• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
mudd2525

A Better Internet/other issues

15 posts in this topic

I would like to thank any and all of you that help me clean up my computer. You are appreciated immeasurably.

 

First, I have read the FAQ and folowed as best I could. I have Windows XP, but not SP2. I have ad-aware and spybot, have updated and run both. I have downloaded, updated and will post the corresponding log of the following: Ewido, Panda ActiveScan, Hijackthis.

 

The two major issues I have are a very slow start up and my desktop background changes to white during start up. The normal background loads first, but sometime during start up it changes to white. The background change also causes everything to slow down. I believe it is a leftover from some spyware that was half-removed.

 

Other issues:

-I know that A better internet and Wild Tangent are on my system.

-My internet browsers (explorer and firefox) are slow to load. Not much of a problem, but noticeable.

-Popups are only an issue when visiting certain sites like espn. I get a popup everytime I click on a link on espn. They are usually for orbitz.

-Norton antivirus detects two problems that it cannot fix. Sorry but I don't know what they are.

 

I will now post, in order, the logs from Panda, Ewido, and Hijackthis because they were run in that order.

 

 

Panda Activescan Log

 

Incident Status Location

 

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.com.com/]

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.zedo.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.bravenet.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.xiti.com/]

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.belnk.com/]

Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.centrport.net/]

Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.maxserving.com/]

Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.rightmedia.net/]

Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[rightmedia.net/]

Spyware:Cookie/Euniverseads Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.euniverseads.com/]

Spyware:Cookie/Uproar Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[ads.uproar.com/]

Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt[.www.toprebates.com/]

Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7c7c5efc-5bded42c.zip[Dummy.class]

Virus:Trj/ClassLoader.W Disinfected C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7c7c5efc-5bded42c.zip[VerifierBug.class]

Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-19e5ea87.zip[javainstaller/InstallerApplet.class]

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\John\Cookies\john@888[1].txt

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\John\Cookies\john@888[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[1].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\John\Cookies\john@apmebf[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\John\Cookies\john@atwola[2].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\John\Cookies\john@azjmp[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\john@belnk[1].txt

Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\John\Cookies\john@bestoffersnetworks[1].txt

Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\John\Cookies\john@btg.btgrab[2].txt

Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\John\Cookies\john@btg.btgrab[3].txt

Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\John\Cookies\john@cassava[1].txt

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\John\Cookies\john@did-it[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John\Cookies\john@dist.belnk[2].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\John\Cookies\john@go[1].txt

Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\John\Cookies\john@offeroptimizer[2].txt

Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\John\Cookies\john@offeroptimizer[3].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\John\Cookies\john@perf.overture[1].txt

Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\John\Cookies\john@rn11[2].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\John\Cookies\john@stats1.reliablestats[2].txt

Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\John\Cookies\john@www.advnt01[1].txt

Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\John\Cookies\john@www.myaffiliateprogram[1].txt

Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\John\Local Settings\Temp\!update.exe

Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\John\Local Settings\Temp\4.tmp\thnall1z.exe

Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\John\Local Settings\Temp\Cookies\john@offeroptimizer[2].txt

Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\John\Local Settings\Temp\delwbi.tmp

Adware:Adware/Aurora Not disinfected C:\Documents and Settings\John\Local Settings\Temp\OWG\aurareco.exe

Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\22XFKLAR\thnall1z[1].html

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\John\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Adware:Adware/PurityScan Not disinfected C:\Program Files\ipee\othb.exe

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[CHECKERS56.F3S]

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[CHESS57.F3S]

Adware:Adware/IPInsight Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[conscorr111.inf]

Adware:Adware/TopRebates Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[disp115077.exe]

Adware:Adware/TopRebates Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[djtopr1150107.exe]

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[f3pssavr67.scr]

Hacktool:HackTool/Jkill.A Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[jkill106.exe]

Hacktool:HackTool/Jkill.A Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[jkill53.exe]

Spyware:Cookie/2o7 Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@2o7[2]3.txt]

Spyware:Cookie/Abetterinternet Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@abetterinternet[2]7.txt]

Spyware:Cookie/Falkag Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@as-eu.falkag[2]9.txt]

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@atdmt[2]10.txt]

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@atdmt[2]11.txt]

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@atdmt[2]12.txt]

Spyware:Cookie/Atwola Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@atwola[2]13.txt]

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@bluestreak[2]14.txt]

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@bs.serving-sys[2]15.txt]

Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@casalemedia[1]17.txt]

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@doubleclick[1]20.txt]

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@doubleclick[1]21.txt]

Spyware:Cookie/FastClick Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@fastclick[1]25.txt]

Spyware:Cookie/FastClick Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@fastclick[1]26.txt]

Spyware:Cookie/FastClick Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@fastclick[1]27.txt]

Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@landing.domainsponsor[1]29.txt]

Spyware:Cookie/Maxserving Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@maxserving[1]30.txt]

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@mediaplex[1]31.txt]

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@mediaplex[1]32.txt]

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@mediaplex[1]33.txt]

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@questionmarket[1]39.txt]

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@tribalfusion[2]42.txt]

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@tribalfusion[2]43.txt]

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@tribalfusion[2]44.txt]

Spyware:Cookie/TopRebates.com Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@www.toprebates[2]46.txt]

Spyware:Cookie/TopRebates.com Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@www.toprebates[2]47.txt]

Spyware:Cookie/Adserver Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@z1.adserver[1]48.txt]

Spyware:Cookie/Adserver Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[john@z1.adserver[1]49.txt]

Adware:Adware/LocalNRD Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[localNRD109.dll]

Adware:Adware/LocalNRD Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[localNRD147.dll]

Adware:Adware/LocalNRD Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[localNrd148.inf]

Adware:Adware/LocalNRD Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[localNrd150.inf]

Adware:Adware/LocalNRD Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[localNRD151.dll]

Adware:Adware/MediaTickets Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[MediaTicketsInstaller114.ocx]

Adware:Adware/MediaTickets Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[MediaTicketsInstaller115.INF]

Adware:Adware/MediaTickets Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[mediaticketsinstaller70.ocx]

Adware:Adware/MediaTickets Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[mediaticketsinstaller71.inf]

Adware:Adware/MultiMPP Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[multimpp108.dll]

Adware:Adware/Dyfuca Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[optimize68.exe]

Adware:Adware/Transponder Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[polall1l149.exe]

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[REVERSI58.F3S]

Adware:Adware/IST.SideFind Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[sfbho55.dll]

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[ysbactivex50.dll]

Adware:Adware/IST.YourSiteBar Not disinfected C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip[ysbactivex51.inf]

Adware:Adware/ActivShopper Not disinfected C:\Program Files\TBONAS\TBONcomp.dll

Adware:Adware/ActivShopper Not disinfected C:\Program Files\TBONAS\TBONlchr.dll

Adware:Adware/Dyfuca Not disinfected C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB

Adware:Adware/Dyfuca Not disinfected C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc107.exe

Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc130.cab[ist_remove.exe]

Adware:Adware/TopRebates Not disinfected C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc141\disp1150.exe

Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc45.exe

Adware:adware/ncase Not disinfected C:\temp\salm.log

Virus:Trj/Ldpinch.JD Disinfected C:\WINDOWS\assest.dll

Virus:Trj/Downloader.FJV Disinfected C:\WINDOWS\dinst.exe

Adware:Adware/EnhSrch Not disinfected C:\WINDOWS\dsr.dll

Adware:Adware/EnhSrch Not disinfected C:\WINDOWS\dsr.exe

Dialer:Dialer.CII Not disinfected C:\WINDOWS\frennk.dll

Dialer:Dialer.BB Not disinfected C:\WINDOWS\msdownld.tmp\wupd0000.exe

Virus:Trj/Delf.AH Disinfected C:\WINDOWS\msdownld.tmp\wupd0001.exe

Dialer:Dialer.TT Not disinfected C:\WINDOWS\msdownld.tmp\wupd0002.exe

Virus:Trj/Delf.AH Disinfected C:\WINDOWS\msdownld.tmp\wupd0003.exe

Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\Nail.exe

Dialer:dialer.bny Not disinfected C:\WINDOWS\pcconfig.dat

Virus:Trojan Horse.AP2 Disinfected C:\WINDOWS\sasent.dll

Virus:Trojan Horse.AP2 Disinfected C:\WINDOWS\sasetup.dll

Adware:adware/aurora Not disinfected C:\WINDOWS\svcproc.exe

Virus:Trj/Downloader.gen Disinfected C:\WINDOWS\system32\msdlupd.dll

 

 

 

 

Ewido Log

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 9:12:54 PM 5/13/2007

 

+ Scan result:

 

 

 

C:\Program Files\TBONAS\TBONcomp.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).

C:\Program Files\TBONAS\TBONlchr.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc144\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).

C:\Documents and Settings\John\Local Settings\Temp\OWG\aurareco.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP837\A0066455.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD109.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD147.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD151.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/multimpp108.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.inf -> Adware.Dyfuca : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller114.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller115.INF -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller70.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller71.inf -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/sfbho55.dll -> Adware.SideFind : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc52.exe -> Adware.SuspectModule : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/dlhelperexe75.exe -> Adware.Thumper : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/disp115077.exe -> Adware.WebRebates : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/djtopr1150107.exe -> Adware.WebRebates : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc141\disp1150.exe -> Adware.WebRebates : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).

C:\WINDOWS\msdownld.tmp\wupd0002.exe -> Dialer.Kotu.c : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/polall1l149.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067689.exe -> Downloader.Delf.dd : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067690.exe -> Downloader.Delf.dd : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/optimize68.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc107.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067693.dll -> Downloader.Dyfuca.dn : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.ocx -> Downloader.Dyfuca.x : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067688.exe -> Downloader.Intexp.d : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc45.exe -> Downloader.IstBar : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/ysbactivex50.dll -> Downloader.IstBar.fy : Cleaned with backup (quarantined).

C:\Documents and Settings\John\Local Settings\Temp\!update.exe -> Downloader.PurityScan.am : Cleaned with backup (quarantined).

C:\Program Files\ipee\othb.exe -> Downloader.PurityScan.am : Cleaned with backup (quarantined).

:mozilla.19:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.20:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.21:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.22:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\John\Cookies\john@americasnotenetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\John\Cookies\john@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\John\Cookies\john@verizonmysuperpages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@2o7[2]3.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.281:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.282:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.283:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.284:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.285:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.286:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.287:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.288:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.316:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\John\Cookies\john@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\John\Cookies\john@prizeamerica.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@abetterinternet[2]7.txt -> TrackingCookie.Abetterinternet : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]48.txt -> TrackingCookie.Adserver : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]49.txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.32:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.9:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]10.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]11.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]12.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\John\Cookies\john@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@bluestreak[2]14.txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\John\Cookies\john@bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.

:mozilla.12:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@casalemedia[1]17.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.103:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.

:mozilla.104:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.

:mozilla.10:C:\Documents and Settings\John\Application Data\Mo

Share this post


Link to post
Share on other sites

I am reposting the log for Ewido and Hijackthis.

 

Ewido

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 9:12:54 PM 5/13/2007

 

+ Scan result:

 

 

 

C:\Program Files\TBONAS\TBONcomp.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).

C:\Program Files\TBONAS\TBONlchr.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc144\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).

C:\Documents and Settings\John\Local Settings\Temp\OWG\aurareco.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP837\A0066455.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD109.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD147.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD151.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/multimpp108.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.inf -> Adware.Dyfuca : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller114.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller115.INF -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller70.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller71.inf -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/sfbho55.dll -> Adware.SideFind : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc52.exe -> Adware.SuspectModule : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/dlhelperexe75.exe -> Adware.Thumper : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/disp115077.exe -> Adware.WebRebates : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/djtopr1150107.exe -> Adware.WebRebates : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc141\disp1150.exe -> Adware.WebRebates : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).

C:\WINDOWS\msdownld.tmp\wupd0002.exe -> Dialer.Kotu.c : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/polall1l149.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067689.exe -> Downloader.Delf.dd : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067690.exe -> Downloader.Delf.dd : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/optimize68.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc107.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067693.dll -> Downloader.Dyfuca.dn : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.ocx -> Downloader.Dyfuca.x : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067688.exe -> Downloader.Intexp.d : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc45.exe -> Downloader.IstBar : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/ysbactivex50.dll -> Downloader.IstBar.fy : Cleaned with backup (quarantined).

C:\Documents and Settings\John\Local Settings\Temp\!update.exe -> Downloader.PurityScan.am : Cleaned with backup (quarantined).

C:\Program Files\ipee\othb.exe -> Downloader.PurityScan.am : Cleaned with backup (quarantined).

:mozilla.19:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.20:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.21:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.22:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\John\Cookies\john@americasnotenetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\John\Cookies\john@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\John\Cookies\john@verizonmysuperpages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@2o7[2]3.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.281:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.282:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.283:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.284:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.285:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.286:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.287:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.288:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.316:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\John\Cookies\john@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\John\Cookies\john@prizeamerica.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@abetterinternet[2]7.txt -> TrackingCookie.Abetterinternet : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]48.txt -> TrackingCookie.Adserver : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]49.txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.32:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.9:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]10.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]11.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]12.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\John\Cookies\john@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@bluestreak[2]14.txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\John\Cookies\john@bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.

:mozilla.12:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@casalemedia[1]17.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.103:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.

:mozilla.104:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.

:mozilla.10:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.11:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.70:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\John\Cookies\john@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

:mozilla.18:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@doubleclick[1]20.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@doubleclick[1]21.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\John\Cookies\john@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.

:mozilla.227:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.228:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.229:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.230:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.246:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4kidpmaoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.218:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned.

:mozilla.219:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned.

C:\Documents and Settings\John\Cookies\john@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@as-eu.falkag[2]9.txt -> TrackingCookie.Falkag : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]25.txt -> TrackingCookie.Fastclick : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]26.txt -> TrackingCookie.Fastclick : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]27.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.42:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

C:\Documents and Settings\John\Cookies\john@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@sales.liveperson[2]40.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.35:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]31.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]32.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]33.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\John\Cookies\john@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.

C:\Documents and Settings\John\Cookies\john@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.

C:\Documents and Settings\John\Cookies\john@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\John\Cookies\john@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\John\Cookies\john@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\John\Cookies\john@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.

:mozilla.40:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.

:mozilla.43:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@questionmarket[1]39.txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\John\Cookies\john@real[1].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\John\Cookies\john@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.

:mozilla.77:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

C:\Documents and Settings\John\Cookies\john@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Documents and Settings\John\Cookies\john@www.res99[2].txt -> TrackingCookie.Res99 : Cleaned.

:mozilla.23:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

C:\Documents and Settings\John\Cookies\john@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.88:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@edge.ru4[1]23.txt -> TrackingCookie.Ru4 : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@bs.serving-sys[2]15.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.290:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.291:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

C:\Documents and Settings\John\Cookies\john@sexcounter[1].txt -> TrackingCookie.Sexcounter : Cleaned.

C:\Documents and Settings\John\Cookies\john@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\John\Cookies\john@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.

C:\Documents and Settings\John\Cookies\john@www.starware[1].txt -> TrackingCookie.Starware : Cleaned.

C:\Documents and Settings\John\Cookies\john@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\John\Cookies\john@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]42.txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]43.txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]44.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.205:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.206:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.207:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@ads.x10[1]8.txt -> TrackingCookie.X10 : Cleaned.

C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.38:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf66v5o1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067687.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067691.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067692.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).

C:\WINDOWS\frennk.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).

C:\WINDOWS\msdownld.tmp\wupd0000.exe -> Trojan.Dialer.u : Cleaned with backup (quarantined).

 

 

::Report end

 

 

 

 

Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 9:36:56 PM, on 5/13/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HPQ\One-Touch\OneTouch.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\Documents and Settings\John\Desktop\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/hho-hp-music-hpnotebook-icon

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [DLuxjp] c:\program files\dialers\dluxjp\dluxjp.exe /nocomm

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

 

 

Thanks

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

I see you have PartyPoker, AbsolutePoker and Ultimatebet installed.

If you didn't install it with intension to play with, I suggest you uninstall it, because in most cases, these programs are supported by malware, getting installed without asking for it and also lead you to sites where malware is lurking.

If you do play it, then leave it alone.

 

Then, * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)

O4 - HKLM\..\Run: [DLuxjp] c:\program files\dialers\dluxjp\dluxjp.exe /nocomm

O4 - Startup: PowerReg Scheduler.exe

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

* Clean your Cache and Cookies in IE:

  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window

* Clean other Temporary files + Recycle bin

  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

Then rescan with AVG Antispyware and let it remove everything it is finding. Post the log from AVG Antispyware in your next reply together with a new HijackThislog.

Share this post


Link to post
Share on other sites

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 2:24:19 PM 5/25/2007

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067704.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067705.dll -> Adware.ActivShopper : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067710.dll -> Adware.Aws : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067707.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD109.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD147.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/localNRD151.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/multimpp108.dll -> Adware.BiSpy : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.inf -> Adware.Dyfuca : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067708.dll -> Adware.ImiBar : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller114.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/MediaTicketsInstaller115.INF -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller70.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/mediaticketsinstaller71.inf -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/sfbho55.dll -> Adware.SideFind : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067711.exe -> Adware.SuspectModule : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/dlhelperexe75.exe -> Adware.Thumper : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/disp115077.exe -> Adware.WebRebates : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/djtopr1150107.exe -> Adware.WebRebates : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067706.exe -> Adware.WebRebates : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067703.exe -> Dialer.Kotu.c : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/polall1l149.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/optimize68.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067699.exe -> Downloader.Dyfuca.da : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1738664053-4133266779-2418694722-500\Dc1.CAB/MulDist.ocx -> Downloader.Dyfuca.x : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067700.exe -> Downloader.IstBar : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/ysbactivex50.dll -> Downloader.IstBar.fy : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067698.exe -> Downloader.PurityScan.am : Cleaned with backup (quarantined).

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@2o7[2]3.txt -> TrackingCookie.2o7 : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@abetterinternet[2]7.txt -> TrackingCookie.Abetterinternet : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]48.txt -> TrackingCookie.Adserver : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@z1.adserver[1]49.txt -> TrackingCookie.Adserver : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]10.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]11.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@atdmt[2]12.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@bluestreak[2]14.txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@casalemedia[1]17.txt -> TrackingCookie.Casalemedia : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@doubleclick[1]20.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@doubleclick[1]21.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@as-eu.falkag[2]9.txt -> TrackingCookie.Falkag : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]25.txt -> TrackingCookie.Fastclick : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]26.txt -> TrackingCookie.Fastclick : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@fastclick[1]27.txt -> TrackingCookie.Fastclick : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@sales.liveperson[2]40.txt -> TrackingCookie.Liveperson : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]31.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]32.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@mediaplex[1]33.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@questionmarket[1]39.txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@edge.ru4[1]23.txt -> TrackingCookie.Ru4 : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@bs.serving-sys[2]15.txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]42.txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]43.txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@tribalfusion[2]44.txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Program Files\ScanSpyware v3.8.0.2\SSBackup\ssTemp.zip/john@ads.x10[1]8.txt -> TrackingCookie.X10 : Cleaned.

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067701.dll -> Trojan.Dialer.bi : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067702.exe -> Trojan.Dialer.u : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP849\A0067709.exe -> Trojan.Stervis.e : Cleaned with backup (quarantined).

 

 

::Report end

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 2:51:42 PM, on 5/25/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HPQ\One-Touch\OneTouch.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\Documents and Settings\John\Desktop\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/hho-hp-music-hpnotebook-icon

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

 

 

Thanks for your help.

Share this post


Link to post
Share on other sites

Hi,

 

* Open hijackthis, click 'config' (bottom right)

Choose the tab 'misc Tools' on top.

Choose 'delete a file on reboot'

In the field, copy and paste next:

 

C:\WINDOWS\Nail.exe

 

Click open.

Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok

Your system should reboot now.

 

After reboot, check and fix next entry in HijackThis:

 

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

 

Then post a new HijackThislog in your next reply.

Share this post


Link to post
Share on other sites

I copied and pasted the C:\WINDOWS\Nail.exe, however, upon reboot I was prompted with a message saying the file was not found. I then ran hijackthis and

 

"F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe"

 

was present so I fixed it. Here is the new log.

 

Logfile of HijackThis v1.99.1

Scan saved at 5:19:20 PM, on 5/25/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HPQ\One-Touch\OneTouch.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\John\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/hho-hp-music-hpnotebook-icon

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Share this post


Link to post
Share on other sites

Hi,

 

I copied and pasted the C:\WINDOWS\Nail.exe, however, upon reboot I was prompted with a message saying the file was not found.
Yes, that's normal that you received that error after reboot, because that entry was still present in HijackThis. Now you won't get that error anymore.

 

Your HijackThislog looks clean again - How are things now?

Share this post


Link to post
Share on other sites

My desktop background still turns to white during start up and I have Wild Tangent that somehow found it's way onto my computer. The background issue is the main problem. Also, I almost forgot, the bar across the bottom with the start menu, clock, little icons, etc. is at the top of the screen. I don't know if this is related to the background problem or not.

 

Otherwise things do seem to be running a little faster. Can I safely update to Service Pack 2 now?

Share this post


Link to post
Share on other sites

Hi, for your desktop turning white, looks like there's an active desktop component being set+related policies keeping Active desktop turned on.. so let's take a look at that first and do next:

 

Open notepad and copy and paste next bold in it:

 

regedit /e peek1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"

regedit /e peek2.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components"

type peek1.txt >> look.txt

type peek2.txt >> look.txt

del peek*.txt

start notepad look.txt

 

Save this as look.bat , choose to save as *all files and place it on your desktop.

This is how the batch should look afterwards: bat.gif

Doubleclick look.bat

Notepad will open with some txt in it. Copy and paste the contents in your next reply.

Share this post


Link to post
Share on other sites

Windows Registry Editor Version 5.00

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableRegistryTools"=dword:00000000

 

Windows Registry Editor Version 5.00

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000000

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="file:///C:/WINDOWS/Firefox%20Wallpaper.bmp"

"SubscribedURL"="file:///C:/WINDOWS/Firefox%20Wallpaper.bmp"

"FriendlyName"=""

"Flags"=dword:00002001

"Position"=hex:2c,00,00,00,12,03,00,00,17,01,00,00,ff,ff,ff,ff,ff,ff,ff,ff,e8,\

03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=dword:40000001

"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,17,01,00,00,ff,ff,ff,ff,ff,ff,\

ff,ff,01,00,00,00

"RestoredStateInfo"=hex:dc,ff,bf,00,09,48,e9,77,c8,0d,e9,77,ff,ff,ff,ff,c4,e1,\

e7,77,c4,e1,e7,77

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

"Source"="C:\\WINDOWS\\desktop.html"

"SubscribedURL"="C:\\WINDOWS\\desktop.html"

"FriendlyName"="Security"

"Flags"=dword:00006002

"Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,00,04,00,00,dd,02,00,00,ea,\

03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,00,00,00,32,00,00,00

"CurrentState"=dword:40000001

"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,00,04,00,00,dd,02,\

00,00,01,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,00,03,\

00,00,01,00,00,00

Share this post


Link to post
Share on other sites

Hi,

 

Well, you do have 2 active desktop components set. One is a malware related one and the other one is one you most probably set yourself:

file:///C:/WINDOWS/Firefox%20Wallpaper.bmp

 

So what I suggest here is removing both references. To do this, * Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab

Select "Security" you find in there and press the delete button on the right.

Hit ok below > apply in previous window.

Then do the same for "file:///C:/WINDOWS/Firefox%20Wallpaper.bmp"

 

Also, check if next file is still present and delete it:

C:\WINDOWS\desktop.html

 

As I also understand from your previous post, your system tray is at the top of your screen. If you want it back at the bottom, rightclick your taskbar, make sure that "Lock the taskbar" is unchecked and drag the taskbar back to the bottom.

 

I have Wild Tangent that somehow found it's way onto my computer
Let me know where this Wildtangent was found. Keep in mind that this comes with a lot of games. Actually Wildtangent is no real threat either, but still being flagged by a lot of scanners.

 

As from your first post:

 

-Popups are only an issue when visiting certain sites like espn. I get a popup everytime I click on a link on espn. They are usually for orbitz.
That's nothing you can do about it except for avoiding espn. Because as you say, they only appear there. Some sites do display popups, this is a fact. This doesn't mean that your system is infected.

 

By the way, is there any reason why you didn't update to Service Pack 2 yet? Keep in mind that your system is extremely vulnerable without the necessary patches.

Share this post


Link to post
Share on other sites

Wow thanks for fixing my desktop. That was so simple, but no one was ever able to give me the correct advice.

 

So am I understanding this correctly, my system tray is fine at the top of the screen? Because I kind of like it up there.

 

This laptop was not being used very much until recently and I had read that I should clean up my system before updating to Service Pack 2. So that's the reason. Should I go ahead with the updating now?

 

I cannot thank you enough for your help. Not only do things seem to be running smoothly, but I think I have a much better understanding of what I need to do to protect my system.

 

Thank You

Share this post


Link to post
Share on other sites
my system tray is fine at the top of the screen? Because I kind of like it up there
Yes, that's fine if you want to keep it at the top of your screen - many people have set this as well :)

 

Yes, please update to Service Pack 2.

 

but I think I have a much better understanding of what I need to do to protect my system.
Well, you certainly have to read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

 

Happy Surfing again! :)

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0