Jump to content


Photo

A Better Internet/other issues


  • This topic is locked This topic is locked
14 replies to this topic

#1 mudd2525

mudd2525

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 13 May 2007 - 09:55 PM

I would like to thank any and all of you that help me clean up my computer. You are appreciated immeasurably.

First, I have read the FAQ and folowed as best I could. I have Windows XP, but not SP2. I have ad-aware and spybot, have updated and run both. I have downloaded, updated and will post the corresponding log of the following: Ewido, Panda ActiveScan, Hijackthis.

The two major issues I have are a very slow start up and my desktop background changes to white during start up. The normal background loads first, but sometime during start up it changes to white. The background change also causes everything to slow down. I believe it is a leftover from some spyware that was half-removed.

Other issues:
-I know that A better internet and Wild Tangent are on my system.
-My internet browsers (explorer and firefox) are slow to load. Not much of a problem, but noticeable.
-Popups are only an issue when visiting certain sites like espn. I get a popup everytime I click on a link on espn. They are usually for orbitz.
-Norton antivirus detects two problems that it cannot fix. Sorry but I don't know what they are.

I will now post, in order, the logs from Panda, Ewido, and Hijackthis because they were run in that order.


Panda Activescan Log

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.com.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.zedo.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.belnk.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.rightmedia.net/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[rightmedia.net/]
Spyware:Cookie/Euniverseads Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.euniverseads.com/]
Spyware:Cookie/Uproar Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[ads.uproar.com/]
Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.www.toprebates.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7c7c5efc-5bded42c.zip[Dummy.class]
Virus:Trj/ClassLoader.W Disinfected C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7c7c5efc-5bded42c.zip[VerifierBug.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-19e5ea87.zip[javainstaller/InstallerApplet.class]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\John\Cookies\john@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\John\Cookies\john@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\John\Cookies\john@apmebf[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\John\Cookies\john@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\John\Cookies\john@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\john@belnk[1].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\John\Cookies\john@bestoffersnetworks[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\John\Cookies\john@btg.btgrab[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\John\Cookies\john@btg.btgrab[3].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\John\Cookies\john@cassava[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\John\Cookies\john@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\john@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\John\Cookies\john@go[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\John\Cookies\john@offeroptimizer[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\John\Cookies\john@offeroptimizer[3].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\John\Cookies\john@perf.overture[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\John\Cookies\john@rn11[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\John\Cookies\john@stats1.reliablestats[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\John\Cookies\john@www.advnt01[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\John\Cookies\john@www.myaffiliateprogram[1].txt
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\John\Local Settings\Temp\!update.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\John\Local Settings\Temp\4.tmp\thnall1z.exe
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@offeroptimizer[2].txt
Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\John\Local Settings\Temp\delwbi.tmp
Adware:Adware/Aurora Not disinfected C:\Documents and Settings\John\Local Settings\Temp\OWG\aurareco.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\22XFKLAR\thnall1z[1].html
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\John\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\ipee\othb.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[CHECKERS56.F3S]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[CHESS57.F3S]
Adware:Adware/IPInsight Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[conscorr111.inf]
Adware:Adware/TopRebates Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[disp115077.exe]
Adware:Adware/TopRebates Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[djtopr1150107.exe]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[f3pssavr67.scr]
Hacktool:HackTool/Jkill.A Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[jkill106.exe]
Hacktool:HackTool/Jkill.A Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[jkill53.exe]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@2o7[2]3.txt]
Spyware:Cookie/Abetterinternet Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@abetterinternet[2]7.txt]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@as-eu.falkag[2]9.txt]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@atdmt[2]10.txt]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@atdmt[2]11.txt]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@atdmt[2]12.txt]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@atwola[2]13.txt]
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@bluestreak[2]14.txt]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@bs.serving-sys[2]15.txt]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@casalemedia[1]17.txt]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@doubleclick[1]20.txt]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@doubleclick[1]21.txt]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@fastclick[1]25.txt]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@fastclick[1]26.txt]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@fastclick[1]27.txt]
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@landing.domainsponsor[1]29.txt]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@maxserving[1]30.txt]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@mediaplex[1]31.txt]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@mediaplex[1]32.txt]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@mediaplex[1]33.txt]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@questionmarket[1]39.txt]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@tribalfusion[2]42.txt]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@tribalfusion[2]43.txt]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@tribalfusion[2]44.txt]
Spyware:Cookie/TopRebates.com Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@www.toprebates[2]46.txt]
Spyware:Cookie/TopRebates.com Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@www.toprebates[2]47.txt]
Spyware:Cookie/Adserver Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@z1.adserver[1]48.txt]
Spyware:Cookie/Adserver Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@z1.adserver[1]49.txt]
Adware:Adware/LocalNRD Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[localNRD109.dll]
Adware:Adware/LocalNRD Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[localNRD147.dll]
Adware:Adware/LocalNRD Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[localNrd148.inf]
Adware:Adware/LocalNRD Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[localNrd150.inf]
Adware:Adware/LocalNRD Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[localNRD151.dll]
Adware:Adware/MediaTickets Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[MediaTicketsInstaller114.ocx]
Adware:Adware/MediaTickets Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[MediaTicketsInstaller115.INF]
Adware:Adware/MediaTickets Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[mediaticketsinstaller70.ocx]
Adware:Adware/MediaTickets Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[mediaticketsinstaller71.inf]
Adware:Adware/MultiMPP Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[multimpp108.dll]
Adware:Adware/Dyfuca Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[optimize68.exe]
Adware:Adware/Transponder Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[polall1l149.exe]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[REVERSI58.F3S]
Adware:Adware/IST.SideFind Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[sfbho55.dll]
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[ysbactivex50.dll]
Adware:Adware/IST.YourSiteBar Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[ysbactivex51.inf]
Adware:Adware/ActivShopper Not disinfected C:\Program Files\TBONAS\TBONcomp.dll
Adware:Adware/ActivShopper Not disinfected C:\Program Files\TBONAS\TBONlchr.dll
Adware:Adware/Dyfuca Not disinfected C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB
Adware:Adware/Dyfuca Not disinfected C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc107.exe
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc130.cab[ist_remove.exe]
Adware:Adware/TopRebates Not disinfected C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc141\disp1150.exe
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc45.exe
Adware:adware/ncase Not disinfected C:\temp\salm.log
Virus:Trj/Ldpinch.JD Disinfected C:\WINDOWS\assest.dll
Virus:Trj/Downloader.FJV Disinfected C:\WINDOWS\dinst.exe
Adware:Adware/EnhSrch Not disinfected C:\WINDOWS\dsr.dll
Adware:Adware/EnhSrch Not disinfected C:\WINDOWS\dsr.exe
Dialer:Dialer.CII Not disinfected C:\WINDOWS\frennk.dll
Dialer:Dialer.BB Not disinfected C:\WINDOWS\msdownld.tmp\wupd0000.exe
Virus:Trj/Delf.AH Disinfected C:\WINDOWS\msdownld.tmp\wupd0001.exe
Dialer:Dialer.TT Not disinfected C:\WINDOWS\msdownld.tmp\wupd0002.exe
Virus:Trj/Delf.AH Disinfected C:\WINDOWS\msdownld.tmp\wupd0003.exe
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\Nail.exe
Dialer:dialer.bny Not disinfected C:\WINDOWS\pcconfig.dat
Virus:Trojan Horse.AP2 Disinfected C:\WINDOWS\sasent.dll
Virus:Trojan Horse.AP2 Disinfected C:\WINDOWS\sasetup.dll
Adware:adware/aurora Not disinfected C:\WINDOWS\svcproc.exe
Virus:Trj/Downloader.gen Disinfected C:\WINDOWS\system32\msdlupd.dll




Ewido Log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:12:54 PM 5/13/2007

+ Scan result:



C:\Program Files\TBONAS\TBONcomp.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).
C:\Program Files\TBONAS\TBONlchr.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc144\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Local Settings\Temp\OWG\aurareco.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP837\A0066455.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD109.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD147.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD151.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/multimpp108.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.inf -> Adware.Dyfuca : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller114.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller115.INF -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller70.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller71.inf -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/sfbho55.dll -> Adware.SideFind : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc52.exe -> Adware.SuspectModule : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/dlhelperexe75.exe -> Adware.Thumper : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/disp115077.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/djtopr1150107.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc141\disp1150.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\WINDOWS\msdownld.tmp\wupd0002.exe -> Dialer.Kotu.c : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/polall1l149.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067689.exe -> Downloader.Delf.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067690.exe -> Downloader.Delf.dd : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/optimize68.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc107.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067693.dll -> Downloader.Dyfuca.dn : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.ocx -> Downloader.Dyfuca.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067688.exe -> Downloader.Intexp.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc45.exe -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/ysbactivex50.dll -> Downloader.IstBar.fy : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Local Settings\Temp\!update.exe -> Downloader.PurityScan.am : Cleaned with backup (quarantined).
C:\Program Files\ipee\othb.exe -> Downloader.PurityScan.am : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@americasnotenetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@verizonmysuperpages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@2o7[2]3.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.281:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.282:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.283:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.284:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.285:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.286:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.287:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.288:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.316:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\John\Cookies\john@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\John\Cookies\john@prizeamerica.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@abetterinternet[2]7.txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]48.txt -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]49.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.32:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]10.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]11.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]12.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\John\Cookies\john@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@bluestreak[2]14.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\John\Cookies\john@bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.12:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@casalemedia[1]17.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.103:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.104:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.10:C:\Documents and Settings\John\Application Data\Mo

#2 mudd2525

mudd2525

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 14 May 2007 - 08:46 AM

I am reposting the log for Ewido and Hijackthis.

Ewido

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:12:54 PM 5/13/2007

+ Scan result:



C:\Program Files\TBONAS\TBONcomp.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).
C:\Program Files\TBONAS\TBONlchr.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc144\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Local Settings\Temp\OWG\aurareco.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP837\A0066455.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD109.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD147.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD151.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/multimpp108.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.inf -> Adware.Dyfuca : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller114.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller115.INF -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller70.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller71.inf -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/sfbho55.dll -> Adware.SideFind : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc52.exe -> Adware.SuspectModule : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/dlhelperexe75.exe -> Adware.Thumper : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/disp115077.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/djtopr1150107.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc141\disp1150.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\WINDOWS\msdownld.tmp\wupd0002.exe -> Dialer.Kotu.c : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/polall1l149.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067689.exe -> Downloader.Delf.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067690.exe -> Downloader.Delf.dd : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/optimize68.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc107.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067693.dll -> Downloader.Dyfuca.dn : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.ocx -> Downloader.Dyfuca.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067688.exe -> Downloader.Intexp.d : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc45.exe -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/ysbactivex50.dll -> Downloader.IstBar.fy : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Local Settings\Temp\!update.exe -> Downloader.PurityScan.am : Cleaned with backup (quarantined).
C:\Program Files\ipee\othb.exe -> Downloader.PurityScan.am : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@americasnotenetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@verizonmysuperpages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@2o7[2]3.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.281:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.282:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.283:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.284:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.285:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.286:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.287:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.288:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.316:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\John\Cookies\john@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\John\Cookies\john@prizeamerica.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@abetterinternet[2]7.txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]48.txt -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]49.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.32:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]10.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]11.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]12.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\John\Cookies\john@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@bluestreak[2]14.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\John\Cookies\john@bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.12:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@casalemedia[1]17.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.103:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.104:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.10:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.11:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.70:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\John\Cookies\john@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.18:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@doubleclick[1]20.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@doubleclick[1]21.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\John\Cookies\john@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
:mozilla.227:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.228:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.229:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.230:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.246:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4kidpmaoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.218:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned.
:mozilla.219:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned.
C:\Documents and Settings\John\Cookies\john@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@as-eu.falkag[2]9.txt -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]25.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]26.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]27.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\John\Cookies\john@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@sales.liveperson[2]40.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.35:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]31.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]32.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]33.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\John\Cookies\john@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\John\Cookies\john@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\John\Cookies\john@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John\Cookies\john@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John\Cookies\john@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John\Cookies\john@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.40:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.43:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@questionmarket[1]39.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\John\Cookies\john@real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\John\Cookies\john@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.77:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\John\Cookies\john@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\John\Cookies\john@www.res99[2].txt -> TrackingCookie.Res99 : Cleaned.
:mozilla.23:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\John\Cookies\john@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.88:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@edge.ru4[1]23.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@bs.serving-sys[2]15.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.290:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.291:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\John\Cookies\john@sexcounter[1].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\John\Cookies\john@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\John\Cookies\john@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\John\Cookies\john@www.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\John\Cookies\john@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John\Cookies\john@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]42.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]43.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]44.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.205:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.206:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.207:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@ads.x10[1]8.txt -> TrackingCookie.X10 : Cleaned.
C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067687.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067691.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067692.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).
C:\WINDOWS\frennk.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).
C:\WINDOWS\msdownld.tmp\wupd0000.exe -> Trojan.Dialer.u : Cleaned with backup (quarantined).


::Report end




Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 9:36:56 PM, on 5/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Documents and Settings\John\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/in...hpnotebook-icon
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DLuxjp] c:\program files\dialers\dluxjp\dluxjp.exe /nocomm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


Thanks

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 16 May 2007 - 06:31 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 24 May 2007 - 09:10 AM

Hello,

I see you have PartyPoker, AbsolutePoker and Ultimatebet installed.
If you didn't install it with intension to play with, I suggest you uninstall it, because in most cases, these programs are supported by malware, getting installed without asking for it and also lead you to sites where malware is lurking.
If you do play it, then leave it alone.

Then, * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O4 - HKLM\..\Run: [DLuxjp] c:\program files\dialers\dluxjp\dluxjp.exe /nocomm
O4 - Startup: PowerReg Scheduler.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Then rescan with AVG Antispyware and let it remove everything it is finding. Post the log from AVG Antispyware in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#5 mudd2525

mudd2525

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 May 2007 - 02:10 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:24:19 PM 5/25/2007

+ Scan result:



C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067704.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067705.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067710.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067707.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD109.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD147.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD151.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/multimpp108.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.inf -> Adware.Dyfuca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067708.dll -> Adware.ImiBar : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller114.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller115.INF -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller70.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller71.inf -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/sfbho55.dll -> Adware.SideFind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067711.exe -> Adware.SuspectModule : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/dlhelperexe75.exe -> Adware.Thumper : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/disp115077.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/djtopr1150107.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067706.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067703.exe -> Dialer.Kotu.c : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/polall1l149.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/optimize68.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067699.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.ocx -> Downloader.Dyfuca.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067700.exe -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/ysbactivex50.dll -> Downloader.IstBar.fy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067698.exe -> Downloader.PurityScan.am : Cleaned with backup (quarantined).
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@2o7[2]3.txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@abetterinternet[2]7.txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]48.txt -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]49.txt -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]10.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]11.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]12.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@bluestreak[2]14.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@casalemedia[1]17.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@doubleclick[1]20.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@doubleclick[1]21.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@as-eu.falkag[2]9.txt -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]25.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]26.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]27.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@sales.liveperson[2]40.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]31.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]32.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]33.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@questionmarket[1]39.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@edge.ru4[1]23.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@bs.serving-sys[2]15.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]42.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]43.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]44.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@ads.x10[1]8.txt -> TrackingCookie.X10 : Cleaned.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067701.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067702.exe -> Trojan.Dialer.u : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067709.exe -> Trojan.Stervis.e : Cleaned with backup (quarantined).


::Report end




Logfile of HijackThis v1.99.1
Scan saved at 2:51:42 PM, on 5/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Documents and Settings\John\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/in...hpnotebook-icon
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


Thanks for your help.

#6 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 25 May 2007 - 02:50 PM

Hi,

* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\WINDOWS\Nail.exe

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok
Your system should reboot now.

After reboot, check and fix next entry in HijackThis:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Then post a new HijackThislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#7 mudd2525

mudd2525

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 May 2007 - 04:29 PM

I copied and pasted the C:\WINDOWS\Nail.exe, however, upon reboot I was prompted with a message saying the file was not found. I then ran hijackthis and

"F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe"

was present so I fixed it. Here is the new log.

Logfile of HijackThis v1.99.1
Scan saved at 5:19:20 PM, on 5/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/in...hpnotebook-icon
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

#8 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 25 May 2007 - 04:34 PM

Hi,

I copied and pasted the C:\WINDOWS\Nail.exe, however, upon reboot I was prompted with a message saying the file was not found.

Yes, that's normal that you received that error after reboot, because that entry was still present in HijackThis. Now you won't get that error anymore.

Your HijackThislog looks clean again - How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#9 mudd2525

mudd2525

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 May 2007 - 05:27 PM

My desktop background still turns to white during start up and I have Wild Tangent that somehow found it's way onto my computer. The background issue is the main problem. Also, I almost forgot, the bar across the bottom with the start menu, clock, little icons, etc. is at the top of the screen. I don't know if this is related to the background problem or not.

Otherwise things do seem to be running a little faster. Can I safely update to Service Pack 2 now?

#10 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 25 May 2007 - 05:29 PM

Hi, for your desktop turning white, looks like there's an active desktop component being set+related policies keeping Active desktop turned on.. so let's take a look at that first and do next:

Open notepad and copy and paste next bold in it:

regedit /e peek1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"
regedit /e peek2.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components"
type peek1.txt >> look.txt
type peek2.txt >> look.txt
del peek*.txt
start notepad look.txt


Save this as look.bat , choose to save as *all files and place it on your desktop.
This is how the batch should look afterwards: Posted Image
Doubleclick look.bat
Notepad will open with some txt in it. Copy and paste the contents in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#11 mudd2525

mudd2525

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 May 2007 - 05:36 PM

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/WINDOWS/Firefox%20Wallpaper.bmp"
"SubscribedURL"="file:///C:/WINDOWS/Firefox%20Wallpaper.bmp"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,12,03,00,00,17,01,00,00,ff,ff,ff,ff,ff,ff,ff,ff,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,17,01,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,01,00,00,00
"RestoredStateInfo"=hex:dc,ff,bf,00,09,48,e9,77,c8,0d,e9,77,ff,ff,ff,ff,c4,e1,\
e7,77,c4,e1,e7,77

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\WINDOWS\\desktop.html"
"SubscribedURL"="C:\\WINDOWS\\desktop.html"
"FriendlyName"="Security"
"Flags"=dword:00006002
"Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,00,04,00,00,dd,02,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,00,00,00,32,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,00,04,00,00,dd,02,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,00,03,\
00,00,01,00,00,00

#12 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 25 May 2007 - 05:53 PM

Hi,

Well, you do have 2 active desktop components set. One is a malware related one and the other one is one you most probably set yourself:
file:///C:/WINDOWS/Firefox%20Wallpaper.bmp

So what I suggest here is removing both references. To do this, * Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Select "Security" you find in there and press the delete button on the right.
Hit ok below > apply in previous window.
Then do the same for "file:///C:/WINDOWS/Firefox%20Wallpaper.bmp"

Also, check if next file is still present and delete it:
C:\WINDOWS\desktop.html

As I also understand from your previous post, your system tray is at the top of your screen. If you want it back at the bottom, rightclick your taskbar, make sure that "Lock the taskbar" is unchecked and drag the taskbar back to the bottom.

I have Wild Tangent that somehow found it's way onto my computer

Let me know where this Wildtangent was found. Keep in mind that this comes with a lot of games. Actually Wildtangent is no real threat either, but still being flagged by a lot of scanners.

As from your first post:

-Popups are only an issue when visiting certain sites like espn. I get a popup everytime I click on a link on espn. They are usually for orbitz.

That's nothing you can do about it except for avoiding espn. Because as you say, they only appear there. Some sites do display popups, this is a fact. This doesn't mean that your system is infected.

By the way, is there any reason why you didn't update to Service Pack 2 yet? Keep in mind that your system is extremely vulnerable without the necessary patches.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#13 mudd2525

mudd2525

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 May 2007 - 06:13 PM

Wow thanks for fixing my desktop. That was so simple, but no one was ever able to give me the correct advice.

So am I understanding this correctly, my system tray is fine at the top of the screen? Because I kind of like it up there.

This laptop was not being used very much until recently and I had read that I should clean up my system before updating to Service Pack 2. So that's the reason. Should I go ahead with the updating now?

I cannot thank you enough for your help. Not only do things seem to be running smoothly, but I think I have a much better understanding of what I need to do to protect my system.

Thank You

#14 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 25 May 2007 - 06:17 PM

my system tray is fine at the top of the screen? Because I kind of like it up there

Yes, that's fine if you want to keep it at the top of your screen - many people have set this as well :)

Yes, please update to Service Pack 2.

but I think I have a much better understanding of what I need to do to protect my system.

Well, you certainly have to read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again! :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#15 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 29 May 2007 - 05:13 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here
This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button