Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware, And I'm In Trouble, Appreciate Some Help


  • Please log in to reply
17 replies to this topic

#1 Hasbeans

Hasbeans

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 20 November 2005 - 01:15 AM

Appreciate some help.
New to computers / internet. It has taken some time to ask for help from BC but I'm here now and ready.

The problem that we have is that some how we have adware in the system. I have as advised in BC forums downloaded seach and destroy, adware, micro soft antispyware beta. and as a beginner purchased spydoctor which i realised was a Google advert in BC and not your product.

The adware has installed icons on the desktop. eg casino, find a date, ring tonnes. etc. It has also in the favourites section of internet explorer put cool stuff, travel, shopping. Online gaming, all of which I can not delete.

I'm a bit upset with this, when the two youngsters use the internet for home work some nasty type ads keep coming up. (Their not ready for type of stuff yet.)

I have run a hijackthis log. I hope It has all the info. I am working long hours at the moment and will try and log on each evening to check for instructions.

Logfile of HijackThis v1.99.1
Scan saved at 4:47:36 PM, on 20/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yraoupmvdziqbfpft.com/5Us9xY37YLkou...qmOY2nRZsz.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O2 - BHO: (no name) - {BF6E5055-D847-893A-9889-576762649B50} - C:\Documents and Settings\PATRICK\Application Data\Skip creative heart\Setup ford.exe
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SDTaskbar] C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Browse Seek] C:\DOCUME~1\PETER\APPLIC~1\LONGBA~1\pop ball comp.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: St.George Internet Banking - https://ibank.stgeorge.com.au/html/bbb11s.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe




When this is all sorted would appreciate some advice on protection.

Regards
Peter.

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:44 AM

Posted 20 November 2005 - 06:30 AM

Hi and :thumbsup: to BleepingComputer! :flowers:

My name is David Posted Image

You have what is known as a LOP infection! :trumpet:

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! :inlove:

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Posted Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Post a new HJT log and the ewido log at the end! :cool:
David

#3 Hasbeans

Hasbeans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 22 November 2005 - 03:54 AM

Hi and :thumbsup: to BleepingComputer! :flowers:

My name is David Posted Image

You have what is known as a LOP infection! :trumpet:

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! :inlove:

Please download ewido security suite it is a free version of the program.

  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Posted Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Post a new HJT log and the ewido log at the end! :cool:
David



Thanks David for the quick reply.
At least you can have a bit of a laugh, helping a poor Aussie after we lost the ashes. :)

I have done everything you instructed, ewido down load went smooth and it ran OK. It took a bit of time to complete, A lot of activity on the log?.

The HJT log is next with the ewido log last

Logfile of HijackThis v1.99.1
Scan saved at 6:53:46 PM, on 22/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\CNYHKey.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yraoupmvdziqbfpft.com/5Us9xY37YLkou...qmOY2nRZsz.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O2 - BHO: (no name) - {BF6E5055-D847-893A-9889-576762649B50} - C:\Documents and Settings\PATRICK\Application Data\Skip creative heart\Setup ford.exe
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SDTaskbar] C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Browse Seek] C:\DOCUME~1\PETER\APPLIC~1\LONGBA~1\pop ball comp.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: St.George Internet Banking - https://ibank.stgeorge.com.au/html/bbb11s.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

ewido log
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:51:00 PM, 22/11/2005
+ Report-Checksum: A68EBCD

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@counter6.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@lop[2].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\EMMA\Cookies\emma@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\3UJAJBIS\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@66.220.17[2].txt -> Spyware.Cookie.66.220.17.154 : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@ayb.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wfk4ggazeaq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wfk4qjcpggq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wfkikjdjego.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wfkiwiazeap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wfkoogc5iko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wfkospcpeho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wfkowpcjmeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wfl4qndpsco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wfl4sjajohp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wfliagc5gep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjk4apcjaao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjkyoicpkdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjl4epd5wdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjl4qjajggp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjloamcpcdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjlocmdzifq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjlogldpkho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjlowkd5ckp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjlowkd5kfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjlycoc5aho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjlyemc5obq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjlygjazchq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjmioidzmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjmisgazsho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjmycgczsap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@e-2dj6wjmywgd5mep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\GAIL\Cookies\gail@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@66.220.17[2].txt -> Spyware.Cookie.66.220.17.154 : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@ayb.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@counter6.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@e-2dj6wjl4chcpaeo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@lop[2].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\PATRICK\Cookies\patrick@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\PATRICK\Local Settings\Temporary Internet Files\Content.IE5\3PTIATFP\block-checker-xp[1].exe/2 -> Spyware.Chiem : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@66.220.17[3].txt -> Spyware.Cookie.66.220.17.154 : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@counter15.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@counter6.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@cz4.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wfk4qjcpggq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wfkoojdpmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wfliakcjakq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wfloqkdzefq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wgkiwgc5ofo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wgkysiazclp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wjl4anc5ofo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wjloclczago.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wjloendzcko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wjmiwgdpobo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wjmyclajekq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@e-2dj6wjmywkczmdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@imgserv.adbutler[2].txt -> Spyware.Cookie.Adbutler : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@ws.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\PETER\Cookies\peter@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup

Will check in tomorrow night for further instructions, that is if you have the time.

Regards
Peter

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:44 AM

Posted 22 November 2005 - 11:51 AM

Download and unzip to one folder: (create a folder for all the files - example : C:\lop and extract the files from the archive into that folder)
http://metallica.geekstogo.com/findlop.zip

Inside the folder locate findlop.bat

Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post.

Thanks

David

#5 Hasbeans

Hasbeans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 22 November 2005 - 03:35 PM

Davis as requested

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AA8B53E69184C82E.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\patrick\applic~1\longba~1\WAIT HECK INSIDE.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'PATRICK'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/22/2005 16:00:00
NextRun: 11/23/2005 8:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/07/1998
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AC67B79191842A81.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\emma\applic~1\longba~1\WAIT HECK INSIDE.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'EMMA'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/22/2005 17:00:00
NextRun: 11/23/2005 8:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/05/1998
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AF37C84391847A47.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\gail\applic~1\longba~1\WAIT HECK INSIDE.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'GAIL'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/20/2005 21:00:00
NextRun: 11/23/2005 8:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/15/1997
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'B124715691ABE14E.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\peter\applic~1\longba~1\WAIT HECK INSIDE.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'PETER'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/22/2005 20:00:00
NextRun: 11/23/2005 8:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/27/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:44 AM

Posted 22 November 2005 - 03:46 PM

Download killbox from here:

KillBox

Unzip the folder to your desktop.

1. Start Killbox.exe
2. Select the Delete on Reboot option.
3. Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

c:\docume~1\patrick\applic~1\longba~1\WAIT HECK INSIDE.exe
c:\docume~1\emma\applic~1\longba~1\WAIT HECK INSIDE.exe
c:\docume~1\gail\applic~1\longba~1\WAIT HECK INSIDE.exe
c:\docume~1\peter\applic~1\longba~1\WAIT HECK INSIDE.exe


4. Go to the File menu of Killbox, and choose Paste from Clipboard.
5. Click the Delete File button that is a red-and-white X. When asked if you want to delete these files say Yes. When asked if you want to reboot now, say No.
6. Exit Killbox.
______________

Reboot and post new HJT log
David

#7 Hasbeans

Hasbeans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 23 November 2005 - 01:42 AM

David,
I am still keeping up and appreciate the help. everything requested with kill box worked. Rebooted computer and here is the new HTL.

I will get up early EST Australian time as I noticed you have been active in your evening.

Logfile of HijackThis v1.99.1
Scan saved at 5:35:07 PM, on 23/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yraoupmvdziqbfpft.com/5Us9xY37YLkou...qmOY2nRZsz.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O2 - BHO: (no name) - {BF6E5055-D847-893A-9889-576762649B50} - C:\Documents and Settings\PATRICK\Application Data\Skip creative heart\Setup ford.exe
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SDTaskbar] C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Browse Seek] C:\DOCUME~1\PETER\APPLIC~1\LONGBA~1\pop ball comp.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: St.George Internet Banking - https://ibank.stgeorge.com.au/html/bbb11s.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:44 AM

Posted 23 November 2005 - 12:20 PM

Hmm, it's still there, this will show it all up though:
Click Here to do a Panda online scan
  • If it asks you install active x controls click Yes
  • if a box comes up telling you to install the program also click Yes
  • Make sure you tick Disinfect automatically under Scan Options
  • complete the scan and post the log that you can save afterwards in the same way you did the HJT log.
  • It is normal for it to take a reasonable time to complete
David

#9 Hasbeans

Hasbeans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 23 November 2005 - 03:00 PM

David,
had a bit of trouble with this one.
downloaded and run active scan. I could not find scan options,or select disinfect automatically.
The scan run but in the log there was nothing disinfected. I must be doing something wrong.

Here is the log

Incident Status Location

Adware:Adware/Lop Not desinfected c:\docume~1\peter\applic~1\longba~1\popbal~1.exe
Adware:adware/block-checker Not desinfected Windows Registry
Possible Virus. Not desinfected C:\!KillBox\WAIT HECK INSIDE.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\01 Bits.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Axis shim.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\bib thunk.exe
Possible Virus. Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Bikesurf.exe
Possible Virus. Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Blue Defy.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Boobteam.exe
Possible Virus. Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\browse wave.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\City chic.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\creative warn.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Curb Extra.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\DATE BLEH.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Deaf pop.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\DefaultPing.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Dent More.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\DOWNLOAD MAPI.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\DumbGlobal.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\EggsCoal.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Enc wave.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\FIRST MESS.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\ford drv.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\funk size.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Global Safe.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\gluedraw.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\IsoSixth.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\List Dent.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\media axis.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Metaiso.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\MpegSend.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\RDR KIND.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Remote Vga.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\stop scr.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Stupid Thunk.exe
Possible Virus. Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\surfaxis.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Test 2.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Test Load.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\THATSUPPORT.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam\Trans save.exe
Possible Virus. Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\bleh sixth obj great.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\ckmshtnp.exe
Possible Virus. Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\epotacps.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\gisacwxf.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\irxlyqop.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\jctbzvhm.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\klwpwcos.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\llqoejns.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\pop ball comp.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\pyljamwv.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\qlwbqbfh.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\qmbupiwj.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\rcitunna.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\tivpucgx.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\txelimxx.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\ukfxsvvm.exe
Possible Virus. Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\uwqqmszs.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\ybywopgi.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS\zcxrnkpu.exe
Possible Virus. Not desinfected C:\Documents and Settings\EMMA\Application Data\Skip creative heart\Setup ford.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\2954a.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\2bf552.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\ae52ca69.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\ae52ca7e.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\ae557153.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\atonbqhc.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\btxqyebe.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\dbdvuxub.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\dtdxizgs.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\jozlaxki.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\ktxazhhj.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\oeuyhkyu.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\omlghkbv.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\pcuhchad.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\poqlzjcf.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\sgfbxsjf.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\sta3.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\sta4.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\tlhsxhyz.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temp\yzjxdudg.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\I3A9CBEN\upAYB_unk[1].int
Possible Virus. Not desinfected C:\Documents and Settings\GAIL\Application Data\LONGBARBEGGS\bleh sixth obj great.exe
Possible Virus. Not desinfected C:\Documents and Settings\GAIL\Application Data\LONGBARBEGGS\fiauxqkk.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\GAIL\Application Data\LONGBARBEGGS\pop ball comp.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\GAIL\Application Data\LONGBARBEGGS\sylupydu.exe
Possible Virus. Not desinfected C:\Documents and Settings\GAIL\Application Data\Skip creative heart\Setup ford.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\GAIL\Local Settings\Temp\ae4da89f.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\GAIL\Local Settings\Temp\sgniqjqr.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\GAIL\Local Settings\Temp\sta3.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\GAIL\Local Settings\Temporary Internet Files\Content.IE5\BZLZVPSW\newpass2[1].htm
Adware:Adware/Lop Not desinfected C:\Documents and Settings\GAIL\Local Settings\Temporary Internet Files\Content.IE5\UN9YUGCP\newpass2[1].htm
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS\atjhfwow.exe
Possible Virus. Not desinfected C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS\bleh sixth obj great.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS\bnukvnyw.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS\ibudzpyd.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS\jdetyoev.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS\kgbsmakt.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS\kjajuzou.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS\ldasfmgj.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS\npwrwbrb.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS\pop ball comp.exe
Possible Virus. Not desinfected C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS\yvqfjotk.exe
Possible Virus. Not desinfected C:\Documents and Settings\PATRICK\Application Data\Skip creative heart\Setup ford.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\72c2f9.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\82dd.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\ae524196.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\bisA.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\dkofjdkc.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\effmeqnq.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\fajqtnhf.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\Inside Program.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\mcdmtfzh.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\npbxenpl.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\qtijfyry.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\sta3.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\tzsviwqp.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\umkfrgqy.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PATRICK\Local Settings\Temp\zceihvgm.exe
Possible Virus. Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\bleh sixth obj great.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\bllbqdgs.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\bnzogjob.exe
Possible Virus. Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\crejdvrx.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\glzwdkfj.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\igostban.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\jrlrcdzs.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\mjljwpeo.exe
Possible Virus. Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\nsmksdod.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\odmbgavt.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\pop ball comp.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\pvmssuzu.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\qkbsiuhn.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\tazflwxh.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\tnejhjkl.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\vfoobsts.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\viawghpi.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS\xirtrvcm.exe
Possible Virus. Not desinfected C:\Documents and Settings\PETER\Application Data\Skip creative heart\Setup ford.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\1156d4.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\13d1fc.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\14918d.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\1497f8.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\16936d.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\1e8102.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\28eed.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\48b1a2.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\a083c.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\ae1968b2.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\aizgqbhr.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\avjjyfth.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\bczjjnbt.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\bfibyppj.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\cokintis.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\dlpxcflt.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\iakprphq.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\jbjpwkik.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\lbjrdudb.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\lshjyigo.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\obdcjoww.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\rdzprqhk.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\sta8.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\temp.fr9273
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\wbrqjobx.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\PETER\Local Settings\Temp\zovfwpyd.exe

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:44 AM

Posted 23 November 2005 - 03:20 PM

Make sure that you can see hidden files (Windows XP).
  • Click "Start".
  • Click "My Computer".
  • Select the "Tools" menu and click "Folder Options".
  • Select the "View" tab.
  • Under the "Hidden files and folders" heading, select "Show hidden files and folders".
  • Uncheck the "Hide protected operating system files (recommended)" option.
  • Click "Yes" to confirm.
  • Uncheck the "Hide file extensions for known file types".
  • Click "OK".

Print these instructions off

Boot to safe mode

Find and manually delete these folders:

C:\Documents and Settings\All Users\Application Data\Acid Platform Bike Spam
C:\Documents and Settings\EMMA\Application Data\LONGBARBEGGS
C:\Documents and Settings\EMMA\Application Data\Skip creative heart
C:\Documents and Settings\GAIL\Application Data\LONGBARBEGGS
C:\Documents and Settings\GAIL\Application Data\Skip creative heart
C:\Documents and Settings\PATRICK\Application Data\LONGBARBEGGS
C:\Documents and Settings\PETER\Application Data\LONGBARBEGGS

Boot back to normal mode

Download CleanUp!
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.
Run Panda again and post the log with a HJT log

David

#11 Hasbeans

Hasbeans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 24 November 2005 - 02:45 AM

David,
The computer is starting to look and run like the one we purchased.

All files deleted as directed in safe mode. In Peter and Patricks application folders there was skip creative heart, I also deleted these as they were the same as the others.
Download of cleanup complete, a lot of temp files deleted. All except 2. As you will see in the Panda log it looks like the adware was one.
You are obviosley getting close to the kill.

PANDA LOG

Incident Status Location

Adware:adware/block-checker Not desinfected Windows Registry
Possible Virus. Not desinfected C:\!KillBox\WAIT HECK INSIDE.exe HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 6:40:41 PM, on 24/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yraoupmvdziqbfpft.com/5Us9xY37YLkou...qmOY2nRZsz.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O2 - BHO: (no name) - {BF6E5055-D847-893A-9889-576762649B50} - C:\Documents and Settings\PATRICK\Application Data\Skip creative heart\Setup ford.exe (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SDTaskbar] C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Browse Seek] C:\DOCUME~1\PETER\APPLIC~1\LONGBA~1\pop ball comp.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: St.George Internet Banking - https://ibank.stgeorge.com.au/html/bbb11s.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:44 AM

Posted 24 November 2005 - 01:31 PM

Find and delete this folder in safe mode:

C:\DOCUME~1\PETER\APPLIC~1\LONGBA~1

Fix this with HijackThis

O4 - HKCU\..\Run: [Browse Seek] C:\DOCUME~1\PETER\APPLIC~1\LONGBA~1

Boot back to normal mode and post new panda log

David

#13 Hasbeans

Hasbeans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 24 November 2005 - 03:07 PM

David,

rebooted in safe mode after checking show hidden files was selected.
Could not find Longbarbeggs in Peter or any other users folder.

Deleted using HJT the 04HKCU...

Run Panda and hJT and here are the logs

Panda

Incident Status Location

Adware:adware/block-checker Not desinfected Windows Registry
Adware:Adware/Lop Not desinfected C:\!KillBox\WAIT HECK INSIDE.exe Logfile of HijackThis v1.99.1
Scan saved at 7:05:10 AM, on 25/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yraoupmvdziqbfpft.com/5Us9xY37YLkou...qmOY2nRZsz.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O2 - BHO: (no name) - {BF6E5055-D847-893A-9889-576762649B50} - C:\Documents and Settings\PATRICK\Application Data\Skip creative heart\Setup ford.exe (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SDTaskbar] C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: St.George Internet Banking - https://ibank.stgeorge.com.au/html/bbb11s.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:44 AM

Posted 24 November 2005 - 04:35 PM

With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yraoupmvdziqbfpft.com/5Us9xY37YLkou...qmOY2nRZsz.html
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {BF6E5055-D847-893A-9889-576762649B50} - C:\Documents and Settings\PATRICK\Application Data\Skip creative heart\Setup ford.exe (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


Download Blockrem from http://www.atribune.org/downloads/blockrem.zip

-Unzip it to its own folder on your desktop.
-Boot your computer to safe mode by rebooting and tapping the F8 button repeatedly until it brings up a boot menu.
-From that menu, select Safe Mode by using the arrow keys to highlight it then pressing enter.
-Once in safe mode open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it.
-Once it is running please follow the onscreen instructions.
-Reboot and post a HijackThis log.

David

Edited by D-Trojanator, 24 November 2005 - 04:36 PM.


#15 Hasbeans

Hasbeans
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 25 November 2005 - 02:28 AM

David,
all instructions carried out and here is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 6:21:00 PM, on 25/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SDTaskbar] C:\Program Files\Screendragon VS4\VS4 Taskbar.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: St.George Internet Banking - https://ibank.stgeorge.com.au/html/bbb11s.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users