Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Is Infected With Adware, Malware And A Virus Of Some Sort


  • This topic is locked This topic is locked
4 replies to this topic

#1 donnakin

donnakin

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 12 August 2007 - 07:11 PM

here is my highjacklog for my advertec laptop computer have windows xp home edition on it also.

I have avast antivirus on it also ran a log but cannot figure how to copy a log from it. I also have super adware installed too. Thanks for any help i can get .


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:01 PM, on 8/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\temp\salm.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ynfxnph\Qfrv.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\COMMON~1\irwz\irwzm.exe
C:\Program Files\Common Files\Motive\BellSouthBrowser.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [pyx] C:\WINDOWS\pyx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bmeuzpb] C:\Program Files\Ynfxnph\Qfrv.exe
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\BellSouthBrowser.exe" /hidden
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [AOLDeskbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Deskbar"
O4 - HKLM\..\RunOnce: [AOLToolbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Toolbar"
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [irwz] C:\PROGRA~1\COMMON~1\irwz\irwzm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Download...Bridge-c139.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe

--
End of file - 9339 bytes

BC AdBot (Login to Remove)

 


m

#2 donnakin

donnakin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 12 August 2007 - 08:04 PM

Here is my superantispyware log not sure if you need it but here it is.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/12/2007 at 07:37 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Quick Scan
Total Scan Time : 00:15:57

Memory items scanned : 472
Memory threats detected : 5
Registry items scanned : 646
Registry threats detected : 139
File items scanned : 8010
File threats detected : 16

Admilli Components
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE

Adware.Avenue Media/Internet Optimizer
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32#ThreadingModel
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\Programmable
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID
HKCR\DyFuCA_BH.BHObj
HKCR\DyFuCA_BH.BHObj\CLSID
HKCR\DyFuCA_BH.BHObj\CurVer
HKCR\DyFuCA_BH.BHObj.1
HKCR\DyFuCA_BH.BHObj.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#Comment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#DComment
HKU\S-1-5-21-1031426968-1432030786-571071867-1007\Software\Avenue Media
HKLM\Software\Avenue Media
HKLM\Software\Avenue Media\Internet Optimizer
HKLM\Software\Avenue Media\Internet Optimizer#TargetDir
HKLM\Software\Avenue Media\Internet Optimizer#CLS
HKLM\Software\Avenue Media\Internet Optimizer#RID
HKLM\Software\Avenue Media\Internet Optimizer#Version
HKLM\Software\Avenue Media\Internet Optimizer#TAC
HKLM\Software\Avenue Media\Internet Optimizer#ServerVisited
HKLM\Software\Avenue Media\Internet Optimizer#UpdateInterval
HKLM\Software\Avenue Media\Internet Optimizer#ID
HKLM\Software\Avenue Media\Internet Optimizer#InstallT
HKLM\Software\Avenue Media\Internet Optimizer#remember[LLT]
HKLM\Software\Avenue Media\Internet Optimizer#Conn
HKLM\Software\Avenue Media\Internet Optimizer#403
HKLM\Software\Avenue Media\Internet Optimizer#404
HKLM\Software\Avenue Media\Internet Optimizer#410
HKLM\Software\Avenue Media\Internet Optimizer#500
HKLM\Software\Avenue Media\Internet Optimizer#PendingRemoval
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Version
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Target
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\anything
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Version
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#ModuleFileName
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Options
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#RawData
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Data
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Options
HKLM\Software\Avenue Media\Internet Optimizer\WSE#ModuleFileName
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1443
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1442
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1440
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19988
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19992
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1547
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19981
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20492
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21913
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1437
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI17492
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18293
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI954
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22802
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19994
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19967
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16707
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1466
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20079
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI683
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16458
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI837
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI507914
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2481
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19991
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534481
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534473
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI509469
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#Version
HKU\S-1-5-21-1031426968-1432030786-571071867-1007\SOFTWARE\Policies\Avenue Media
HKLM\SOFTWARE\Policies\Avenue Media
HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}
HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid
HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid32
HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib
HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib#Version
HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}
HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0
HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0
HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32
HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS
HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR
C:\Program Files\Internet Optimizer\trz237.tmp
C:\Program Files\Internet Optimizer\trz238.tmp
C:\Program Files\Internet Optimizer\update
C:\Program Files\Internet Optimizer
HKU\S-1-5-21-1031426968-1432030786-571071867-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
C:\WINDOWS\Prefetch\ACTALERT.EXE-0F7D82FB.pf

Adware.MyWebSearch
C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Donna Carver\cookies\donna carver@ad.yieldmanager[1].txt
C:\Documents and Settings\Donna Carver\cookies\donna carver@mywebsearch[2].txt

BHObj Class BHO
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32#ThreadingModel
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\ProgID
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\Programmable
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\VersionIndependentProgID

Trojan.Search Variant
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\InprocServer32
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\InprocServer32#ThreadingModel
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\ProgID
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\Programmable
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\TypeLib
HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\VersionIndependentProgID

Adware.TargetSavers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#UninstallString

Adware.180solutions/Search Assistant
C:\TEMP\TRZ250.TMP
C:\TEMP\TRZ251.TMP
C:\WINDOWS\TEMP\_AVAST4_\UNP197998163.TMP
C:\WINDOWS\TEMP\_AVAST4_\UNP209607335.TMP

Edited by donnakin, 12 August 2007 - 08:06 PM.


#3 donnakin

donnakin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 13 August 2007 - 08:34 AM

bump still need some help please.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:45 AM

Posted 22 August 2007 - 09:55 PM

Hello donnakin,

Welcome to the BleepingComputer Forums.
Since it has been a few days, please post a new HijackThis log.
Thank you for your patience.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:45 AM

Posted 29 August 2007 - 09:17 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users