

Share this post


Link to post
Share on other sites

here is the log after doing what u had posted ::

 

 

Logfile of HijackThis v1.98.0

Scan saved at 12:29:58 AM, on 10-Jul-04

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\TrayIcon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Customizer XP\RAMIdle.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\ahead\InCD\InCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\windows\redirect7.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Messenger Plus! 2\MsgPlus.exe

C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe

C:\WINDOWS\System32\rundll32.exe

C:\My Files\Kazaa Lite\KazaaLite.kpp

C:\Program Files\ICQ\ICQ.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\My Files\mirc\mirc32.exe

D:\My Files\mirc5.8\Mirc32.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

H:\HijackThis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Watch for Browser Events - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\iCapture.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Borepingfast - {E9C74B0E-EF33-D7DE-0DBC-AC0EC2CA3A83} - C:\PROGRA~1\LOUDTY~1\corn stop.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [Face plus] C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe

O4 - HKLM\..\Run: [KAZAA] "C:\My Files\Kazaa Lite\kpp.exe" "C:\My Files\Kazaa Lite\KazaaLite.kpp" /SYSTRAY

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://free.aol.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab

O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/combat_medic/CMonline.dll

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28177.cab

Share this post


Link to post
Share on other sites

Download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe

 

Install the program and launch it.

 

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

 

Next, we need to configure Ad-aware for a full scan.

 

icon11.gif Click on the Gear icon (second from the left) to access the preferences/settings window

  • In the General window make sure the following are selected:
    • Automatically save log-file
    • Automatically quarantine objects prior to removal
    • Safe Mode (always request confirmation)

    [*]Click on the Scanning button on the left and select :

    • Scan Within Archives
    • Scan Active Processes
    • Scan Registry
    • Deep Scan Registry
    • Scan my IE favorites for banned URL’s
    • Scan my Hosts file
    • Under Click here to select drives + folders, choose:
      • All of your hard drives

icon11.gif Click on the Advanced button on the left and select:

  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details

icon11.gif Click the Tweak button and select:

  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile

    [*]Under the Cleaning Engine:

    • Let Windows remove files in use at next reboot

icon11.gif Click on Proceed to save the settings.

 

icon11.gif Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page, and then choose:

  • Use Custom Scanning Options

icon11.gif Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

 

icon11.gif Save the log file when it asks and then click Finish

 

icon11.gif When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

 

icon11.gifReboot your computer.

Share this post


Link to post
Share on other sites

thx for ur help... but then again there is URL tt keep hijacking my homepage even after trying wad u mentioned!

 

 

the URL is : www.searchweb2.com...

 

 

sigh :/

Share this post


Link to post
Share on other sites

Please post a new log now that you have done the Ad-Aware fixes and rebooted.

Share this post


Link to post
Share on other sites

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :13 July, 2004 11:18:36 PM

Created with Ad-aware Personal, free for private use.

Using reference-file :01R332 12.07.2004

______________________________________________________

 

Reffile status:

=========================

Reference file loaded:

Reference Number : 01R217 08.09.2003

Internal build : 107

File location : H:\Program Files\Lavasoft\Ad-aware 6\reflist.ref

Total size : 574398 Bytes

Signature data size : 563299 Bytes

Reference data size : 11035 Bytes

Signatures total : 12937

Target categories : 10

Target families : 267

13-Jul-04 11:15:16 PM Performing Webupdate...

 

Installing Update...

Reference file loaded:

Reference Number : 01R332 12.07.2004

Internal build : 264

File location : H:\Program Files\Lavasoft\Ad-aware 6\reflist.ref

Total size : 1304680 Bytes

Signature data size : 1283888 Bytes

Reference data size : 20728 Bytes

Signatures total : 28484

Target categories : 10

Target families : 520

 

13-Jul-04 11:15:32 PM Success.

Update successfully downlodaded and installed.

 

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium IV

Memory available:69 %

Total physical memory:785904 kb

Available physical memory:534844 kb

Total page file size:1137576 kb

Available on page file:900724 kb

Total virtual memory:2097024 kb

Available virtual memory:2028908 kb

OS:

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-aware Settings

=========================

Set : Unload recognized processes during scanning

Set : Include basic Ad-aware settings in logfile

Set : Include additional Ad-aware settings in logfile

Set : Let windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Always back up reference file, before updating

Set : Play sound if scan produced a result

 

 

13-Jul-04 11:18:37 PM - Scan started. (Custom mode)

 

Listing running processes



 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 13-Jul-04 2:10:46 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 13-Jul-04 2:10:51 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 13-Jul-04 2:10:52 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 13-Jul-04 2:10:52 PM

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft? Windows? Operating System

Created on : 18-Aug-01 4:00:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 18-Aug-01 4:00:00 AM

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 13-Jul-04 2:10:52 PM

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft? Windows? Operating System

Created on : 18-Aug-01 4:00:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 28-Aug-02 7:41:26 PM

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 13-Jul-04 2:10:52 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft? Windows? Operating System

Created on : 18-Aug-01 4:00:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 18-Aug-01 4:00:00 AM

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 13-Jul-04 2:10:52 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft? Windows? Operating System

Created on : 18-Aug-01 4:00:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 18-Aug-01 4:00:00 AM

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 13-Jul-04 2:10:53 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft? Windows? Operating System

Created on : 18-Aug-01 4:00:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 18-Aug-01 4:00:00 AM

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 13-Jul-04 2:10:55 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft? Windows? Operating System

Created on : 18-Aug-01 4:00:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 18-Aug-01 4:00:00 AM

 

#:10 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 13-Jul-04 2:10:56 PM

BasePriority : Normal

FileSize : 980 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft? Windows? Operating System

Created on : 06-Oct-02 2:11:31 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 28-Aug-02 7:41:24 PM

 

#:11 [ctfmon.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 13-Jul-04 2:10:56 PM

BasePriority : Normal

FileSize : 13 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

OriginalFilename : CTFMON.EXE

ProductName : Microsoft? Windows? Operating System

Created on : 06-Oct-02 2:11:08 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 28-Aug-02 7:41:22 PM

 

#:12 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 13-Jul-04 2:10:56 PM

BasePriority : Normal

FileSize : 50 KB

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

ProductName : Microsoft? Windows? Operating System

Created on : 18-Aug-01 4:00:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 18-Aug-01 4:00:00 AM

 

#:13 [trayicon.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 13-Jul-04 2:10:57 PM

BasePriority : Normal

FileSize : 144 KB

FileVersion : 1, 5, 0, 0

ProductVersion : 1, 5, 0, 0

Copyright : Copyright © 2001 ABIT Computer Corporation

FileDescription : Display Tray Icon Application

InternalName : DisplayTrayIcon

OriginalFilename : TrayIcon.EXE

ProductName : ABIT Siluro Display Card DisplayTrayIcon Application

Created on : 09-Sep-02 6:47:05 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 16-Oct-01 10:27:40 PM

 

#:14 [soundman.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 13-Jul-04 2:10:57 PM

BasePriority : Normal

FileSize : 45 KB

FileVersion : 5.0

ProductVersion : 5.0

Copyright : Copyright © 2001 Avance Logic, Inc.

CompanyName : Avance Logic, Inc.

FileDescription : Avance Sound Manager

InternalName : ALSMTray

OriginalFilename : ALSMTray.exe

ProductName : Avance Sound Manager

Created on : 09-Sep-02 7:02:02 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 20-Mar-02 11:23:32 AM

 

#:15 [avgcc32.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG6\

ThreadCreationTime : 13-Jul-04 2:10:57 PM

BasePriority : Normal

FileSize : 337 KB

FileVersion : 6, 0, 0, 515

ProductVersion : 6, 0, 0, 0

Copyright : Copyright ? 2003 GRISOFT s.r.o.

CompanyName : GRISOFT s.r.o.

FileDescription : AVG Control Center

InternalName : AvgCC32

OriginalFilename : AvgCC32.EXE

ProductName : AVG Anti-Virus System

Created on : 13-May-04 2:49:17 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 13-May-04 2:49:18 PM

 

#:16 [ramidle.exe]

FilePath : C:\Program Files\Customizer XP\

ThreadCreationTime : 13-Jul-04 2:10:57 PM

BasePriority : Normal

FileSize : 102 KB

Created on : 10-Jun-02 12:11:27 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 10-Jun-02 12:11:28 PM

 

#:17 [adusermon.exe]

FilePath : C:\Program Files\Iomega\AutoDisk\

ThreadCreationTime : 13-Jul-04 2:10:58 PM

BasePriority : Normal

FileSize : 104 KB

FileVersion : 3,0,0,7

ProductVersion : 3,0,0,7

Copyright : Copyright ? 2001

CompanyName : Iomega Corporation

FileDescription : Active Disk User Monitor

InternalName : ADUserMon

OriginalFilename : ADUserMon.exe

ProductName : Iomega Active Disk

Created on : 24-Jan-02 8:11:16 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 24-Jan-02 8:11:18 AM

 

#:18 [imgicon.exe]

FilePath : C:\Program Files\Iomega\DriveIcons\

ThreadCreationTime : 13-Jul-04 2:10:58 PM

BasePriority : Normal

FileSize : 56 KB

FileVersion : 6, 3, 0, 33

ProductVersion : 6, 3, 0, 33

Copyright : 6.3, Copyright ? 2001 Iomega Corporation

CompanyName : Iomega Corp.

FileDescription : IMGICON

InternalName : IMGICON

OriginalFilename : IMGICON.exe

ProductName : Iomega Corp. IMGICON 6.3

Created on : 20-Nov-01 2:33:30 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 20-Nov-01 3:08:56 AM

 

#:19 [incd.exe]

FilePath : C:\Program Files\ahead\InCD\

ThreadCreationTime : 13-Jul-04 2:10:58 PM

BasePriority : Normal

FileSize : 1012 KB

FileVersion : 3.31.0

ProductVersion : 3.31.0

Copyright : Copyright © ahead software gmbh and its licensors

CompanyName : Copyright © ahead software gmbh and its licensors

FileDescription : InCD CD-RW UDF Tools

InternalName : InCD

OriginalFilename : InCD.EXE

ProductName : InCD

Created on : 10-Sep-02 9:01:42 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 10-Sep-02 9:01:38 AM

 

#:20 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ThreadCreationTime : 13-Jul-04 2:10:58 PM

BasePriority : Normal

FileSize : 148 KB

FileVersion : 0.1.0.1622

ProductVersion : 0.1.0.1622

Copyright : Copyright ? RealNetworks, Inc. 1995-2002

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

OriginalFilename : realsched.exe

ProductName : RealOne Player (32-bit)

Created on : 14-Sep-02 5:36:46 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 30-Mar-03 7:28:56 PM

 

#:21 [amoumain.exe]

FilePath : C:\PROGRA~1\A4Tech\Mouse\

ThreadCreationTime : 13-Jul-04 2:10:58 PM

BasePriority : Normal

FileSize : 144 KB

FileVersion : 7.42.0.0

ProductVersion : 7.42.0.0

Copyright : Copyright ? A4Tech Co.,Ltd. 1999-2003

CompanyName : A4Tech Co.,Ltd.

FileDescription : Amoumain

InternalName : Amoumain

OriginalFilename : Amoumain.exe

ProductName : A4Tech iWheelWorks Mouse Driver

Created on : 17-Jul-03 4:53:16 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 17-Jul-03 4:53:16 PM

 

#:22 [ezsp_px.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 13-Jul-04 2:10:58 PM

BasePriority : Normal

FileSize : 40 KB

FileVersion : 1, 0, 0, 0

ProductVersion : 1, 0, 0, 0

Copyright : Copyright © 2002 Easy Systems Japan Ltd.

CompanyName : Easy Systems Japan Ltd.

FileDescription : ezSP_Px MFC Application

InternalName : ezSP_Px

OriginalFilename : ezSP_Px.EXE

ProductName : ezSP_Px Application

Created on : 02-Jul-03 8:38:04 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 20-Aug-02 2:29:26 AM

 

#:23 [redirect7.exe]

FilePath : C:\windows\

ThreadCreationTime : 13-Jul-04 2:10:58 PM

BasePriority : Normal

FileSize : 56 KB

FileVersion : 1.00

ProductVersion : 1.00

CompanyName : ???

InternalName : redirect7

OriginalFilename : redirect7.exe

ProductName : Project1

Created on : 08-Mar-04 1:44:23 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 08-Mar-04 1:44:28 PM

 

#:24 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ThreadCreationTime : 13-Jul-04 2:10:58 PM

BasePriority : Normal

FileSize : 96 KB

FileVersion : 6.5

ProductVersion : QuickTime 6.5

Copyright : ? Apple Computer, Inc. 2001-2004

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

OriginalFilename : QTTask.exe

ProductName : QuickTime

Created on : 29-May-03 6:35:14 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 26-Jan-04 2:10:22 PM

 

#:25 [msgplus.exe]

FilePath : C:\Program Files\Messenger Plus! 2\

ThreadCreationTime : 13-Jul-04 2:10:58 PM

BasePriority : Normal

FileSize : 136 KB

FileVersion : 2, 54, 0, 74

ProductVersion : 2, 54, 0, 74

Copyright : Copyright © 2001-2003

CompanyName : Patchou

FileDescription : Messenger Plus!

InternalName : MsgPlus

OriginalFilename : MsgPlus.exe

ProductName : Messenger Plus! 2

Created on : 24-Feb-04 3:09:03 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 06-May-04 2:09:44 PM

 

#:26 [math balm soft.exe]

FilePath : C:\PROGRA~1\SPAMTH~1\

ThreadCreationTime : 13-Jul-04 2:10:58 PM

BasePriority : Normal

FileSize : 188 KB

Created on : 06-May-04 2:09:56 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 02-Jun-04 3:48:00 AM

 

#:27 [rundll32.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 13-Jul-04 2:10:59 PM

BasePriority : Normal

FileSize : 31 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

OriginalFilename : RUNDLL.EXE

ProductName : Microsoft? Windows? Operating System

Created on : 18-Aug-01 4:00:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 18-Aug-01 4:00:00 AM

 

#:28 [kazaalite.kpp]

FilePath : C:\My Files\Kazaa Lite\

ThreadCreationTime : 13-Jul-04 2:10:59 PM

BasePriority : Normal

FileSize : 2182 KB

Created on : 16-Jul-03 10:19:52 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 16-Jul-03 10:19:52 AM

 

#:29 [msnmsgr.exe]

FilePath : C:\Program Files\MSN Messenger\

ThreadCreationTime : 13-Jul-04 2:10:59 PM

BasePriority : Normal

FileSize : 4572 KB

FileVersion : 6.1.0211

ProductVersion : Version 6.1

Copyright : Copyright © Microsoft Corporation 1997-2003

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msnmsgr

OriginalFilename : msnmsgr.exe

ProductName : Messenger

Created on : 04-Mar-04 7:01:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 04-Mar-04 7:01:00 AM

 

#:30 [wzqkpick.exe]

FilePath : C:\Program Files\WinZip\

ThreadCreationTime : 13-Jul-04 2:11:00 PM

BasePriority : Normal

FileSize : 104 KB

FileVersion : 1.0 (32-bit)

ProductVersion : 8.1 (4319)

Copyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved

CompanyName : WinZip Computing, Inc.

FileDescription : WinZip Executable

InternalName : WZQKPICK.EXE

OriginalFilename : WZQKPICK.EXE

ProductName : WinZip

Created on : 10-Sep-02 4:52:27 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 27-Nov-01 12:10:00 AM

 

#:31 [icq.exe]

FilePath : C:\Program Files\ICQ\

ThreadCreationTime : 13-Jul-04 2:11:02 PM

BasePriority : Normal

FileSize : 2006 KB

FileVersion : 2002a Beta

ProductVersion : 2002a Beta

Copyright : Copyright ? 1996 - 2002 ICQ Inc. All Rights Reserved.

CompanyName : ICQ Inc.

FileDescription : ICQ

InternalName : ICQ

OriginalFilename : ICQ.exe

ProductName : ICQ

Created on : 10-Sep-02 1:16:46 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 18-Jun-02 10:22:56 PM

 

#:32 [avgserv.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG6\

ThreadCreationTime : 13-Jul-04 2:11:03 PM

BasePriority : Normal

FileSize : 20 KB

FileVersion : 6.0.1.9

ProductVersion : 6.0.1.9

Copyright : Copyright © GRISOFT© SOFTWARE 1998-2001

CompanyName : GRISOFT© SOFTWARE s.r.o

FileDescription : AvgServ - displays notification message

InternalName : AvgServ

OriginalFilename : AvgServ

ProductName : AVG6

Created on : 13-May-04 2:49:17 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 13-May-04 2:49:18 PM

 

#:33 [cdantsrv.exe]

FilePath : C:\WINDOWS\System32\DRIVERS\

ThreadCreationTime : 13-Jul-04 2:11:03 PM

BasePriority : Normal

FileSize : 31 KB

FileVersion : 3.24.0

ProductVersion : 3.24.0 Windows NT 2001/07/03

Copyright : Copyright © Macrovision 1993-2001

CompanyName : C-Dilla Ltd

FileDescription : C-Dilla RTS Service

InternalName : CDANTSRV

OriginalFilename : CDANTSRV.EXE

ProductName : CD-Secure/CD-Compress Windows NT

Created on : 12-Dec-01 2:37:14 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 12-Dec-01 2:37:14 AM

 

#:34 [appservices.exe]

FilePath : C:\PROGRA~1\Iomega\System32\

ThreadCreationTime : 13-Jul-04 2:11:03 PM

BasePriority : Normal

FileSize : 72 KB

FileVersion : 2, 0, 1, 0

ProductVersion : 2, 0, 1, 0

Copyright : Copyright ? 2000

CompanyName : Iomega Corporation

FileDescription : AppServices

InternalName : AppServices

OriginalFilename : AppService.exe

ProductName : Iomega App Services

Created on : 24-Jan-02 2:37:20 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 13-Jan-02 11:49:38 PM

 

#:35 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 13-Jul-04 2:11:04 PM

BasePriority : Normal

FileSize : 31 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

OriginalFilename : RUNDLL.EXE

ProductName : Microsoft? Windows? Operating System

Created on : 18-Aug-01 4:00:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 18-Aug-01 4:00:00 AM

 

#:36 [mdm.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\

ThreadCreationTime : 13-Jul-04 2:11:08 PM

BasePriority : Normal

FileSize : 264 KB

FileVersion : 7.00.9064.9150

ProductVersion : 7.00.9064.9150

Copyright : Copyright © Microsoft Corp. 1997-2000

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

OriginalFilename : mdm.exe

ProductName : Microsoft Development Environment

Created on : 23-Feb-01 2:07:30 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 23-Feb-01 2:07:30 AM

 

#:37 [nvsvc32.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 13-Jul-04 2:11:09 PM

BasePriority : Normal

FileSize : 60 KB

FileVersion : 6.13.10.3082

ProductVersion : 6.13.10.3082

Copyright : © NVIDIA Corporation. All rights reserved.

CompanyName : NVIDIA Corporation

FileDescription : NVIDIA Driver Helper Service, Version 30.82

InternalName : NVSVC

OriginalFilename : nvsvc32.exe

ProductName : NVIDIA Driver Helper Service, Version 30.82

Created on : 16-Jul-02 4:16:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 16-Jul-02 4:16:00 AM

 

#:38 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 13-Jul-04 2:11:11 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft? Windows? Operating System

Created on : 18-Aug-01 4:00:00 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 18-Aug-01 4:00:00 AM

 

#:39 [adservice.exe]

FilePath : C:\Program Files\Iomega\AutoDisk\

ThreadCreationTime : 13-Jul-04 2:11:11 PM

BasePriority : Normal

FileSize : 124 KB

FileVersion : 3,0,0,7

ProductVersion : 3,0,0,7

Copyright : Copyright ? 2001

CompanyName : Iomega Corporation

FileDescription : Active Disk Service

InternalName : ADService

OriginalFilename : ADService.exe

ProductName : Iomega Active Disk

Created on : 24-Jan-02 8:10:39 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 24-Jan-02 8:10:40 AM

 

#:40 [rnathchk.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ThreadCreationTime : 13-Jul-04 2:30:59 PM

BasePriority : Normal

FileSize : 56 KB

FileVersion : 7.0.0.1176

ProductVersion : 7.0.0.1176

Copyright : Copyright ? RealNetworks, Inc. 1995-2002

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks ATH Check App

InternalName : rnathchk

OriginalFilename : rnathchk.EXE

ProductName : RealOne Player (32-bit)

Created on : 14-Sep-02 5:36:46 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 30-Mar-03 7:28:56 PM

 

#:41 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ThreadCreationTime : 13-Jul-04 2:52:39 PM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft? Windows? Operating System

Created on : 06-Oct-02 2:12:17 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 28-Aug-02 7:41:26 PM

 

#:42 [ad-aware.exe]

FilePath : H:\Program Files\Lavasoft\Ad-aware 6\

ThreadCreationTime : 13-Jul-04 3:14:07 PM

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright ? Lavasoft Sweden

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 13-Jul-04 3:13:51 PM

Last accessed : 13-Jul-04 3:13:51 PM

Last modified : 12-Jul-03 2:00:20 PM

 

#:43 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ThreadCreationTime : 13-Jul-04 3:14:50 PM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

Copyright : ? Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft? Windows? Operating System

Created on : 06-Oct-02 2:12:17 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 28-Aug-02 7:41:26 PM

 

Memory scan result :



New objects : 0

Objects found so far: 0

 

 

Started registry scan



 

istbar.dotcomToolbar Object recognized!

Type : RegKey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CURRENT_USER

Object : Software\DotComToolbar

 

 

istbar.dotcomToolbar Object recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "redirect"

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value : redirect

 

 

UKVideo2 Dialer Object recognized!

Type : RegValue

Data :

Category : Malware

Comment : UKVideo2

Rootkey : HKEY_CURRENT_USER

Object : SOFTWARE\Comsoft

Value : ClientID

 

 

Registry scan result :



New objects : 3

Objects found so far: 3

 

 

Started deep registry scan



Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Search_URLabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Category : Malware

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Default_Search_URL

Data : "about:blank"

 

 

Deep registry scan result :



New objects : 1

Objects found so far: 4

 

 

Deep scanning and examining files (C:)



 

istbar.dotcomToolbar Object recognized!

Type : File

Data : redirect5.exe

Category : Data Miner

Comment :

Object : C:\WINDOWS\

FileSize : 36 KB

FileVersion : 1.00

ProductVersion : 1.00

CompanyName : ???

InternalName : redirect5

OriginalFilename : redirect5.exe

ProductName : Project1

Created on : 01-Jan-04 7:09:51 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 26-Jan-04 1:48:52 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@hitbox[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

 

Created on : 14-Jan-04 2:45:44 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 05-Mar-04 5:37:32 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@ehg-dig.hitbox[2].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

FileSize : 1 KB

Created on : 05-Mar-04 5:37:30 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 05-Mar-04 5:37:32 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@adrevolver[2].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

 

Created on : 05-Mar-04 4:40:24 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 05-Mar-04 4:44:34 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@atdmt[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

 

Created on : 14-Jan-04 4:46:26 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 4:46:28 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@servedby.advertising[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

 

Created on : 14-Jan-04 4:46:27 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 4:46:28 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@advertising[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

 

Created on : 14-Jan-04 4:46:27 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 4:46:28 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@redeye.willhill[2].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

 

Created on : 14-Jan-04 3:10:22 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 5:00:32 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@tribalfusion[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

 

Created on : 14-Jan-04 5:01:03 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 5:01:04 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@revenue[2].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

 

Created on : 14-Jan-04 5:07:30 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 5:07:32 PM

 

 

 

Lop Object recognized!

Type : File

Data : pch15f.exe

Category : Malware

Comment :

Object : C:\Documents and Settings\ctx\Local Settings\Temp\

FileSize : 228 KB

Created on : 15-May-04 7:37:20 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 15-May-04 7:37:22 AM

 

 

 

Lop Object recognized!

Type : File

Data : rem165.exe

Category : Malware

Comment :

Object : C:\Documents and Settings\ctx\Local Settings\Temp\

FileSize : 231 KB

Created on : 06-May-04 2:09:53 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 06-May-04 2:09:54 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@tribalfusion[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Cookies\

 

Created on : 13-Jul-04 3:15:33 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 13-Jul-04 3:15:34 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@statcounter[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Cookies\

 

Created on : 26-May-04 4:50:55 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 26-May-04 4:50:56 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@cgi-bin[2].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Cookies\

 

Created on : 01-Jul-04 3:20:43 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 01-Jul-04 3:20:44 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@cgi-bin[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Cookies\

 

Created on : 20-Jun-04 5:39:35 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 20-Jun-04 5:39:36 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@adrevolver[2].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Cookies\

 

Created on : 29-Jun-04 3:05:14 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 29-Jun-04 3:07:10 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@promo.match[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Cookies\

 

Created on : 12-Jul-04 2:08:31 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 12-Jul-04 2:08:32 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@lop[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Cookies\

 

Created on : 13-Jul-04 3:14:55 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 13-Jul-04 3:14:56 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@revenue[2].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Cookies\

 

Created on : 13-Jul-04 3:14:55 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 13-Jul-04 3:15:00 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@realmedia[1].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Cookies\

 

Created on : 13-Jul-04 3:15:33 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 13-Jul-04 3:15:34 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@redeye.willhill[2].txt

Category : Data Miner

Comment :

Object : C:\Documents and Settings\ctx\Cookies\

 

Created on : 29-Jun-04 2:15:37 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 29-Jun-04 2:15:38 PM

 

 

 

CoolWebSearch Object recognized!

Type : File

Data : archive.jar-14e4bd35-2eaaa39f.zip

Category : Malware

Comment : Object "BlackBox.class" found in this archive.

Object : C:\Documents and Settings\ctx\.jpi_cache\jar\1.0\

FileSize : 28 KB

Created on : 22-Jun-03 5:40:26 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 22-Jun-03 5:40:28 PM

 

 

Object "BlackBox.class" found in this archive.

 

CoolWebSearch Object recognized!

Type : File

Data : archive.jar-27b6d965-40bd8692.zip

Category : Malware

Comment : Object "BlackBox.class" found in this archive.

Object : C:\Documents and Settings\ctx\.jpi_cache\jar\1.0\

FileSize : 28 KB

Created on : 01-Jan-04 7:09:30 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 01-Jan-04 7:09:32 AM

 

 

Object "BlackBox.class" found in this archive.

 

Lop Object recognized!

Type : File

Data : 16029.exe

Category : Malware

Comment :

Object : C:\Program Files\Loud type\

FileSize : 55 KB

Created on : 02-Jun-04 3:48:09 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 02-Jun-04 3:48:10 AM

 

 

 

Lop Object recognized!

Type : File

Data : 16449.exe

Category : Malware

Comment :

Object : C:\Program Files\Loud type\

FileSize : 55 KB

Created on : 13-Jun-04 1:56:28 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 13-Jun-04 1:56:30 PM

 

 

 

Lop Object recognized!

Type : File

Data : a0915932.exe

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\

FileSize : 244 KB

Created on : 24-Feb-04 3:09:47 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 24-Feb-04 3:15:52 PM

 

 

 

Lop Object recognized!

Type : File

Data : a0915933.dll

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\

FileSize : 32 KB

Created on : 24-Feb-04 3:15:44 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 24-Feb-04 3:15:46 PM

 

 

 

VX2 Object recognized!

Type : File

Data : a0915934.ini

Category : Data Miner

Comment :

Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\

FileSize : 224 KB

Created on : 25-Apr-04 12:51:04 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 12-Dec-03 12:45:14 AM

 

 

 

VX2 Object recognized!

Type : File

Data : a0915938.dll

Category : Data Miner

Comment :

Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\

FileSize : 136 KB

FileVersion : 0, 1, 4, 19

ProductVersion : 0, 1, 4, 19

Copyright : Copyright ? 2003

CompanyName : Twain Tech

FileDescription : www.twain-tech.com

InternalName : Twaintec

OriginalFilename : Twaintec.dll

ProductName : Twaintec

Created on : 25-Apr-04 12:48:13 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 11-Feb-04 9:30:52 AM

 

 

 

VX2 Object recognized!

Type : File

Data : a0915939.exe

Category : Data Miner

Comment :

Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\

FileSize : 32 KB

Created on : 25-Apr-04 12:48:13 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 11-Feb-04 9:30:50 AM

 

 

 

Lop Object recognized!

Type : File

Data : a0915941.exe

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\

FileSize : 58 KB

Created on : 15-May-04 7:37:12 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 15-May-04 7:37:14 AM

 

 

 

VX2 Object recognized!

Type : File

Data : a0916010.exe

Category : Data Miner

Comment :

Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\

FileSize : 170 KB

Created on : 25-Apr-04 12:48:03 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 25-Apr-04 12:48:08 PM

 

 

 

Disk scan result for C:\



New objects : 0

Objects found so far: 37

 

 

Deep scanning and examining files (D:)



 

Disk scan result for D:\



New objects : 0

Objects found so far: 37

 

 

Deep scanning and examining files (H:)



 

Disk scan result for H:\



New objects : 0

Objects found so far: 37

 

Possible Browser Hijack attempt Object recognized!

Type : File

Data : free aol & unlimited internet.url

Category : Misc

Comment : Item referrs to blacklisted Site: http://free.aol.com/tryaolfree/index.adp?350218

Object : C:\Documents and Settings\ctx\Favorites\Links\

 

Created on : 30-Mar-03 7:29:27 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 30-Mar-03 7:29:28 PM

 

 

 

 

Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)



 

Hosts file scan result:



1 entries scanned.

New objects :0

Objects found so far: 38

 

 

 

 

Performing conditional scans..



 

istbar.dotcomToolbar Object recognized!

Type : File

Data : redirect7.exe

Category : Data Miner

Comment :

Object : c:\windows\

FileSize : 56 KB

FileVersion : 1.00

ProductVersion : 1.00

CompanyName : ???

InternalName : redirect7

OriginalFilename : redirect7.exe

ProductName : Project1

Created on : 08-Mar-04 1:44:23 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 08-Mar-04 1:44:28 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@hitbox[1].txt

Category : Data Miner

Comment :

Object : c:\docume~1\ctx\locals~1\temp\Cookies\

 

Created on : 14-Jan-04 2:45:44 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 05-Mar-04 5:37:32 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@ehg-dig.hitbox[2].txt

Category : Data Miner

Comment :

Object : c:\docume~1\ctx\locals~1\temp\Cookies\

FileSize : 1 KB

Created on : 05-Mar-04 5:37:30 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 05-Mar-04 5:37:32 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@adrevolver[2].txt

Category : Data Miner

Comment :

Object : c:\docume~1\ctx\locals~1\temp\Cookies\

 

Created on : 05-Mar-04 4:40:24 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 05-Mar-04 4:44:34 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@atdmt[1].txt

Category : Data Miner

Comment :

Object : c:\docume~1\ctx\locals~1\temp\Cookies\

 

Created on : 14-Jan-04 4:46:26 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 4:46:28 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@servedby.advertising[1].txt

Category : Data Miner

Comment :

Object : c:\docume~1\ctx\locals~1\temp\Cookies\

 

Created on : 14-Jan-04 4:46:27 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 4:46:28 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@advertising[1].txt

Category : Data Miner

Comment :

Object : c:\docume~1\ctx\locals~1\temp\Cookies\

 

Created on : 14-Jan-04 4:46:27 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 4:46:28 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@redeye.willhill[2].txt

Category : Data Miner

Comment :

Object : c:\docume~1\ctx\locals~1\temp\Cookies\

 

Created on : 14-Jan-04 3:10:22 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 5:00:32 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@tribalfusion[1].txt

Category : Data Miner

Comment :

Object : c:\docume~1\ctx\locals~1\temp\Cookies\

 

Created on : 14-Jan-04 5:01:03 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 5:01:04 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : ctx@revenue[2].txt

Category : Data Miner

Comment :

Object : c:\docume~1\ctx\locals~1\temp\Cookies\

 

Created on : 14-Jan-04 5:07:30 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 14-Jan-04 5:07:32 PM

 

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

Value : ITBarLayout

 

 

CoolWebSearch Object recognized!

Type : File

Data : hosts

Category : Malware

Comment :

Object : c:\windows\

 

Created on : 01-Jan-04 7:09:50 AM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 18-Apr-04 10:36:52 PM

 

 

 

VX2 Object recognized!

Type : File

Data : bit16b.tmp

Category : Data Miner

Comment :

Object : c:\docume~1\ctx\locals~1\temp\

FileSize : 5122 KB

FileVersion : 4.71.1015.0

ProductVersion : 4.71.1015.0

Copyright : Copyright © Microsoft Corp. 1995

CompanyName : Microsoft Corporation

FileDescription : Win32 Cabinet Self-Extractor

InternalName : Wextract

OriginalFilename : WEXTRACT.EXE

ProductName : Microsoft® Windows NT® Operating System

Created on : 01-Jun-04 5:52:40 PM

Last accessed : 12-Jul-04 4:00:00 PM

Last modified : 01-Jun-04 5:52:40 PM

 

 

 

Conditional scan result:



New objects : 13

Objects found so far: 51

 

 

11:30:35 PM Scan complete

 

Summary of this scan



Total scanning time :00:11:58:234

Objects scanned :188570

Objects identified :51

Objects ignored :0

New objects :51

Share this post


Link to post
Share on other sites

there is this website searchweb2.com tt keeps hijacking my homepage... if not for spy sweeper i will hv to keep reloading my homepage

Share this post


Link to post
Share on other sites

this is the log for hijackthis after the adware scan

 

 

Logfile of HijackThis v1.98.0

Scan saved at 12:52:55 AM, on 15-Jul-04

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\TrayIcon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Customizer XP\RAMIdle.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\ahead\InCD\InCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Messenger Plus! 2\MsgPlus.exe

C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\rundll32.exe

C:\My Files\Kazaa Lite\KazaaLite.kpp

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\ICQ\ICQ.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

H:\HijackThis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Watch for Browser Events - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\iCapture.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [Face plus] C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe

O4 - HKLM\..\Run: [KAZAA] "C:\My Files\Kazaa Lite\kpp.exe" "C:\My Files\Kazaa Lite\KazaaLite.kpp" /SYSTRAY

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://free.aol.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab

O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/combat_medic/CMonline.dll

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28177.cab

Share this post


Link to post
Share on other sites

When you ran Ad-Aware, did you let it quarantine and remove the objects it found?

Share this post


Link to post
Share on other sites

Quoting dolphins:

The following are all Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word.

 

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

Tick and fix those if not actually using them. However you seem to have other Japanese-related things so they are probably needed.

 

Fix. You don't need AOL to be in your trusted zone.

O15 - Trusted Zone: http://free.aol.com

 

Fix this.

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab

 

I don't see any hijack. Will ask an Expert to have a look.

Share this post


Link to post
Share on other sites

TonyKlein points out that you have lop.

Tick and fix this one:

O4 - HKLM\..\Run: [Face plus] C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe

 

Reboot.

 

Do Start->Run and enter cmd

In the DOS window that opens, enter deltree /y C:\PROGRA~1\SPAMTH~1\

to delete that whole folder.

Share this post


Link to post
Share on other sites

Here is the Logfile from hijack this after doing what u hv said... but i encounter a problem while do the CMD command that says :: " 'deltree' is nto recognised as an internal or external command, operable program or batch file"

 

hey i would liek to thank u for help me once again :) really appreciate it ^^

 

 

Logfile of HijackThis v1.98.0

Scan saved at 1:27:33 AM, on 20-Jul-04

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\TrayIcon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Customizer XP\RAMIdle.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\ahead\InCD\InCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Messenger Plus! 2\MsgPlus.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\rundll32.exe

C:\My Files\Kazaa Lite\KazaaLite.kpp

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\ICQ\ICQ.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\System32\conime.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

H:\HijackThis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Watch for Browser Events - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\iCapture.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [KAZAA] "C:\My Files\Kazaa Lite\kpp.exe" "C:\My Files\Kazaa Lite\KazaaLite.kpp" /SYSTRAY

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/combat_medic/CMonline.dll

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28177.cab

Share this post


Link to post
Share on other sites

In Explorer (My Computer) go to c:\Program Files. Look for a folder whose name begins with "Spamth" - see if you can delete it.

 

Does your hijack problem seem to be fixed?

Share this post


Link to post
Share on other sites

it seems ok so far :)

 

i have manage to delete the spamth, the name for the folder was "spamthatteam" it contained a program tt was removed earlier so i removed it :)

 

 

really appriciate all the help u had given :) thx lots ! ^^

Share this post


Link to post
Share on other sites

Glad we could help, Dostalgia. :)

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0