Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Removing Home Search Assistant


  • Please log in to reply
6 replies to this topic

#1 burdel

burdel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 16 December 2005 - 01:53 PM

I would appreciate any help in removing this hijack program Home Search Assistant. This is my Hijackthis log.

Thanks



Logfile of HijackThis v1.99.1
Scan saved at 12:28:13 PM, on 12/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\netlf.exe
C:\WINDOWS\ntpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Search\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ftotk.dll/sp.html#17702%everything4find.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ftotk.dll/sp.html#17702%everything4find.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ftotk.dll/sp.html#17702%everything4find.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ftotk.dll/sp.html#17702%everything4find.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ftotk.dll/sp.html#17702%everything4find.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ftotk.dll/sp.html#17702%everything4find.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Class - {9B3F0CB4-2255-5C21-D453-28516A995A1D} - C:\WINDOWS\crpt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [netlf.exe] C:\WINDOWS\system32\netlf.exe
O4 - HKLM\..\RunOnce: [ntpl.exe] C:\WINDOWS\ntpl.exe
O4 - HKLM\..\RunOnce: [appix32.exe] C:\WINDOWS\appix32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124379259906
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

BC AdBot (Login to Remove)

 


m

#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 17 December 2005 - 05:14 PM

DownLoad http://www.spywareinfo.com/~merijn/files/cwshredder.zip
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"


Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 burdel

burdel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 18 December 2005 - 07:37 AM

Thank you for your response!! Here are the two logs that I ran.

Hijackthis log;

Logfile of HijackThis v1.99.1
Scan saved at 7:30:27 AM, on 12/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Search\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124379259906
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...650/mcfscan.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe


ewido security suite - Scan report


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:26:52 AM, 12/18/2005
+ Report-Checksum: 2861B625

+ Scan result:

C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfk4chc5seq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfk4clcpkcp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfk4cpdjwko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfk4endpibq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfkiahc5kdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfkikidjmep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfkikocjgcp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfkokgcjklo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfkokmczkgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfkowlazwdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfkykkcjgep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfl4ood5ckq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfliajczcgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfliggdzobo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfliqkazsco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfloclcpmfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfloqkdzacq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wflosgcpggp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wfmiuidpogo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wgk4qmdjkho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wgkigpazigp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wgkiqlcpmao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wgkoandzcho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wgkocpdjclp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wgkyemazgfo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wgkykkcjafo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wgkywmcjieo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjk4elc5sep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjk4khdzghq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjk4qmdzkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjk4shczeaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkocpczeho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkoendjglo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkoepcjsbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkoglcpeko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkokmajkco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkoqldjkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkowlczwlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkowocpwep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkyclczobp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkyekajkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkyghczmap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkykodpkho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkyokcjikp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkyqpajsdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkyuid5ckp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjkyulajibo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjl4gidpkgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjl4glc5geo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjl4kiajafq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjl4qgazkeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjl4qpcjglo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjl4ugdpscq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjl4uiczwfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjl4widzkdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjlicgdjkkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjliggdjmdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjliogazmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjlogmcpwap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjlokocjwbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjloooajobo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjloqiazaap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjlosiazsfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjlosmcpsao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjlyagajedq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjlyeoazacp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjlyondpilp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjlyuhdjkdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjlywmczicq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjmiwpcpslo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjmyokd5gbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjmyqmajwho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjmyskajelp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnyalcjaho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnyclajsgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnycmcjoaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnyeld5olp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnygmdjogo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnyohdjclp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnyohdpsgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnyomajofo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnyomdziko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnyqhd5scq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnyqpcjkhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnysmcpiep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@e-2dj6wjnyumajoaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@excite[1].txt -> Spyware.Cookie.Excite : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@valueclick[3].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Cookies\bobby valentino@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Local Settings\Temp\101.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Local Settings\Temp\101.tmp.exe -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Bobby Valentino\Local Settings\Temp\102.tmp -> Trojan.Small.ga : Cleaned with backup
C:\MY DOCUMENTS AND PICTURES\Bobby's Documents\DL Haunt.exe/hauntpc.exe -> Not-A-Virus.Joke.Hauntpc : Cleaned with backup


::Report End

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 18 December 2005 - 11:45 AM

Fix these with HJT mark them, close IE, click fix checked

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

==========

Get all of these and/or verify you have the current versions

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS AntiSpy - http://www.microsoft.com/downloads/details...&displaylang=en (XP and W2K only)

DownLoad them (they are free), install them, check each for their
definition updates
and then run AdAware, MS AntiSpy (W2k/XP) and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

===============

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons - I do not recommend
using the Duplicates files button as many dupes are there on purpose.
Not all tmp files will delete that is normal.

In the unnecessary button I check the top 4 entries
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 burdel

burdel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 18 December 2005 - 12:28 PM

I want to thank you for all of your valuable time and help!!! My computer is clean now. I've also have to do my brothers computer now. I've some experience with this now and should be able to clean his. The hard part is identifying the infected files.

Again THANK YOU very much!!!!!!

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 18 December 2005 - 12:33 PM

Be very careful - using HJT and not knowing what you are doing can criple the system

If you'd like you can post his log here - just amke sure you note it is a different system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 burdel

burdel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 18 December 2005 - 01:40 PM

Ok will do.

Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users