Jump to content


Photo

mysearchnow + dotcomtoolbar


  • This topic is locked This topic is locked
20 replies to this topic

#1 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 09 July 2004 - 10:15 AM

I have this problem with mysearchnow and www.dotcomtoolbar.com tt keeps changing my homepage to someother shitz like searchnow2.com or searchweb2.com...

and the worst thing is... i think i have sooo much spyware tt the spyware are "challenging" one another to replace my damm homepage !

#2 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 09 July 2004 - 10:29 AM

Logfile of HijackThis v1.98.0
Scan saved at 11:52:59 PM, on 09-Jul-04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Customizer XP\RAMIdle.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\windows\redirect7.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe
C:\WINDOWS\System32\msstart.exe
C:\WINDOWS\System32\rundll32.exe
C:\My Files\Kazaa Lite\KazaaLite.kpp
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Winamp\winamp.exe
D:\My Files\mirc\mirc32.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\My Files\mirc5.8\Mirc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Watch for Browser Events - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\iCapture.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Borepingfast - {E9C74B0E-EF33-D7DE-0DBC-AC0EC2CA3A83} - C:\PROGRA~1\LOUDTY~1\corn stop.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Face plus] C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe
O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe
O4 - HKLM\..\Run: [KAZAA] "C:\My Files\Kazaa Lite\kpp.exe" "C:\My Files\Kazaa Lite\KazaaLite.kpp" /SYSTRAY
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28177.cab
O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyo...m/joyonpack.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.nor...c/bin/cabsa.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave...ic/CMonline.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28177.cab

Edited by Dostalgia, 09 July 2004 - 10:53 AM.


#3 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 09 July 2004 - 10:46 AM

i forgot to add... that there is this chinese URL tt keep poping up from time to time as well..

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 July 2004 - 11:06 AM

Tick the boxes next to all these, then close all browser and explorer windows, and tell HijackThis to "Fix checked". Then Reboot.

O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe
O4 - HKLM\..\Run: [msstart] C:\WINDOWS\System32\msstart.exe

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab

this one is optional - harmless resource hog -
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

After fix and reboot, delete these files:
C:\windows\easywww2.exe
C:\WINDOWS\System32\msstart.exe

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 09 July 2004 - 11:30 AM

here is the log after doing what u had posted ::


Logfile of HijackThis v1.98.0
Scan saved at 12:29:58 AM, on 10-Jul-04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Customizer XP\RAMIdle.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\windows\redirect7.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe
C:\WINDOWS\System32\rundll32.exe
C:\My Files\Kazaa Lite\KazaaLite.kpp
C:\Program Files\ICQ\ICQ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\My Files\mirc\mirc32.exe
D:\My Files\mirc5.8\Mirc32.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Watch for Browser Events - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\iCapture.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Borepingfast - {E9C74B0E-EF33-D7DE-0DBC-AC0EC2CA3A83} - C:\PROGRA~1\LOUDTY~1\corn stop.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Face plus] C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe
O4 - HKLM\..\Run: [KAZAA] "C:\My Files\Kazaa Lite\kpp.exe" "C:\My Files\Kazaa Lite\KazaaLite.kpp" /SYSTRAY
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28177.cab
O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyo...m/joyonpack.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.nor...c/bin/cabsa.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave...ic/CMonline.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28177.cab

#6 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 12 July 2004 - 11:00 AM

can any1 help? iz not fixed yet :/

#7 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 July 2004 - 11:15 AM

Download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

Posted Image Click on the Gear icon (second from the left) to access the preferences/settings window
  • In the General window make sure the following are selected:
    • Automatically save log-file
    • Automatically quarantine objects prior to removal
    • Safe Mode (always request confirmation)
  • Click on the Scanning button on the left and select :
    • Scan Within Archives
    • Scan Active Processes
    • Scan Registry
    • Deep Scan Registry
    • Scan my IE favorites for banned URL’s
    • Scan my Hosts file
    • Under Click here to select drives + folders, choose:
    • All of your hard drives
Posted Image Click on the Advanced button on the left and select:
  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details
Posted Image Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
Posted Image Click on Proceed to save the settings.

Posted Image Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page, and then choose:
  • Use Custom Scanning Options
Posted Image Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

Posted Image Save the log file when it asks and then click Finish

Posted Image When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Posted Image Reboot your computer.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#8 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 13 July 2004 - 10:58 AM

thx for ur help... but then again there is URL tt keep hijacking my homepage even after trying wad u mentioned!


the URL is : www.searchweb2.com...


sigh :/

#9 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 July 2004 - 11:02 AM

Please post a new log now that you have done the Ad-Aware fixes and rebooted.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#10 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 14 July 2004 - 11:50 AM

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :13 July, 2004 11:18:36 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R332 12.07.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R217 08.09.2003
Internal build : 107
File location : H:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 574398 Bytes
Signature data size : 563299 Bytes
Reference data size : 11035 Bytes
Signatures total : 12937
Target categories : 10
Target families : 267
13-Jul-04 11:15:16 PM Performing Webupdate...

Installing Update...
Reference file loaded:
Reference Number : 01R332 12.07.2004
Internal build : 264
File location : H:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1304680 Bytes
Signature data size : 1283888 Bytes
Reference data size : 20728 Bytes
Signatures total : 28484
Target categories : 10
Target families : 520

13-Jul-04 11:15:32 PM Success.
Update successfully downlodaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:69 %
Total physical memory:785904 kb
Available physical memory:534844 kb
Total page file size:1137576 kb
Available on page file:900724 kb
Total virtual memory:2097024 kb
Available virtual memory:2028908 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


13-Jul-04 11:18:37 PM - Scan started. (Custom mode)

Listing running processes


#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 13-Jul-04 2:10:46 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 13-Jul-04 2:10:51 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 13-Jul-04 2:10:52 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-Jul-04 2:10:52 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft? Windows? Operating System
Created on : 18-Aug-01 4:00:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 18-Aug-01 4:00:00 AM

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-Jul-04 2:10:52 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft? Windows? Operating System
Created on : 18-Aug-01 4:00:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 28-Aug-02 7:41:26 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-Jul-04 2:10:52 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft? Windows? Operating System
Created on : 18-Aug-01 4:00:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 18-Aug-01 4:00:00 AM

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-Jul-04 2:10:52 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft? Windows? Operating System
Created on : 18-Aug-01 4:00:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 18-Aug-01 4:00:00 AM

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-Jul-04 2:10:53 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft? Windows? Operating System
Created on : 18-Aug-01 4:00:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 18-Aug-01 4:00:00 AM

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-Jul-04 2:10:55 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft? Windows? Operating System
Created on : 18-Aug-01 4:00:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 18-Aug-01 4:00:00 AM

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 13-Jul-04 2:10:56 PM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft? Windows? Operating System
Created on : 06-Oct-02 2:11:31 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 28-Aug-02 7:41:24 PM

#:11 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-Jul-04 2:10:56 PM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft? Windows? Operating System
Created on : 06-Oct-02 2:11:08 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 28-Aug-02 7:41:22 PM

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-Jul-04 2:10:56 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft? Windows? Operating System
Created on : 18-Aug-01 4:00:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 18-Aug-01 4:00:00 AM

#:13 [trayicon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-Jul-04 2:10:57 PM
BasePriority : Normal
FileSize : 144 KB
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
Copyright : Copyright © 2001 ABIT Computer Corporation
FileDescription : Display Tray Icon Application
InternalName : DisplayTrayIcon
OriginalFilename : TrayIcon.EXE
ProductName : ABIT Siluro Display Card DisplayTrayIcon Application
Created on : 09-Sep-02 6:47:05 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 16-Oct-01 10:27:40 PM

#:14 [soundman.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 13-Jul-04 2:10:57 PM
BasePriority : Normal
FileSize : 45 KB
FileVersion : 5.0
ProductVersion : 5.0
Copyright : Copyright © 2001 Avance Logic, Inc.
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Manager
InternalName : ALSMTray
OriginalFilename : ALSMTray.exe
ProductName : Avance Sound Manager
Created on : 09-Sep-02 7:02:02 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 20-Mar-02 11:23:32 AM

#:15 [avgcc32.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG6\
ThreadCreationTime : 13-Jul-04 2:10:57 PM
BasePriority : Normal
FileSize : 337 KB
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
Copyright : Copyright ? 2003 GRISOFT s.r.o.
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
OriginalFilename : AvgCC32.EXE
ProductName : AVG Anti-Virus System
Created on : 13-May-04 2:49:17 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 13-May-04 2:49:18 PM

#:16 [ramidle.exe]
FilePath : C:\Program Files\Customizer XP\
ThreadCreationTime : 13-Jul-04 2:10:57 PM
BasePriority : Normal
FileSize : 102 KB
Created on : 10-Jun-02 12:11:27 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 10-Jun-02 12:11:28 PM

#:17 [adusermon.exe]
FilePath : C:\Program Files\Iomega\AutoDisk\
ThreadCreationTime : 13-Jul-04 2:10:58 PM
BasePriority : Normal
FileSize : 104 KB
FileVersion : 3,0,0,7
ProductVersion : 3,0,0,7
Copyright : Copyright ? 2001
CompanyName : Iomega Corporation
FileDescription : Active Disk User Monitor
InternalName : ADUserMon
OriginalFilename : ADUserMon.exe
ProductName : Iomega Active Disk
Created on : 24-Jan-02 8:11:16 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 24-Jan-02 8:11:18 AM

#:18 [imgicon.exe]
FilePath : C:\Program Files\Iomega\DriveIcons\
ThreadCreationTime : 13-Jul-04 2:10:58 PM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 6, 3, 0, 33
ProductVersion : 6, 3, 0, 33
Copyright : 6.3, Copyright ? 2001 Iomega Corporation
CompanyName : Iomega Corp.
FileDescription : IMGICON
InternalName : IMGICON
OriginalFilename : IMGICON.exe
ProductName : Iomega Corp. IMGICON 6.3
Created on : 20-Nov-01 2:33:30 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 20-Nov-01 3:08:56 AM

#:19 [incd.exe]
FilePath : C:\Program Files\ahead\InCD\
ThreadCreationTime : 13-Jul-04 2:10:58 PM
BasePriority : Normal
FileSize : 1012 KB
FileVersion : 3.31.0
ProductVersion : 3.31.0
Copyright : Copyright © ahead software gmbh and its licensors
CompanyName : Copyright © ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
OriginalFilename : InCD.EXE
ProductName : InCD
Created on : 10-Sep-02 9:01:42 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 10-Sep-02 9:01:38 AM

#:20 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 13-Jul-04 2:10:58 PM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright ? RealNetworks, Inc. 1995-2002
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 14-Sep-02 5:36:46 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 30-Mar-03 7:28:56 PM

#:21 [amoumain.exe]
FilePath : C:\PROGRA~1\A4Tech\Mouse\
ThreadCreationTime : 13-Jul-04 2:10:58 PM
BasePriority : Normal
FileSize : 144 KB
FileVersion : 7.42.0.0
ProductVersion : 7.42.0.0
Copyright : Copyright ? A4Tech Co.,Ltd. 1999-2003
CompanyName : A4Tech Co.,Ltd.
FileDescription : Amoumain
InternalName : Amoumain
OriginalFilename : Amoumain.exe
ProductName : A4Tech iWheelWorks Mouse Driver
Created on : 17-Jul-03 4:53:16 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 17-Jul-03 4:53:16 PM

#:22 [ezsp_px.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-Jul-04 2:10:58 PM
BasePriority : Normal
FileSize : 40 KB
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
Copyright : Copyright © 2002 Easy Systems Japan Ltd.
CompanyName : Easy Systems Japan Ltd.
FileDescription : ezSP_Px MFC Application
InternalName : ezSP_Px
OriginalFilename : ezSP_Px.EXE
ProductName : ezSP_Px Application
Created on : 02-Jul-03 8:38:04 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 20-Aug-02 2:29:26 AM

#:23 [redirect7.exe]
FilePath : C:\windows\
ThreadCreationTime : 13-Jul-04 2:10:58 PM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : ???
InternalName : redirect7
OriginalFilename : redirect7.exe
ProductName : Project1
Created on : 08-Mar-04 1:44:23 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 08-Mar-04 1:44:28 PM

#:24 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 13-Jul-04 2:10:58 PM
BasePriority : Normal
FileSize : 96 KB
FileVersion : 6.5
ProductVersion : QuickTime 6.5
Copyright : ? Apple Computer, Inc. 2001-2004
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 29-May-03 6:35:14 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 26-Jan-04 2:10:22 PM

#:25 [msgplus.exe]
FilePath : C:\Program Files\Messenger Plus! 2\
ThreadCreationTime : 13-Jul-04 2:10:58 PM
BasePriority : Normal
FileSize : 136 KB
FileVersion : 2, 54, 0, 74
ProductVersion : 2, 54, 0, 74
Copyright : Copyright © 2001-2003
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 2
Created on : 24-Feb-04 3:09:03 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 06-May-04 2:09:44 PM

#:26 [math balm soft.exe]
FilePath : C:\PROGRA~1\SPAMTH~1\
ThreadCreationTime : 13-Jul-04 2:10:58 PM
BasePriority : Normal
FileSize : 188 KB
Created on : 06-May-04 2:09:56 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 02-Jun-04 3:48:00 AM

#:27 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-Jul-04 2:10:59 PM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft? Windows? Operating System
Created on : 18-Aug-01 4:00:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 18-Aug-01 4:00:00 AM

#:28 [kazaalite.kpp]
FilePath : C:\My Files\Kazaa Lite\
ThreadCreationTime : 13-Jul-04 2:10:59 PM
BasePriority : Normal
FileSize : 2182 KB
Created on : 16-Jul-03 10:19:52 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 16-Jul-03 10:19:52 AM

#:29 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 13-Jul-04 2:10:59 PM
BasePriority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 04-Mar-04 7:01:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 04-Mar-04 7:01:00 AM

#:30 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ThreadCreationTime : 13-Jul-04 2:11:00 PM
BasePriority : Normal
FileSize : 104 KB
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
Copyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
OriginalFilename : WZQKPICK.EXE
ProductName : WinZip
Created on : 10-Sep-02 4:52:27 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 27-Nov-01 12:10:00 AM

#:31 [icq.exe]
FilePath : C:\Program Files\ICQ\
ThreadCreationTime : 13-Jul-04 2:11:02 PM
BasePriority : Normal
FileSize : 2006 KB
FileVersion : 2002a Beta
ProductVersion : 2002a Beta
Copyright : Copyright ? 1996 - 2002 ICQ Inc. All Rights Reserved.
CompanyName : ICQ Inc.
FileDescription : ICQ
InternalName : ICQ
OriginalFilename : ICQ.exe
ProductName : ICQ
Created on : 10-Sep-02 1:16:46 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 18-Jun-02 10:22:56 PM

#:32 [avgserv.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG6\
ThreadCreationTime : 13-Jul-04 2:11:03 PM
BasePriority : Normal
FileSize : 20 KB
FileVersion : 6.0.1.9
ProductVersion : 6.0.1.9
Copyright : Copyright © GRISOFT© SOFTWARE 1998-2001
CompanyName : GRISOFT© SOFTWARE s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
OriginalFilename : AvgServ
ProductName : AVG6
Created on : 13-May-04 2:49:17 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 13-May-04 2:49:18 PM

#:33 [cdantsrv.exe]
FilePath : C:\WINDOWS\System32\DRIVERS\
ThreadCreationTime : 13-Jul-04 2:11:03 PM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 3.24.0
ProductVersion : 3.24.0 Windows NT 2001/07/03
Copyright : Copyright © Macrovision 1993-2001
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
OriginalFilename : CDANTSRV.EXE
ProductName : CD-Secure/CD-Compress Windows NT
Created on : 12-Dec-01 2:37:14 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 12-Dec-01 2:37:14 AM

#:34 [appservices.exe]
FilePath : C:\PROGRA~1\Iomega\System32\
ThreadCreationTime : 13-Jul-04 2:11:03 PM
BasePriority : Normal
FileSize : 72 KB
FileVersion : 2, 0, 1, 0
ProductVersion : 2, 0, 1, 0
Copyright : Copyright ? 2000
CompanyName : Iomega Corporation
FileDescription : AppServices
InternalName : AppServices
OriginalFilename : AppService.exe
ProductName : Iomega App Services
Created on : 24-Jan-02 2:37:20 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 13-Jan-02 11:49:38 PM

#:35 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 13-Jul-04 2:11:04 PM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft? Windows? Operating System
Created on : 18-Aug-01 4:00:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 18-Aug-01 4:00:00 AM

#:36 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ThreadCreationTime : 13-Jul-04 2:11:08 PM
BasePriority : Normal
FileSize : 264 KB
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
Copyright : Copyright © Microsoft Corp. 1997-2000
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft Development Environment
Created on : 23-Feb-01 2:07:30 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 23-Feb-01 2:07:30 AM

#:37 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-Jul-04 2:11:09 PM
BasePriority : Normal
FileSize : 60 KB
FileVersion : 6.13.10.3082
ProductVersion : 6.13.10.3082
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 30.82
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 30.82
Created on : 16-Jul-02 4:16:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 16-Jul-02 4:16:00 AM

#:38 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 13-Jul-04 2:11:11 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft? Windows? Operating System
Created on : 18-Aug-01 4:00:00 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 18-Aug-01 4:00:00 AM

#:39 [adservice.exe]
FilePath : C:\Program Files\Iomega\AutoDisk\
ThreadCreationTime : 13-Jul-04 2:11:11 PM
BasePriority : Normal
FileSize : 124 KB
FileVersion : 3,0,0,7
ProductVersion : 3,0,0,7
Copyright : Copyright ? 2001
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
OriginalFilename : ADService.exe
ProductName : Iomega Active Disk
Created on : 24-Jan-02 8:10:39 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 24-Jan-02 8:10:40 AM

#:40 [rnathchk.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 13-Jul-04 2:30:59 PM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 7.0.0.1176
ProductVersion : 7.0.0.1176
Copyright : Copyright ? RealNetworks, Inc. 1995-2002
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
OriginalFilename : rnathchk.EXE
ProductName : RealOne Player (32-bit)
Created on : 14-Sep-02 5:36:46 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 30-Mar-03 7:28:56 PM

#:41 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 13-Jul-04 2:52:39 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft? Windows? Operating System
Created on : 06-Oct-02 2:12:17 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 28-Aug-02 7:41:26 PM

#:42 [ad-aware.exe]
FilePath : H:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 13-Jul-04 3:14:07 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright ? Lavasoft Sweden
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 13-Jul-04 3:13:51 PM
Last accessed : 13-Jul-04 3:13:51 PM
Last modified : 12-Jul-03 2:00:20 PM

#:43 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 13-Jul-04 3:14:50 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
Copyright : ? Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft? Windows? Operating System
Created on : 06-Oct-02 2:12:17 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 28-Aug-02 7:41:26 PM

Memory scan result :

New objects : 0
Objects found so far: 0


Started registry scan


istbar.dotcomToolbar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\DotComToolbar


istbar.dotcomToolbar Object recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "redirect"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : redirect


UKVideo2 Dialer Object recognized!
Type : RegValue
Data :
Category : Malware
Comment : UKVideo2
Rootkey : HKEY_CURRENT_USER
Object : SOFTWARE\Comsoft
Value : ClientID


Registry scan result :

New objects : 3
Objects found so far: 3


Started deep registry scan

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Search_URLabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Malware
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Search_URL
Data : "about:blank"


Deep registry scan result :

New objects : 1
Objects found so far: 4


Deep scanning and examining files (C:)


istbar.dotcomToolbar Object recognized!
Type : File
Data : redirect5.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileSize : 36 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : ???
InternalName : redirect5
OriginalFilename : redirect5.exe
ProductName : Project1
Created on : 01-Jan-04 7:09:51 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 26-Jan-04 1:48:52 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

Created on : 14-Jan-04 2:45:44 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 05-Mar-04 5:37:32 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@ehg-dig.hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\
FileSize : 1 KB
Created on : 05-Mar-04 5:37:30 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 05-Mar-04 5:37:32 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@adrevolver[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

Created on : 05-Mar-04 4:40:24 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 05-Mar-04 4:44:34 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@atdmt[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

Created on : 14-Jan-04 4:46:26 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 4:46:28 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@servedby.advertising[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

Created on : 14-Jan-04 4:46:27 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 4:46:28 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@advertising[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

Created on : 14-Jan-04 4:46:27 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 4:46:28 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@redeye.willhill[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

Created on : 14-Jan-04 3:10:22 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 5:00:32 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@tribalfusion[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

Created on : 14-Jan-04 5:01:03 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 5:01:04 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@revenue[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Local Settings\Temp\Cookies\

Created on : 14-Jan-04 5:07:30 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 5:07:32 PM



Lop Object recognized!
Type : File
Data : pch15f.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\ctx\Local Settings\Temp\
FileSize : 228 KB
Created on : 15-May-04 7:37:20 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 15-May-04 7:37:22 AM



Lop Object recognized!
Type : File
Data : rem165.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\ctx\Local Settings\Temp\
FileSize : 231 KB
Created on : 06-May-04 2:09:53 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 06-May-04 2:09:54 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@tribalfusion[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Cookies\

Created on : 13-Jul-04 3:15:33 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 13-Jul-04 3:15:34 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@statcounter[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Cookies\

Created on : 26-May-04 4:50:55 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 26-May-04 4:50:56 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@cgi-bin[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Cookies\

Created on : 01-Jul-04 3:20:43 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 01-Jul-04 3:20:44 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@cgi-bin[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Cookies\

Created on : 20-Jun-04 5:39:35 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 20-Jun-04 5:39:36 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@adrevolver[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Cookies\

Created on : 29-Jun-04 3:05:14 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 29-Jun-04 3:07:10 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@promo.match[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Cookies\

Created on : 12-Jul-04 2:08:31 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 12-Jul-04 2:08:32 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@lop[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Cookies\

Created on : 13-Jul-04 3:14:55 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 13-Jul-04 3:14:56 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@revenue[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Cookies\

Created on : 13-Jul-04 3:14:55 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 13-Jul-04 3:15:00 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@realmedia[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Cookies\

Created on : 13-Jul-04 3:15:33 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 13-Jul-04 3:15:34 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@redeye.willhill[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\ctx\Cookies\

Created on : 29-Jun-04 2:15:37 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 29-Jun-04 2:15:38 PM



CoolWebSearch Object recognized!
Type : File
Data : archive.jar-14e4bd35-2eaaa39f.zip
Category : Malware
Comment : Object "BlackBox.class" found in this archive.
Object : C:\Documents and Settings\ctx\.jpi_cache\jar\1.0\
FileSize : 28 KB
Created on : 22-Jun-03 5:40:26 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 22-Jun-03 5:40:28 PM


Object "BlackBox.class" found in this archive.

CoolWebSearch Object recognized!
Type : File
Data : archive.jar-27b6d965-40bd8692.zip
Category : Malware
Comment : Object "BlackBox.class" found in this archive.
Object : C:\Documents and Settings\ctx\.jpi_cache\jar\1.0\
FileSize : 28 KB
Created on : 01-Jan-04 7:09:30 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 01-Jan-04 7:09:32 AM


Object "BlackBox.class" found in this archive.

Lop Object recognized!
Type : File
Data : 16029.exe
Category : Malware
Comment :
Object : C:\Program Files\Loud type\
FileSize : 55 KB
Created on : 02-Jun-04 3:48:09 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 02-Jun-04 3:48:10 AM



Lop Object recognized!
Type : File
Data : 16449.exe
Category : Malware
Comment :
Object : C:\Program Files\Loud type\
FileSize : 55 KB
Created on : 13-Jun-04 1:56:28 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 13-Jun-04 1:56:30 PM



Lop Object recognized!
Type : File
Data : a0915932.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\
FileSize : 244 KB
Created on : 24-Feb-04 3:09:47 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 24-Feb-04 3:15:52 PM



Lop Object recognized!
Type : File
Data : a0915933.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\
FileSize : 32 KB
Created on : 24-Feb-04 3:15:44 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 24-Feb-04 3:15:46 PM



VX2 Object recognized!
Type : File
Data : a0915934.ini
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\
FileSize : 224 KB
Created on : 25-Apr-04 12:51:04 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 12-Dec-03 12:45:14 AM



VX2 Object recognized!
Type : File
Data : a0915938.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\
FileSize : 136 KB
FileVersion : 0, 1, 4, 19
ProductVersion : 0, 1, 4, 19
Copyright : Copyright ? 2003
CompanyName : Twain Tech
FileDescription : www.twain-tech.com
InternalName : Twaintec
OriginalFilename : Twaintec.dll
ProductName : Twaintec
Created on : 25-Apr-04 12:48:13 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 11-Feb-04 9:30:52 AM



VX2 Object recognized!
Type : File
Data : a0915939.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\
FileSize : 32 KB
Created on : 25-Apr-04 12:48:13 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 11-Feb-04 9:30:50 AM



Lop Object recognized!
Type : File
Data : a0915941.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\
FileSize : 58 KB
Created on : 15-May-04 7:37:12 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 15-May-04 7:37:14 AM



VX2 Object recognized!
Type : File
Data : a0916010.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{E070D6B4-109E-4FCA-88B2-628E1C2DD73D}\RP417\
FileSize : 170 KB
Created on : 25-Apr-04 12:48:03 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 25-Apr-04 12:48:08 PM



Disk scan result for C:\

New objects : 0
Objects found so far: 37


Deep scanning and examining files (D:)


Disk scan result for D:\

New objects : 0
Objects found so far: 37


Deep scanning and examining files (H:)


Disk scan result for H:\

New objects : 0
Objects found so far: 37

Possible Browser Hijack attempt Object recognized!
Type : File
Data : free aol & unlimited internet.url
Category : Misc
Comment : Item referrs to blacklisted Site: http://free.aol.com/...ndex.adp?350218
Object : C:\Documents and Settings\ctx\Favorites\Links\

Created on : 30-Mar-03 7:29:27 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 30-Mar-03 7:29:28 PM




Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)


Hosts file scan result:

1 entries scanned.
New objects :0
Objects found so far: 38




Performing conditional scans..


istbar.dotcomToolbar Object recognized!
Type : File
Data : redirect7.exe
Category : Data Miner
Comment :
Object : c:\windows\
FileSize : 56 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : ???
InternalName : redirect7
OriginalFilename : redirect7.exe
ProductName : Project1
Created on : 08-Mar-04 1:44:23 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 08-Mar-04 1:44:28 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@hitbox[1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\ctx\locals~1\temp\Cookies\

Created on : 14-Jan-04 2:45:44 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 05-Mar-04 5:37:32 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@ehg-dig.hitbox[2].txt
Category : Data Miner
Comment :
Object : c:\docume~1\ctx\locals~1\temp\Cookies\
FileSize : 1 KB
Created on : 05-Mar-04 5:37:30 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 05-Mar-04 5:37:32 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@adrevolver[2].txt
Category : Data Miner
Comment :
Object : c:\docume~1\ctx\locals~1\temp\Cookies\

Created on : 05-Mar-04 4:40:24 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 05-Mar-04 4:44:34 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@atdmt[1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\ctx\locals~1\temp\Cookies\

Created on : 14-Jan-04 4:46:26 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 4:46:28 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@servedby.advertising[1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\ctx\locals~1\temp\Cookies\

Created on : 14-Jan-04 4:46:27 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 4:46:28 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@advertising[1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\ctx\locals~1\temp\Cookies\

Created on : 14-Jan-04 4:46:27 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 4:46:28 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@redeye.willhill[2].txt
Category : Data Miner
Comment :
Object : c:\docume~1\ctx\locals~1\temp\Cookies\

Created on : 14-Jan-04 3:10:22 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 5:00:32 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@tribalfusion[1].txt
Category : Data Miner
Comment :
Object : c:\docume~1\ctx\locals~1\temp\Cookies\

Created on : 14-Jan-04 5:01:03 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 5:01:04 PM



Tracking Cookie Object recognized!
Type : File
Data : ctx@revenue[2].txt
Category : Data Miner
Comment :
Object : c:\docume~1\ctx\locals~1\temp\Cookies\

Created on : 14-Jan-04 5:07:30 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 14-Jan-04 5:07:32 PM



CoolWebSearch Object recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout


CoolWebSearch Object recognized!
Type : File
Data : hosts
Category : Malware
Comment :
Object : c:\windows\

Created on : 01-Jan-04 7:09:50 AM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 18-Apr-04 10:36:52 PM



VX2 Object recognized!
Type : File
Data : bit16b.tmp
Category : Data Miner
Comment :
Object : c:\docume~1\ctx\locals~1\temp\
FileSize : 5122 KB
FileVersion : 4.71.1015.0
ProductVersion : 4.71.1015.0
Copyright : Copyright © Microsoft Corp. 1995
CompanyName : Microsoft Corporation
FileDescription : Win32 Cabinet Self-Extractor
InternalName : Wextract
OriginalFilename : WEXTRACT.EXE
ProductName : Microsoft® Windows NT® Operating System
Created on : 01-Jun-04 5:52:40 PM
Last accessed : 12-Jul-04 4:00:00 PM
Last modified : 01-Jun-04 5:52:40 PM



Conditional scan result:

New objects : 13
Objects found so far: 51


11:30:35 PM Scan complete

Summary of this scan

Total scanning time :00:11:58:234
Objects scanned :188570
Objects identified :51
Objects ignored :0
New objects :51

#11 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 14 July 2004 - 11:51 AM

there is this website searchweb2.com tt keeps hijacking my homepage... if not for spy sweeper i will hv to keep reloading my homepage

#12 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 14 July 2004 - 11:53 AM

this is the log for hijackthis after the adware scan


Logfile of HijackThis v1.98.0
Scan saved at 12:52:55 AM, on 15-Jul-04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Customizer XP\RAMIdle.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\rundll32.exe
C:\My Files\Kazaa Lite\KazaaLite.kpp
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ICQ\ICQ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
H:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Watch for Browser Events - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\iCapture.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Face plus] C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe
O4 - HKLM\..\Run: [KAZAA] "C:\My Files\Kazaa Lite\kpp.exe" "C:\My Files\Kazaa Lite\KazaaLite.kpp" /SYSTRAY
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28177.cab
O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyo...m/joyonpack.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.nor...c/bin/cabsa.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave...ic/CMonline.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28177.cab

#13 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 16 July 2004 - 10:52 AM

someone help ?

#14 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 July 2004 - 11:04 AM

When you ran Ad-Aware, did you let it quarantine and remove the objects it found?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#15 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 18 July 2004 - 12:46 AM

yeap i did

#16 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 July 2004 - 11:54 AM

Quoting dolphins:

The following are all Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word.

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

Tick and fix those if not actually using them. However you seem to have other Japanese-related things so they are probably needed.

Fix. You don't need AOL to be in your trusted zone.
O15 - Trusted Zone: http://free.aol.com

Fix this.
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab

I don't see any hijack. Will ask an Expert to have a look.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#17 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 July 2004 - 01:08 PM

TonyKlein points out that you have lop.
Tick and fix this one:
O4 - HKLM\..\Run: [Face plus] C:\PROGRA~1\SPAMTH~1\MATH BALM SOFT.exe

Reboot.

Do Start->Run and enter cmd
In the DOS window that opens, enter deltree /y C:\PROGRA~1\SPAMTH~1\
to delete that whole folder.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#18 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 19 July 2004 - 12:30 PM

Here is the Logfile from hijack this after doing what u hv said... but i encounter a problem while do the CMD command that says :: " 'deltree' is nto recognised as an internal or external command, operable program or batch file"

hey i would liek to thank u for help me once again :) really appreciate it ^^


Logfile of HijackThis v1.98.0
Scan saved at 1:27:33 AM, on 20-Jul-04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Customizer XP\RAMIdle.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\My Files\Kazaa Lite\KazaaLite.kpp
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ICQ\ICQ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
H:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Watch for Browser Events - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\iCapture.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [KAZAA] "C:\My Files\Kazaa Lite\kpp.exe" "C:\My Files\Kazaa Lite\KazaaLite.kpp" /SYSTRAY
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28177.cab
O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyo...m/joyonpack.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.nor...c/bin/cabsa.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave...ic/CMonline.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28177.cab

#19 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 19 July 2004 - 03:47 PM

In Explorer (My Computer) go to c:\Program Files. Look for a folder whose name begins with "Spamth" - see if you can delete it.

Does your hijack problem seem to be fixed?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#20 Dostalgia

Dostalgia

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 20 July 2004 - 10:22 AM

it seems ok so far :)

i have manage to delete the spamth, the name for the folder was "spamthatteam" it contained a program tt was removed earlier so i removed it :)


really appriciate all the help u had given :) thx lots ! ^^

#21 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 20 July 2004 - 10:26 AM

Glad we could help, Dostalgia. :)

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button