Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer Browser Pop Ups Help Needed


  • Please log in to reply
11 replies to this topic

#1 Larry Naramore

Larry Naramore

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 14 January 2006 - 10:52 PM

Needless to say this is driving me nutso! :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 7:39:39 PM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Turtle Beach Santa Cruz\Tbctray.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Larry\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stevehoffman.tv/forums/search.php?do=getnew
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\ddcyx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\Documents and Settings\All Users\Start Menu\Programs\Turtle Beach Santa Cruz\Tbctray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Internet Explorer.lnk = ?
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eScrip Shopping - file://C:\Program Files\Escrip_Shopping\Sy5400\Tp5400\scri5400a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Schoolpop - {B46F2A6A-3216-461c-BEEA-FBE442469812} - file://C:\Program Files\SchoolpopShoppingBuddy\System\Temp\schoolpop_script0.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {D0887919-FB2E-4530-85B2-B7E1D571CE28} - file://C:\Program Files\Schoolpop_ShoppingBuddy\Sy950\Tp950\scri950a.htm (file missing) (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093229048234
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.74/cabs/zinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...672/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:26 AM

Posted 15 January 2006 - 10:34 AM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.


#3 Larry Naramore

Larry Naramore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 15 January 2006 - 11:46 AM

Thanks!

VundoFix V4.0

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.bak2

Attempting to delete C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\ddcyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xycdd.bak2
C:\WINDOWS\system32\xycdd.bak2 Has been deleted!

Performing Repairs to the registry.
Done!
VundoFix V4.0

Listing files found while scanning....

#4 Larry Naramore

Larry Naramore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 15 January 2006 - 11:49 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:44:54 AM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Turtle Beach Santa Cruz\Tbctray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stevehoffman.tv/forums/search.php?do=getnew
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\Documents and Settings\All Users\Start Menu\Programs\Turtle Beach Santa Cruz\Tbctray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Internet Explorer.lnk = ?
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eScrip Shopping - file://C:\Program Files\Escrip_Shopping\Sy5400\Tp5400\scri5400a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Schoolpop - {B46F2A6A-3216-461c-BEEA-FBE442469812} - file://C:\Program Files\SchoolpopShoppingBuddy\System\Temp\schoolpop_script0.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {D0887919-FB2E-4530-85B2-B7E1D571CE28} - file://C:\Program Files\Schoolpop_ShoppingBuddy\Sy950\Tp950\scri950a.htm (file missing) (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093229048234
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.74/cabs/zinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...672/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#5 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:26 AM

Posted 15 January 2006 - 01:07 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Scan again with HijackThis and check the following items:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: Schoolpop - {B46F2A6A-3216-461c-BEEA-FBE442469812} - file://C:\Program Files\SchoolpopShoppingBuddy\System\Temp\schoolpop_script0.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {D0887919-FB2E-4530-85B2-B7E1D571CE28} - file://C:\Program Files\Schoolpop_ShoppingBuddy\Sy950\Tp950\scri950a.htm (file missing) (HKCU)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #2

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete these files and folders (if they are still there):
C:\Program Files\SchoolpopShoppingBuddy <= this folder


Reboot your computer normally.

Step #5

Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the Panda ActiveScan log. Start HijackThis and perform a new scan.


Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

#6 Larry Naramore

Larry Naramore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 15 January 2006 - 07:16 PM

Incident Status Location

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Larry\Cookies\larry@stats1.reliablestats[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Larry\Cookies\larry@perf.overture[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\77b2zne5.default\cookies.txt[]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\SpyHunter\Backup\larry@trafficmp[2].txt.bak
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\SpyHunter\Backup\larry@valueclick[2].txt.bak
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\SpyHunter\Backup\larry@valueclick[1].txt.bak
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\SpyHunter\Backup\larry@targetnet[1].txt.bak
Spyware:Cookie/Advertising Not disinfected C:\Program Files\SpyHunter\Backup\larry@servedby.advertising[2].txt.bak
Spyware:Cookie/QkSrv Not disinfected C:\Program Files\SpyHunter\Backup\larry@qksrv[1].txt.bak
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\SpyHunter\Backup\larry@mediaplex[1].txt.bak
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\SpyHunter\Backup\larry@realmedia[1].txt.bak
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\SpyHunter\Backup\larry@casalemedia[2].txt.bak
Spyware:Cookie/Rightmedia Not disinfected C:\Program Files\SpyHunter\Backup\larry@rightmedia[1].txt.bak
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\SpyHunter\Backup\larry@hitbox[1].txt.bak
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\SpyHunter\Backup\larry@hg1.hitbox[1].txt.bak
Spyware:Cookie/Gator Not disinfected C:\Program Files\SpyHunter\Backup\larry@gator[1].txt.bak
Spyware:Cookie/FastClick Not disinfected C:\Program Files\SpyHunter\Backup\larry@fastclick[1].txt.bak
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\SpyHunter\Backup\larry@doubleclick[1].txt.bak
Spyware:Cookie/Coremetrics Not disinfected C:\Program Files\SpyHunter\Backup\larry@data.coremetrics[2].txt.bak
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\SpyHunter\Backup\larry@centrport[2].txt.bak
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\SpyHunter\Backup\larry@bluestreak[1].txt.bak
Spyware:Cookie/Bfast Not disinfected C:\Program Files\SpyHunter\Backup\larry@bfast[1].txt.bak
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\SpyHunter\Backup\larry@atdmt[1].txt.bak
Spyware:Cookie/Advertising Not disinfected C:\Program Files\SpyHunter\Backup\larry@advertising[1].txt.bak
Spyware:Cookie/Adserver Not disinfected C:\Program Files\SpyHunter\Backup\larry@z1.adserver[1].txt.bak
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\SpyHunter\Backup\larry@trafficmp[1].txt.bak
Spyware:Cookie/Rightmedia Not disinfected C:\Program Files\SpyHunter\Backup\larry@rightmedia[2].txt.bak
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\SpyHunter\Backup\larry@realmedia[2].txt.bak
Spyware:Cookie/Linksynergy Not disinfected C:\Program Files\SpyHunter\Backup\larry@linksynergy[1].txt.bak
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\SpyHunter\Backup\larry@hitbox[2].txt.bak
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\SpyHunter\Backup\larry@centrport[1].txt.bak
Spyware:Cookie/Bfast Not disinfected C:\Program Files\SpyHunter\Backup\larry@bfast[2].txt.bak
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\SpyHunter\Backup\larry@atdmt[2].txt.bak
Spyware:Cookie/Adtech Not disinfected C:\Program Files\SpyHunter\Backup\larry@adtech[2].txt.bak
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\SpyHunter\Backup\larry@sextracker[1].txt.bak
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\SpyHunter\Backup\larry@counter9.sextracker[1].txt.bak
Spyware:Cookie/QkSrv Not disinfected C:\Program Files\SpyHunter\Backup\larry@qksrv[2].txt.bak
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\SpyHunter\Backup\larry@mediaplex[2].txt.bak
Spyware:Cookie/FastClick Not disinfected C:\Program Files\SpyHunter\Backup\larry@fastclick[2].txt.bak
Spyware:Cookie/Coremetrics Not disinfected C:\Program Files\SpyHunter\Backup\larry@data.coremetrics[1].txt.bak
Spyware:Cookie/Advertising Not disinfected C:\Program Files\SpyHunter\Backup\larry@servedby.advertising[1].txt.bak
Spyware:Cookie/Linksynergy Not disinfected C:\Program Files\SpyHunter\Backup\larry@linksynergy[3].txt.bak
Spyware:Cookie/Linksynergy Not disinfected C:\Program Files\SpyHunter\Backup\larry@linksynergy[2].txt.bak
Spyware:Cookie/Adserver Not disinfected C:\Program Files\SpyHunter\Backup\larry@z1.adserver[3].txt.bak
Spyware:Cookie/Advertising Not disinfected C:\Program Files\SpyHunter\Backup\larry@advertising[2].txt.bak
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\SpyHunter\Backup\larry@casalemedia[1].txt.bak
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Program Files\SpyHunter\Backup\larry@247realmedia[2].txt.bak
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\SpyHunter\Backup\larry@phg.hitbox[2].txt.bak
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\SpyHunter\Backup\larry@doubleclick[2].txt.bak
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\SpyHunter\Backup\larry@ehg-idg.hitbox[2].txt.bak
Spyware:Cookie/2o7.net Not disinfected D:\Documents and Settings\LTRM\Application Data\Mozilla\Profiles\ltrm\lt398t5z.slt\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\LTRM\Application Data\Mozilla\Profiles\ltrm\lt398t5z.slt\cookies.txt[S005-01-8-22-272338-98547]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\LTRM\Application Data\Mozilla\Profiles\ltrm\lt398t5z.slt\cookies.txt[35327284]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\LTRM\Application Data\Mozilla\Profiles\ltrm\lt398t5z.slt\cookies.txt[66693905]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\LTRM\Application Data\Mozilla\Profiles\ltrm\lt398t5z.slt\cookies.txt[S113245]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\LTRM\Application Data\Mozilla\Profiles\ltrm\lt398t5z.slt\cookies.txt[S130376]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\LTRM\Application Data\Mozilla\Profiles\ltrm\lt398t5z.slt\cookies.txt[S130343]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\LTRM\Application Data\Mozilla\Profiles\ltrm\lt398t5z.slt\cookies.txt[S130376]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\LTRM\Application Data\Mozilla\Profiles\ltrm\lt398t5z.slt\cookies.txt[S139232]
Spyware:Cookie/Tribalfusion Not disinfected D:\Documents and Settings\LTRM\Application Data\Mozilla\Profiles\ltrm\lt398t5z.slt\cookies.txt[]
Spyware:Cookie/Traffic Marketplace Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@trafficmp[1].txt.bak
Spyware:Cookie/WUpd Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@revenue[1].txt.bak
Spyware:Cookie/Mediaplex Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@mediaplex[1].txt.bak
Spyware:Cookie/RealMedia Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@realmedia[1].txt.bak
Spyware:Cookie/Valueclick Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@valueclick[1].txt.bak
Spyware:Cookie/Advertising Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@servedby.advertising[2].txt.bak
Spyware:Cookie/QkSrv Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@qksrv[2].txt.bak
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@ehg.hitbox[2].txt.bak
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@hitbox[1].txt.bak
Spyware:Cookie/Gator Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@gator[1].txt.bak
Spyware:Cookie/FastClick Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@fastclick[2].txt.bak
Spyware:Cookie/Doubleclick Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@doubleclick[1].txt.bak
Spyware:Cookie/Coremetrics Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@data.coremetrics[1].txt.bak
Spyware:Cookie/CentrPort Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@centrport[1].txt.bak
Spyware:Cookie/Bluestreak Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@bluestreak[1].txt.bak
Spyware:Cookie/Bfast Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@bfast[2].txt.bak
Spyware:Cookie/Atlas DMT Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@atdmt[2].txt.bak
Spyware:Cookie/Advertising Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@advertising[1].txt.bak
Spyware:Cookie/Adserver Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@z1.adserver[1].txt.bak
Spyware:Cookie/Mediaplex Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@mediaplex[2].txt.bak
Spyware:Cookie/Bfast Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@bfast[1].txt.bak
Spyware:Cookie/Adserver Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@z1.adserver[2].txt.bak
Spyware:Cookie/Valueclick Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@valueclick[2].txt.bak
Spyware:Cookie/SpyLog Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@spylog[1].txt.bak
Spyware:Cookie/QkSrv Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@qksrv[1].txt.bak
Spyware:Cookie/Hitslink Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@counter.hitslink[1].txt.bak
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@hg1.hitbox[1].txt.bak
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@phg.hitbox[2].txt.bak
Spyware:Cookie/Gator Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@webpdp.gator[1].txt.bak
Spyware:Cookie/FastClick Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@fastclick[1].txt.bak
Spyware:Cookie/Coremetrics Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@data.coremetrics[2].txt.bak
Spyware:Cookie/Bluestreak Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@bluestreak[2].txt.bak
Spyware:Cookie/Atlas DMT Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@atdmt[1].txt.bak
Spyware:Cookie/Advertising Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@advertising[2].txt.bak
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@ehg-idg.hitbox[1].txt.bak
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\SpyHunter\Backup\ltrm@hitbox[2].txt.bak

#7 Larry Naramore

Larry Naramore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 15 January 2006 - 07:17 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:07:51 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Turtle Beach Santa Cruz\Tbctray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stevehoffman.tv/forums/search.php?do=getnew
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\Documents and Settings\All Users\Start Menu\Programs\Turtle Beach Santa Cruz\Tbctray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Internet Explorer.lnk = ?
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eScrip Shopping - file://C:\Program Files\Escrip_Shopping\Sy5400\Tp5400\scri5400a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093229048234
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.74/cabs/zinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...672/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#8 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:26 AM

Posted 16 January 2006 - 08:14 AM

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Find and delete these files (if they are still there):
D:\Program Files\SpyHunter\Backup <= delete everything inside it!

Reboot your computer.

Start HijackThis and perform a new scan.

Use the Add Reply button to post your new log back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.


Also tell me if you still have any problems and how your computer is running!

#9 Larry Naramore

Larry Naramore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 16 January 2006 - 08:43 AM

Well I haven't had a Winfixer or any other browser hijacking lately (I hope that is the correct term to use)... keeping fingers crossed :thumbsup:

So what do you guys think of ZoneAlarm. Did I mess up by installing it? My neighbor is supposed to put me on a router next week (whatever that is :flowers:..)

Here's the latest. Computer seems to be working fine.

Logfile of HijackThis v1.99.1
Scan saved at 5:30:00 AM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Turtle Beach Santa Cruz\Tbctray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stevehoffman.tv/forums/search.php?do=getnew
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\Documents and Settings\All Users\Start Menu\Programs\Turtle Beach Santa Cruz\Tbctray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Internet Explorer.lnk = ?
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093229048234
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.74/cabs/zinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...672/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Edited by Larry Naramore, 16 January 2006 - 08:44 AM.


#10 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:26 AM

Posted 16 January 2006 - 08:51 AM

Well I haven't had a Winfixer or any other browser hijacking lately (I hope that is the correct term to use)... keeping fingers crossed :thumbsup:

Yeah, that is what i meant ;)

So what do you guys think of ZoneAlarm. Did I mess up by installing it? My neighbor is supposed to put me on a router next week (whatever that is :flowers:..)

Router: http://en.wikipedia.org/wiki/Router

ZonneAlarm is great! Here are some more prevention tips:

This log looks clean!
  • Don't forget to re-hide all files and folders. To re-hide all files and folders:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading deselect "Show hidden files and folders".
    • Check the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
  • This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

    Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

    Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

    This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts.

    Please post back if you are still having any problems....


#11 Larry Naramore

Larry Naramore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 16 January 2006 - 09:12 AM

Hi Dick,

Thanks for your time!

I Paypaled your account and Bleeping Computer a little.

If I was Bill Gates it would have been a lot more!

Thanks again,
Larry

#12 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:26 AM

Posted 16 January 2006 - 09:27 AM

You're welcome :thumbsup:

Thanks for the donation! Much Thanks!

Regards,

Dick




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users