Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Spyware Problem - Logs Included


  • This topic is locked This topic is locked
10 replies to this topic

#1 fr0st2k

fr0st2k

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 29 November 2006 - 08:37 AM

Hi guys, i've had iE spyware problems for about a year now, and just found this site and thought you guys could help.

Everytime i use IE and attempt to go to a page (well the majority of the time) it will bring me to a search page instead, and i've been getting TONs of popups.

Here are my Logs

-> i dont know what this means ... or if the BFU log is even correct, but someone had said to post it.

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 12:45:00 AM, on 11/29/2006


Option Unload Explorer: Yes
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: DllUnregister \MyToolBar.dll|1 (file not found)
Failed: DllUnregister \888Bar.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (key not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\software\microsoft\windows\currentversion\policies\explorer\run|{84c4d3ae-0bb0-1033-0729-050001} (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetwork (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|ms-update (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetworking (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2p networking (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|virtual-ie (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MS DATABASE (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|xp (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|winlog (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|wmplayer (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|tetriz3 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CQ4d6 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|SystemTools (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|eventwvr (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|truetype (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|0mcamcap (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|mysvcig38 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|drpXPd (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
Failed: FolderDelete C:\Program Files\GULESIDER VERKT°YLINJE (folder not found)
Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
Failed: FileDelete C:\DOCUME~1\ricky\LOCALS~1\Temp\~DF4BB3.tmp (operation failed)
Failed: FolderDelete C:\Documents and Settings\ricky\Local Settings\Temporary Internet Files\Content.IE5\YZHXJGB3 (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\PSCastor (folder not found)
Failed: FolderDelete C:\Program Files\CMIntex (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found)
Failed: FolderDelete C:\Program Files\folder.js (folder not found)
Failed: FolderDelete C:\Program Files\ini.ini (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderDelete C:\Program Files\PSHope (folder not found)
Failed: FolderDelete C:\Program Files\Batty (folder not found)
Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
Failed: FolderDelete C:\Program Files\PSLister (folder not found)
Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
Failed: FolderDelete C:\Program Files\PSDream (folder not found)
Failed: FolderDelete C:\Program Files\cmapp (folder not found)
Failed: FolderDelete C:\Program Files\cmman (folder not found)
Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
Failed: FolderDelete C:\Program Files\fcengine (folder not found)
Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.

Logfile of HijackThis v1.99.1
Scan saved at 12:18:36 AM, on 11/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\ricky\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CPub Object - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B65161BB-FB5B-ACF6-0672-8E3AF25D72E7} - C:\WINDOWS\system32\voycmp.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Windows Management Instrument Driver Includes (WMIDriverInc) - Unknown owner - C:\WINDOWS\wmiprvse.exe (file missing)

PandaScan Log



Incident Status Location

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\LocalService\Cookies\system@revenue[2].txt
Adware:Adware/StartPage.AHW Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S00RYNFL\cfg32[1].exe
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.advertising.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.zedo.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\ricky\Application Data\Mozilla\Firefox\Profiles\uf04mzll.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@adrevolver[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@ads.pointroll[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@adserver.filefront[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@bravenet[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@casalemedia[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@cassava[1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@citi.bridgetrack[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@com[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@cs.sexcounter[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@ehg-dig.hitbox[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@entrepreneur[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@fastclick[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@fe.lea.lycos[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@fortunecity[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@hitbox[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@i.screensavers[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@maxserving[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@media.adrevolver[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@mediaplex[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@microsofteup.112.2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@searchportal.information[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@serving-sys[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@stat.onestat[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@statse.webtrendslive[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@targetnet[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@valueclick[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@webpower[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@yadro[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\ricky\Cookies\ricky@zedo[2].txt
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\ricky\Local Settings\Temporary Internet Files\Content.IE5\YZHXJGB3\popup[1].htm
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\s?curity\n?pdb.exe
Adware:Adware/Lop Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.130
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.043
Adware:Adware/SaveNow Not disinfected C:\Program Files\DAEMON Tools\SetupDTSB.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\mm.BOT\Config\System\Process.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.FList\mm.FList.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe
Potentially unwanted tool:Application/Zango Not disinfected C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
Possible Virus. Not disinfected C:\Program Files\SigmaTel\TerraIM__1.2.exe
Adware:adware/dollarrevenue Not disinfected C:\VSL02.exe
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\cfg32o.dll
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\cfg32r.dll

BC AdBot (Login to Remove)

 


#2 fr0st2k

fr0st2k
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 29 November 2006 - 03:08 PM

bump please

#3 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:48 AM

Posted 29 November 2006 - 03:42 PM

Please download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me with a new HijackThis log.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#4 fr0st2k

fr0st2k
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 30 November 2006 - 12:35 PM

Thanks :thumbsup:

Heres the log

SUPERAntiSpyware Scan Log
Generated 11/30/2006 at 12:19 PM

Application Version : 3.3.1020

Core Rules Database Version : 3139
Trace Rules Database Version: 1156

Scan type : Complete Scan
Total Scan Time : 00:42:31


Memory items scanned : 515
Memory threats detected : 0
Registry items scanned : 6473
Registry threats detected : 139
File items scanned : 26538
File threats detected : 165

Adware.SearchClickAds
HKLM\Software\Classes\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\InprocServer32
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\InprocServer32#ThreadingModel
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\ProgID
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\TypeLib
HKCR\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\VersionIndependentProgID
C:\WINDOWS\CFG32S.DLL
HKLM\Software\Classes\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}
HKCR\CLSID\{7564B020-44E8-4C9B-A887-C6EC41AC67DA}
HKCR\CLSID\{7564B020-44E8-4C9B-A887-C6EC41AC67DA}
HKCR\CLSID\{7564B020-44E8-4C9B-A887-C6EC41AC67DA}#AppID
HKCR\CLSID\{7564B020-44E8-4C9B-A887-C6EC41AC67DA}\InprocServer32
HKCR\CLSID\{7564B020-44E8-4C9B-A887-C6EC41AC67DA}\InprocServer32#ThreadingModel
HKCR\CLSID\{7564B020-44E8-4C9B-A887-C6EC41AC67DA}\ProgID
HKCR\CLSID\{7564B020-44E8-4C9B-A887-C6EC41AC67DA}\Programmable
HKCR\CLSID\{7564B020-44E8-4C9B-A887-C6EC41AC67DA}\TypeLib
HKCR\CLSID\{7564B020-44E8-4C9B-A887-C6EC41AC67DA}\VersionIndependentProgID
C:\WINDOWS\CFG32R.DLL
HKLM\Software\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}#AppID
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\InprocServer32
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\InprocServer32#ThreadingModel
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\ProgID
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\Programmable
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\TypeLib
HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\VersionIndependentProgID
C:\WINDOWS\CFG32O.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7564B020-44E8-4c9b-A887-C6EC41AC67DA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{669695BC-A811-4A9D-8CDF-BA8C795F261C}
HKCR\KBBar.KBBarBand.1
HKCR\KBBar.KBBarBand.1\CLSID
HKCR\KBBar.KBBarBand
HKCR\KBBar.KBBarBand\CLSID
HKCR\KBBar.KBBarBand\CurVer
HKCR\TypeLib\{37686C62-D497-42E3-BAAB-78D89A74E151}
HKCR\CFG32S.Search
HKCR\CFG32S.Search\CLSID
HKCR\CFG32S.Search\CurVer
HKCR\CFG32S.Search.1
HKCR\CFG32S.Search.1\CLSID
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}\1.0
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}\1.0\0
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}\1.0\0\win32
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}\1.0\FLAGS
HKCR\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3}\1.0\HELPDIR
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\0
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\0\win32
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\FLAGS
HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\HELPDIR
HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}
HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\ProxyStubClsid
HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\ProxyStubClsid32
HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\TypeLib
HKCR\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1}\TypeLib#Version
HKCR\AppId\CFG32S.DLL
HKCR\AppId\CFG32S.DLL#AppID
HKCR\AppId\{27A1CA0D-78CE-4e23-8A89-2C95C15954B3}
HKLM\SOFTWARE\zAbstract
HKLM\SOFTWARE\zAbstract#r
HKLM\SOFTWARE\zAbstract#App1
HKLM\SOFTWARE\zAbstract#App3
HKLM\SOFTWARE\zAbstract#App4
HKLM\SOFTWARE\zAbstract#App5
HKLM\SOFTWARE\zAbstract#Parent
HKLM\SOFTWARE\zAbstract#App2
HKLM\SOFTWARE\zAbstract#Unique
HKLM\SOFTWARE\zAbstract#Stamp-Spawn
HKLM\SOFTWARE\zAbstract#Stamp-Update
HKLM\SOFTWARE\zAbstract#Count-Update
HKLM\SOFTWARE\zAbstract#Delay-Update
HKLM\SOFTWARE\zAbstract#Delay-EECH
HKLM\SOFTWARE\zAbstract#Delay-SPZ5
HKLM\SOFTWARE\zAbstract#Delay-ASI5AFF
HKLM\SOFTWARE\zAbstract#Campaigns
HKLM\SOFTWARE\zAbstract#Receipt-EECH
HKLM\SOFTWARE\zAbstract#Data-EECH
HKLM\SOFTWARE\zAbstract#Receipt-SPZ5
HKLM\SOFTWARE\zAbstract#Data-SPZ5
HKLM\SOFTWARE\zAbstract#Receipt-ASI5AFF
HKLM\SOFTWARE\zAbstract#Data-ASI5AFF
HKLM\SOFTWARE\zAbstract#Last
HKLM\SOFTWARE\zAbstract#Page
HKLM\SOFTWARE\zAbstract#Stamp-EECH
HKLM\SOFTWARE\zAbstract#Count-EECH
HKLM\SOFTWARE\zAbstract#Override
HKLM\SOFTWARE\zAbstract#Stamp-SPZ5
HKLM\SOFTWARE\zAbstract#Count-SPZ5
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\159BDXJR\STUB_VENTHH[1].EXE
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\S00RYNFL\CFG32[1].EXE
C:\STUB_VENTHH.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E088CBE9-C47E-41AE-83F3-D32DE39D57AF}\RP294\A0204111.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E088CBE9-C47E-41AE-83F3-D32DE39D57AF}\RP294\A0204112.EXE

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{B65161BB-FB5B-ACF6-0672-8E3AF25D72E7}
HKCR\CLSID\{B65161BB-FB5B-ACF6-0672-8E3AF25D72E7}
HKCR\CLSID\{B65161BB-FB5B-ACF6-0672-8E3AF25D72E7}\InprocServer32
HKCR\CLSID\{B65161BB-FB5B-ACF6-0672-8E3AF25D72E7}\InprocServer32#ThreadingModel
HKCR\CLSID\{B65161BB-FB5B-ACF6-0672-8E3AF25D72E7}\Programmable
HKCR\CLSID\{B65161BB-FB5B-ACF6-0672-8E3AF25D72E7}\TypeLib
C:\WINDOWS\SYSTEM32\VOYCMP.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B65161BB-FB5B-ACF6-0672-8E3AF25D72E7}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{B65161BB-FB5B-ACF6-0672-8E3AF25D72E7}
HKCR\TypeLib\{74753769-C14A-A8A3-2599-A102A7718C6E}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{B65161BB-FB5B-ACF6-0672-8E3AF25D72E7}

Adware.Tracking Cookie
C:\Documents and Settings\ricky\Cookies\ricky@1.adbrite[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@cassava[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@partner2profit[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@buycom.122.2o7[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@zedo[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ad1.clickhype[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@doubleclick[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.heias[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@z1.adserver[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@edge.ru4[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@cartoonnetwork.122.2o7[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@www.googleadservices[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@as-eu.falkag[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@atwola[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@questionmarket[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@tribalfusion[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@server.cpmstar[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@xiti[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@rotator.adjuggler[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@adrevolver[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@ad.yieldmanager[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@stat.onestat[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@keywordmax[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@80503492[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@2o7[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@mediaplex[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@partypoker[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@yieldmanager[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@fastclick[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@belnk[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@hit.stat[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.monster[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@indextools[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@azjmp[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@bluestreak[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@www.googleadservices[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@fortunecity[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@adecn[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@4.adbrite[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@www.burstbeacon[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@as-us.falkag[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.barnonedrinks[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@entrepreneur[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@icc.intellisrv[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@www.stopzilla[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@dcs1upibr4twkf8fu5w20iuhf_1g7w[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@screensavers[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@2.adbrite[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@888[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@adknowledge[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@tacoda[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@2.go.globaladsales[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@clicksor[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@cnn.122.2o7[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@adultswim[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@reduxads.valuead[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@casalemedia[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@nextag[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@partygaming.122.2o7[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@webpower[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@statcounter[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@data2.perf.overture[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@trafficmp[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@adv.webmd[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@maxserving[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.realtechnetwork[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@e-2dj6wfk4cgazmep.stats.esomniture[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@adopt.specificclick[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.addynamix[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@atdmt[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@statse.webtrendslive[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.cnn[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@adverts.loadedinc[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@realmedia[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@dcsmod66q10000gotfc85rwk9_4i9r[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@ehg-dig.hitbox[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@precisionclick[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@server.iad.liveperson[4].txt
C:\Documents and Settings\ricky\Cookies\ricky@ar.atwola[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@usenext[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@perf.overture[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@gamestats[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@toplist[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@nbcuniversal.122.2o7[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@yadro[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@anat.tacoda[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.as4x.tmcs[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@msnportal.112.2o7[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@revsci[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@adopt.euroclick[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@adserver.filefront[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@advertising[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@burstnet[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@www.burstnet[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@qnsr[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@network.realmedia[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@www.entrepreneur[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@cgi-bin[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.toonamijetstream[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@ehg-vonage.hitbox[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@targetnet[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@revenue[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.pointroll[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@regalinteractive[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@5198728[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ehg-gameshownet.hitbox[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@riptownmedia.122.2o7[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.lewt[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@microsofteup.112.2o7[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@cs.sexcounter[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@adopt.hbmediapro[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@lynxtrack[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@adbrite[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@adopt.hotbar[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@media.adrevolver[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@count4.exitexchange[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@adserve.webtoolcafe[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@hitbox[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@247realmedia[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@citi.bridgetrack[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@valueclick[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@www.screensavers[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@server.iad.liveperson[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@serving-sys[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ehg-boltmedia.hitbox[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@try.starware[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@i.screensavers[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@h.starware[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@overture[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.loadedinc[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@webstat[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@www.w3counter[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@adsextend[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@exitexchange[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@article[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@tradedoubler[2].txt
C:\Documents and Settings\ricky\Cookies\ricky@server.iad.liveperson[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@ads.webwosting[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@cbs.112.2o7[1].txt
C:\Documents and Settings\ricky\Cookies\ricky@kanoodle[1].txt
C:\Documents and Settings\LocalService\Cookies\system@revenue[2].txt

Adware.WhenU
HKCR\WUSN.1
HKCR\WUSN.1#WUSN_Id
C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE

Adware.BookedSpace
C:\WINDOWS\zAbstract\ASI5AFF.bsx
C:\WINDOWS\zAbstract\bspace.html
C:\WINDOWS\zAbstract\EECH.bsx
C:\WINDOWS\zAbstract\SPZ5.bsx
C:\WINDOWS\zAbstract
HKCR\bookedspace.extension
HKCR\bookedspace.extension\CLSID
HKCR\bookedspace.extension\CurVer
HKCR\bookedspace.extension.5
HKCR\bookedspace.extension.5\CLSID
HKCR\AppId\BookedSpace.DLL
HKCR\AppId\BookedSpace.DLL#AppID
HKCR\AppId\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
HKCR\AppID\Scaggy.DLL
HKCR\AppID\Scaggy.DLL#AppID
HKCR\Scaggy.Insert
HKCR\Scaggy.Insert\CLSID
HKCR\Scaggy.Insert\CurVer
HKCR\Scaggy.Insert.1
HKCR\Scaggy.Insert.1\CLSID
HKCR\AppID\{90A52F08-64AC-4DC6-9D7D-451667029898}
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\0
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\0\win32
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\FLAGS
HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\HELPDIR
C:\WINDOWS\CFG32P.DLL

Adware.Avenue Media/Internet Optimizer
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Trojan.SmartLoad
HKLM\Software\Microsoft\drsmartload2
HKLM\Software\Microsoft\drsmartload2#Installed

Browser Hijacker.Internet Explorer Settings Hijack
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
HKU\S-1-5-21-606747145-117609710-725345543-1004\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Adware.ClickSpring/Yazzle
HKLM\Software\Snowball Wars
C:\Program Files\Snowball Wars\License.txt
C:\Program Files\Snowball Wars

Adware.STIEBar
HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}
HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\ProxyStubClsid
HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\ProxyStubClsid32
HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\TypeLib
HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\TypeLib#Version

Trojan.NewDotNet
C:\NNSCAA638.EXE

Adware.ClickSpring
C:\Program Files\Common Files\SCURIT~1\NPDB~1.EXE

Trojan.Override
C:\WINDOWS\CBAFRDUL.EXE

Trojan.CmdService
C:\WINDOWS\MTE3NDI6ODOXNG.EXE

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WAPITR.EXE

#5 fr0st2k

fr0st2k
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 30 November 2006 - 12:36 PM

Heres the new hijack this file also

Logfile of HijackThis v1.99.1
Scan saved at 12:32:37 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ricky\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Windows Management Instrument Driver Includes (WMIDriverInc) - Unknown owner - C:\WINDOWS\wmiprvse.exe (file missing)

#6 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:48 AM

Posted 30 November 2006 - 01:43 PM

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O23 - Service: Windows Management Instrument Driver Includes (WMIDriverInc) - Unknown owner - C:\WINDOWS\wmiprvse.exe (file missing)


Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#7 fr0st2k

fr0st2k
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 30 November 2006 - 10:30 PM

Hey thanks again. I did what you asked, and heres the log

Logfile of HijackThis v1.99.1
Scan saved at 10:26:25 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ricky\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Windows Management Instrument Driver Includes (WMIDriverInc) - Unknown owner - C:\WINDOWS\wmiprvse.exe (file missing)

#8 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:48 AM

Posted 01 December 2006 - 03:10 AM

Go to Start->Run and type Services.msc then hit Ok. Scroll down and find the service called "Windows Management Instrument Driver Includes". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

Reboot and let me know how it's running now.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#9 fr0st2k

fr0st2k
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 01 December 2006 - 01:26 PM

its working great so far. Thanks for the help.

Id like to try it for a few days before the topic gets closed though!

otherwise thanks again for taking the time to help!

#10 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:48 AM

Posted 01 December 2006 - 02:28 PM

You're welcome - glad to help :thumbsup:

I'll leave it open for a few days - get back to me if there are any issues.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#11 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:48 AM

Posted 04 December 2006 - 02:48 AM

As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users