Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win Fixer Keeps Coming Up & Backweb Security Notice


  • This topic is locked This topic is locked
9 replies to this topic

#1 rubby8892

rubby8892

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 28 January 2006 - 04:28 PM

We have our computer set up so that I can be logged on or my son can be logged on and I dont know if that makes a differnce or if you get both sides when I do this log.

Any help that you can give me would be appreciated.



Logfile of HijackThis v1.99.1
Scan saved at 4:24:45 PM, on 1/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1138312479\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\gebyy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138312479\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/clients/y/gst1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gebyy - C:\WINDOWS\system32\gebyy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe

BC AdBot (Login to Remove)

 


m

#2 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:08:27 AM

Posted 28 January 2006 - 09:21 PM

Hello rubby8892,

Welcome to BleepingComputer!

My name is Nick and I will be checking over your log.

Let's get started. :thumbsup:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
Now close all windows other than HiJackThis, then click Fix Checked.

Next, delete the following file (if present) using Windows Explorer:
C:\Program Files\UltimateBet\UltimateBet.exe

Next, delete the following folder (if present) using Windows Explorer:
C:\Program Files\UltimateBet

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a fresh HijackThis log.
Let me know how everything goes

Thanks,
Nick :flowers:
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz 2006

#3 rubby8892

rubby8892
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 04 February 2006 - 10:19 AM

VundoFix V4.2.16
Scan started at 10:12:12 AM 2/4/2006

Listing files found while scanning....

C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\yybeg.ini
C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak2
C:\WINDOWS\system32\yybeg.ini2
C:\WINDOWS\system32\yybeg.tmp

C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak2
C:\WINDOWS\system32\yybeg.tmp
C:\WINDOWS\system32\yybeg.ini
C:\WINDOWS\system32\yybeg.ini2
C:\WINDOWS\system32\gebyy.dll
Attempting to delete C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\gebyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yybeg.ini
C:\WINDOWS\system32\yybeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\yybeg.bak2
C:\WINDOWS\system32\yybeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\yybeg.ini2
C:\WINDOWS\system32\yybeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\yybeg.tmp
C:\WINDOWS\system32\yybeg.tmp Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of HijackThis v1.99.1
Scan saved at 10:17:24 AM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...izIW3Nef6443XTu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/clients/y/gst1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe

#4 rubby8892

rubby8892
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 04 February 2006 - 11:27 AM

Incident Status Location

Adware:adware/spysheriff Not disinfected C:\winstall.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartloadb1.dat
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall6_98.exe
Adware:adware/sbsoft Not disinfected C:\WINDOWS\rdt.ini
Potentially unwanted tool:application/mywebsearch Not disinfected C:\PROGRAM FILES\MyGlobalSearch
Adware:adware/cws.yexe Not disinfected C:\WINDOWS\inet20001
Adware:adware/comet Not disinfected Windows Registry
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[3].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@as1.falkag[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ath.belnk[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@belnk[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@com[2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@data.coremetrics[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hc2.humanclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@overture[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@paycounter[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@perf.overture[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@realmedia[2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@spylog[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats1.reliablestats[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@valueclick[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winfixer[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstbeacon[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@zedo[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[3].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@as1.falkag[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ath.belnk[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@belnk[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@com[2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@data.coremetrics[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hc2.humanclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@overture[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@paycounter[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@perf.overture[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@realmedia[2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@spylog[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats1.reliablestats[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@valueclick[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winfixer[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstbeacon[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@zedo[1].txt
Virus:W32/Locksky.B.worm Disinfected C:\Documents and Settings\HP_Owner\temp.bak
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Application Data\Mozilla\Firefox\Profiles\9rnbm4j1.default\cookies.txt[]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@2o7[2].txt
Spyware:Cookie/adstat Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@ad.stat.4u[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@as-us.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@as1.falkag[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@ath.belnk[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@burstnet[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@c5.zedo[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@casalemedia[1].txt
Spyware:Cookie/CollegebleepTour Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@collegebleeptour[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@fastclick[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@fortunecity[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@i.screensavers[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@maxserving[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@overture[2].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@paycounter[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@stats1.reliablestats[2].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@teensforcash[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@tribalfusion[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@www.burstbeacon[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Cookies\sean@zedo[2].txt
Adware:Adware/QoolShown Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Local Settings\Temp\f9661546.exe
Virus:Trj/Bedily.A Disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Local Settings\Temp\f9671796.exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\AlohaSolitaireSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\BallistikSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\GrumpSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\MahJong_JADESetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\MysteryCaseFilesSetup-dm[2].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\PizzaFrenzySetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\TriJinx-dm[1].exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Adware:Adware/Adsmart Not disinfected C:\lo-64147405.exe
Adware:Adware/SaveNow Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2063BDFA-007D-4BF8-B567-D0A5EE\422921A4-8994-4BC6-86BB-CD7630
Adware:Adware/ClockSync Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2063BDFA-007D-4BF8-B567-D0A5EE\6CF5A0BC-FE82-4FFB-B161-ABB733
Adware:Adware/SaveNow Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2063BDFA-007D-4BF8-B567-D0A5EE\78D0A0B2-C0BF-4CEE-B30B-B1524F
Adware:Adware/SaveNow Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2063BDFA-007D-4BF8-B567-D0A5EE\840CF558-D96F-4A76-B3CB-6B44BA
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F3747155-B4C7-49F4-8787-6FE323\0FC57EA6-D6E2-48B8-B123-842713
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F3747155-B4C7-49F4-8787-6FE323\6110E552-C4F2-42B0-8F06-151DAA
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F3747155-B4C7-49F4-8787-6FE323\976A654F-C910-43A2-8F77-380861
Spyware:Spyware/New.net Not disinfected C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE
Spyware:Cookie/bravenetA Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc101.txt
Spyware:Cookie/Btgrab Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc102.txt
Spyware:Cookie/Cassava Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc108.txt
Spyware:Cookie/Cgi-bin Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc110.txt
Spyware:Cookie/Twain-Tech Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc115.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc136.txt
Spyware:Cookie/Screensavers Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc173.txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc214.txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc220.txt
Spyware:Cookie/Qsrch Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc235.txt
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc239.txt
Spyware:Cookie/Rn11 Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc244.txt
Spyware:Cookie/Reliablestats Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc265.txt
Spyware:Cookie/Reliablestats Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc266.txt
Spyware:Cookie/Target Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc272.txt
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc276.txt

Edited by rubby8892, 04 February 2006 - 11:31 AM.


#5 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:08:27 AM

Posted 04 February 2006 - 04:55 PM

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\winstall.exe
    C:\WINDOWS\drsmartloadb1.dat
    C:\WINDOWS\kwv2.dat
    C:\WINDOWS\NDNuninstall6_98.exe
    C:\WINDOWS\rdt.ini
    C:\PROGRAM FILES\MyGlobalSearch
    C:\WINDOWS\inet20001
    C:\Program Files\UltimateBet\UltimateBet.exe
    C:\Program Files\UltimateBet\

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please run HijackThis and place a check next to the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...izIW3Nef6443XTu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
Please close all open browesers other than HijackThis and click "Fix Checked"

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please include a fresh HijackThis log in your next reply.

Thanks,
Nick :thumbsup:
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz 2006

#6 rubby8892

rubby8892
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 04 February 2006 - 07:06 PM

Here is the newest Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 7:04:26 PM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...izIW3Nef6443XTu
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/clients/y/gst1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe

#7 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:08:27 AM

Posted 04 February 2006 - 08:15 PM

Hi,

Please open HijackThis and place a check for this entry:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...izIW3Nef6443XTu
Close all open browsers other than HijackThis and click "Fix Checked"


How's your pc doing?

If everything is fine, I will go ahead and post my prevention speech :thumbsup:

Thanks,
Nick :flowers:
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz 2006

#8 rubby8892

rubby8892
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 05 February 2006 - 10:03 AM

I think everything looks ok. We have not seen the Win Fixer pop up. There is another one, some authenticity one but that is it. Still a little slow sometimes but I think you could go ahead and give your prevention speech.

Thanks

Rose

#9 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:08:27 AM

Posted 05 February 2006 - 06:04 PM

Everything looks great, your HijackThis log appears to be CLEAN!!!

Here is a list of tools I like to suggest to users to prevent future infections.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware -Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! -Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Firefox- Internet Explorer is NOT the most secure browser. I highly recommend Firefox as a safer alternative.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz 2006

#10 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:08:27 AM

Posted 21 February 2006 - 10:03 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :thumbsup:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users