Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis Log


  • Please log in to reply
38 replies to this topic

#1 Lo Fat

Lo Fat

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 30 June 2005 - 04:39 PM

I'm on 56k but every time i connect i only connect at 28800 bps...happened a few days ago when i was disconnected and then my computer started dialing with out me telling it to do so...I restarted it immediately...

Logfile of HijackThis v1.99.1
Scan saved at 4:35:28 PM, on 6/30/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\YSIGET\YSIGET.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRAM FILES\MYIE2\MYIE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Startup: YSIGet.lnk = C:\Program Files\YSIGet\YSIGet.exe
O8 - Extra context menu item: Search - c:\WINDOWS\PCHEALTH\HELPCTR\System\Search.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {C4A8A4DA-BD3F-4DEB-9BBB-5B6BD3571EC7} (CDKeyCtl Class) - http://www.cdkey-promotions.com/download/CDKey.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

BC AdBot (Login to Remove)

 


m

#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:41 PM

Posted 01 July 2005 - 08:21 PM

If you still need help, could you post a fresh log please?

#3 Lo Fat

Lo Fat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 01 July 2005 - 11:11 PM

yes i do...

Logfile of HijackThis v1.99.1
Scan saved at 11:07:45 PM, on 7/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MYIE2\MYIE.EXE
C:\PROGRAM FILES\YSIGET\YSIGET.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\WUAUBOOT.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Search - c:\WINDOWS\PCHEALTH\HELPCTR\System\Search.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {C4A8A4DA-BD3F-4DEB-9BBB-5B6BD3571EC7} (CDKeyCtl Class) - http://www.cdkey-promotions.com/download/CDKey.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:41 PM

Posted 02 July 2005 - 09:49 AM

I don't see anything dilaers in your log. You should set your system to not autodial when requested though...I think these are the directions for your OS, but I have not used ME in a while. If they don't work, let me know.

Then, let's start with the basics.
Please confirm that you have run the following scans or run them now. Save any logs that you generate - we may need them later. Also, please provide me with a description of the problem you are experiencing. Before you ask for help read this.

Anti-spyware

Please download, update and run (one at a time of course!) Spybot Search & Destroy v1.4and Ad-aware SE v1.06. Fix whatever they suggest.

If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer.

Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.


Anti-trojan
Please download, update and run the A2 (A squared) anti-trojan. You can download it free at http://www.emsisoft.com/en/software/free/ . Let it fix whatever it wants to.


Anti-virus

Also, run this pc through the Panda Scan Online virus scanner.
Online Virus Scanners FAQ


Next, please reboot & post a fresh HijackThis log. If you have any problems with one part of this instruction make a note of it and continue onto the next section. Let me know any problems in your next post.

#5 Lo Fat

Lo Fat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 03 July 2005 - 01:55 AM

wow that took a long time...panda took 8-9 hours to finish but it did find 4500+ infected files...

adaware ran perfectly...

a2 ran perfectly...

spybot stopped scanning at 6874/22000...but it did fix coolWWWsearch and that was the only thing it found.

okay...so the problem is that when i connect to the internet i connect at 28800bps rather than the normal 50667bps. I can tell there is a difference in the way it dials. It's hard to explain but i know that it's different than normal.

and heres the fresh HJT log...
Logfile of HijackThis v1.99.1
Scan saved at 1:53:05 AM, on 7/3/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\A2\A2GUARD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MYIE2\MYIE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\WUAUBOOT.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Search - c:\WINDOWS\PCHEALTH\HELPCTR\System\Search.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {C4A8A4DA-BD3F-4DEB-9BBB-5B6BD3571EC7} (CDKeyCtl Class) - http://www.cdkey-promotions.com/download/CDKey.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:41 PM

Posted 03 July 2005 - 10:00 AM

I understand what you are saying... I just want to make sure we have cleaned out everything before we tackle the modem issue.

I'd like you to create a new restore point now, so that we don't lose ground if something doesn't go quite right.

Have you looked at your modem properties? It's been ages since I have used dialup, but there is a way to check connection setting. Do you know where to check that? I can research and find the directions if you need it. In fact, you should check all of the properties just to make sure it isn't dialing some where that it isn't supposed to be.

You should remove these two lines with HJT:
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)

#7 Lo Fat

Lo Fat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 03 July 2005 - 01:37 PM

I tried creating a system restore point, but it says i need to have 200 mb to to make system restore active. Even though i have 7 GB of Free space...

I took a look at the modem properties in the control panel, and everything seems to be right...

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:41 PM

Posted 03 July 2005 - 01:58 PM

Ok, boot into safe mode, generate a HJT log, then reboot, and post that log. Sometimes a log in safe mode wll show us things it won't in normal mode.

#9 Lo Fat

Lo Fat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 03 July 2005 - 03:08 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:46:22 PM, on 7/3/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Search - c:\WINDOWS\PCHEALTH\HELPCTR\System\Search.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {C4A8A4DA-BD3F-4DEB-9BBB-5B6BD3571EC7} (CDKeyCtl Class) - http://www.cdkey-promotions.com/download/CDKey.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:41 PM

Posted 04 July 2005 - 11:03 AM

I don't see anything in your log at all. I know that nagging feeling that something just isn't quite right though. The last thing I can suggest is to run Adaware SE, and let me see the log from it. If that doesn't show anything, then I would be inclined to think that it is a system setting that is screwy.

#11 Lo Fat

Lo Fat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 04 July 2005 - 11:18 PM

i ran it completely, but it froze at the quarantine when it was done....

Ad-Aware SE Build 1.05
Logfile Created on:Monday, July 04, 2005 10:16:20 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):4 total references
ClickSpring(TAC index:6):4 total references
CoolWebSearch(TAC index:10):14 total references
DealHelper(TAC index:7):16 total references
DyFuCA(TAC index:3):10 total references
eAcceleration(TAC index:7):1 total references
IBIS Toolbar(TAC index:5):13 total references
istbar(TAC index:7):26 total references
MediaMotor(TAC index:8):5 total references
MemoryMeter(TAC index:5):3 total references
MRU List(TAC index:0):28 total references
MSView(TAC index:10):2 total references
Possible Browser Hijack attempt(TAC index:3):65 total references
Powerscan(TAC index:5):8 total references
SahAgent(TAC index:9):28 total references
SideFind(TAC index:5):22 total references
Tracking Cookie(TAC index:3):43 total references
Win32.Delf.Trojan.A(TAC index:8):2 total references
Windows(TAC index:3):1 total references
WindUpdates(TAC index:8):15 total references
YourSiteBar(TAC index:6):12 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-4-2005 10:16:20 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291784563
Threads : 6
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294911111
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294934835
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294946843
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:5 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294963939
Threads : 22
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:6 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294791271
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE

#:7 [REALSCHED.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
ProcessID : 4294779999
Threads : 2
Priority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:8 [WINAMPA.EXE]
FilePath : C:\PROGRAM FILES\WINAMP\
ProcessID : 4294785847
Threads : 1
Priority : Normal


#:9 [AVGCTRL.EXE]
FilePath : C:\PROGRAM FILES\AVPERSONAL\
ProcessID : 4294825419
Threads : 3
Priority : Normal


#:10 [A2GUARD.EXE]
FilePath : C:\PROGRAM FILES\A2\
ProcessID : 4294712543
Threads : 10
Priority : Normal


#:11 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294740951
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe

#:12 [TEATIMER.EXE]
FilePath : C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\
ProcessID : 4294667511
Threads : 3
Priority : Idle
FileVersion : 1, 4, 0, 2
ProductVersion : 1, 4, 0, 3
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:13 [GETRIGHT.EXE]
FilePath : C:\PROGRAM FILES\GETRIGHT\
ProcessID : 4294602099
Threads : 2
Priority : Normal
FileVersion : 5.1
ProductVersion : 5.1
ProductName : GetRight
CompanyName : Headlight Software, Inc.
FileDescription : GetRight® www.getright.com
InternalName : GETRIGHT
LegalCopyright : Copyright © 1997-2004 Headlight Software, Inc.
LegalTrademarks : "GetRight" and the GetRight "arrows around a globe" logo are registered trademarks of Headlight Software
OriginalFilename : GETRIGHT.EXE
Comments : GetRight® was designed and developed by Michael J Burford.

#:14 [GETRIGHT.EXE]
FilePath : C:\PROGRAM FILES\GETRIGHT\
ProcessID : 4294638115
Threads : 1
Priority : Normal
FileVersion : 5.1
ProductVersion : 5.1
ProductName : GetRight
CompanyName : Headlight Software, Inc.
FileDescription : GetRight® www.getright.com
InternalName : GETRIGHT
LegalCopyright : Copyright © 1997-2004 Headlight Software, Inc.
LegalTrademarks : "GetRight" and the GetRight "arrows around a globe" logo are registered trademarks of Headlight Software
OriginalFilename : GETRIGHT.EXE
Comments : GetRight® was designed and developed by Michael J Burford.

#:15 [YMSGR_TRAY.EXE]
FilePath : C:\PROGRAM FILES\YAHOO!\MESSENGER\
ProcessID : 4294589427
Threads : 1
Priority : Normal


#:16 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294659907
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dhp.popup.1

DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dhp.popup.1
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{842c48f3-9928-4617-be20-2cb6039aaf46}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ysb.ysbobj.1

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ysb.ysbobj.1
Value :

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ysb.ysbobj

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ysb.ysbobj
Value :

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e0ce16cb-741c-4b24-8d04-a817856e07f4}

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : iobjsafety.democtl

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : iobjsafety.democtl
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper.1

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper.1
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder.1

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder.1
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da}

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaaccess.installer

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaaccess.installer
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value :

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value : AppID

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe
Value : AppID

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}
Value :

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}
Value :

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist
Value : InstallDate

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist
Value : config

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist
Value : NeverISTsvc

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist
Value : referer

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring
Value : UUID

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring
Value : PID

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : KeyExistNai

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : EulaDate

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : EulaStatus

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : InstallLocation

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : InstPath

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundleKey

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundlePackage

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PrefsServer

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PrefsPath

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : iniName

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PackageLocation

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PackageName

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PrefsXML

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : CookieUserAgent

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BrowserType

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundleProgress

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : CountKey

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : UniqueBundleKey

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : UniqueBundleID

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : GUID

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : CountStart

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : CountCab

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind
Value : webautosearch

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind
Value : shoppingautosearch

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : account_id

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : InstallDate

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{86227D9C-0EFE-4f8a-AA55-30386A3F5686}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\toolbar\webbrowser
Value : {86227D9C-0EFE-4f8a-AA55-30386A3F5686}

Powerscan Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "account_id"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\powerscan
Value : account_id

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "gUpdate"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : gUpdate

Powerscan Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "LoadNum"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\powerscan
Value : LoadNum

Windows Object Recognized!
Type : RegData
Data : "regedit.exe" "%1"
Category : Vulnerability
Comment : Possible virus infection, REG file extension compromised
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : "regedit.exe" "%1"

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 88
Objects found so far: 88


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : InstallDate

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : InstallLocation

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : InstallSource

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : DisplayVersion

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : VersionMajor

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : VersionMinor

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : URLUpdateInfo

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync "http://www.dealhelper.com/"
Category : Vulnerability
Comment : (http://www.dealhelper.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync
Value : Contact

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com"
Category : Vulnerability
Comment : (http://www.ysbweb.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com"
Category : Vulnerability
Comment : (http://www.ysbweb.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com"
Category : Vulnerability
Comment : (http://www.ysbweb.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com"
Category : Vulnerability
Comment : (http://www.ysbweb.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com"
Category : Vulnerability
Comment : (http://www.ysbweb.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
Value : HelpLink
Possible Browser Hijack attempt : {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D}

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D}
Value : SystemComponent

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D}
Value : Installer

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 22
Objects found so far: 110


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@goclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@goclick.com/
Expires : 12-31-2009 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@sextracker[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:default@sextracker.com/
Expires : 7-1-2005 3:37:42 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@counter12.sextracker[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@counter12.sextracker.com/
Expires : 6-29-2005 8:13:16 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@centrport[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@centrport.net/
Expires : 12-31-2029 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@qksrv[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@qksrv.net/
Expires : 6-26-2010 4:48:30 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@zedo[3].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:default@zedo.com/
Expires : 6-26-2015 2:05:54 AM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@real[3].txt
Category : Data Miner
Comment : Hits:16
Value : Cookie:default@real.com/
Expires : 11-21-2005 9:35:56 AM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@servedby.advertising.com/
Expires : 7-29-2005 8:08:04 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@mediaplex[2].txt
Category : Data Miner
Comment : Hits:46
Value : Cookie:default@mediaplex.com/
Expires : 6-21-2009 7:00:00 PM
LastSync : Hits:46
UseCount : 0
Hits : 46

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[1].txt
Category : Data Miner
Comment : Hits:87
Value : Cookie:default@2o7.net/
Expires : 6-29-2010 7:28:00 AM
LastSync : Hits:87
UseCount : 0
Hits : 87

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@counter9.sextracker[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@counter9.sextracker.com/
Expires : 6-30-2005 8:37:42 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@sexlist[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@sexlist.com/
Expires : 6-30-2006 4:38:10 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@statcounter[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@statcounter.com/
Expires : 6-27-2010 12:00:58 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[3].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:default@atdmt.com/
Expires : 6-26-2010 7:00:00 PM
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@maxserving[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@maxserving.com/
Expires : 6-27-2015 8:25:54 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@targetnet[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@targetnet.com/
Expires : 5-17-2033 10:33:20 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@valueclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@valueclick.net/
Expires : 6-23-2030 8:06:56 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@mv.valueclick[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@mv.valueclick.net/
Expires : 12-26-2005 8:11:32 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@apmebf[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@apmebf.com/
Expires : 6-26-2010 4:48:28 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@xxxcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@xxxcounter.com/
Expires : 6-30-2005 2:49:56 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@casalemedia.com/
Expires : 6-20-2006 9:59:34 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bravenet[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:default@bravenet.com/
Expires : 6-28-2015 8:53:16 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ehg-foxsports.hitbox[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@ehg-foxsports.hitbox.com/
Expires : 6-30-2006 3:25:16 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cs.sexcounter[2].txt
Category : Data Miner
Comment : Hits:28
Value : Cookie:default@cs.sexcounter.com/
Expires : 5-12-2024 1:07:28 PM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ads.addynamix[3].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@ads.addynamix.com/
Expires : 7-1-2005 4:50:34 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@trafficmp[3].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:default@trafficmp.com/
Expires : 6-29-2006 8:14:20 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[2].txt
Ca

#12 Lo Fat

Lo Fat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 05 July 2005 - 04:25 PM

oops guess it was a little too long for one post....

here's the .txt file...
http://s23.yousendit.com/d.aspx?id=2Q1MXHD...EP0KFMOL58HSFKZ

#13 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:41 PM

Posted 05 July 2005 - 05:03 PM

Holy carp!! That's a mighty large log. :thumbsup:

Run Adaware again, and see how much is left. All it takes is one piece of malware to choke your connection, and judging by the size of that log, it's quite possible that there are still bits on your system.

Make sure to disable Tea Timer first, otherwise it will block Adaware from fixing anything. If you had it running last time, I would bet that you still have a bunch of garbage on there. Then let me see the new Adaware log.

#14 Lo Fat

Lo Fat
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 05 July 2005 - 06:51 PM

well, i disabled teatimer, but still it froze....I get stuck right here...
http://s5.yousendit.com/d.aspx?id=28A8MIU0EKHIG3Q812L47XERN3

edit: forgot the log....
http://s4.yousendit.com/d.aspx?id=2I16AVQ7O4PZ50PJWN40Y7NPX1

Edited by Lo Fat, 05 July 2005 - 07:09 PM.


#15 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:41 PM

Posted 05 July 2005 - 08:08 PM

What I am guessing is probably happening is that there is so much garbage in your system that it is choking. I just had a thought though. I have had systems that have had so much malware on them that when it got to the quarantine stage, it took nearly an hour to complete. I had to walk away and leave it. I have also had applications like PandaScan take 12 hours to complete on really infected systems. I have had others claim it has taken nearly 24 hours. If you have not tried running it in safe mode, run it again, and just let it go over night. The other alternatives are to try Spybot, or A-Squared, or Ewido, but all of them are going to take a long time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users