Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Alert Blinking...


  • Please log in to reply
11 replies to this topic

#1 ms_pammy

ms_pammy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 14 January 2007 - 01:17 PM

Hi All! So glad I found this site! I have done everyting I know to do and still have a Blinking Icon in system tray by this clock...it blinks and says' system alert then opens a baloon to some software page. Hope someone can plaese help me get rid of this nasty thing!!!

Thanks Pam


Logfile of HijackThis v1.99.1
Scan saved at 1:11:03 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SpywareBeGone.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Mine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Begone] "C:\Program Files\SpywareBeGone.exe" -FastScan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZGYYYYYYYYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Euchre - http://download2.games.yahoo.com/games/clients/y/et3_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/pub/mcgraw-hill/sup...s/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 14 January 2007 - 01:57 PM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 ms_pammy

ms_pammy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 14 January 2007 - 02:44 PM

Wow! :thumbsup: Thanks so much all gone!! *hugs* Here are the logs...do you see anything else in there that should not be?

Thanks again
Pam

Logfile of HijackThis v1.99.1
Scan saved at 2:39:22 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SpywareBeGone.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Begone] "C:\Program Files\SpywareBeGone.exe" -FastScan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZGYYYYYYYYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Euchre - http://download2.games.yahoo.com/games/clients/y/et3_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/pub/mcgraw-hill/sup...s/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


mitFraudFix v2.132

Scan done at 14:17:01.06, Sun 01/14/2007
Run from C:\Documents and Settings\Mine\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\gwquvw.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\gwquvw.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\Mine\FAVORI~1\Online Security Test.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 14 January 2007 - 02:57 PM

Lets do one more thing

Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 ms_pammy

ms_pammy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 14 January 2007 - 06:20 PM

Ok...Here ya go. Please let me know if I have more junk to get rid of

Thanks again
Pam

SUPERAntiSpyware Scan Log
Generated 01/14/2007 at 06:09 PM

Application Version : 3.4.1000

Core Rules Database Version : 3164
Trace Rules Database Version: 1176

Scan type : Complete Scan
Total Scan Time : 00:58:33

Memory items scanned : 353
Memory threats detected : 0
Registry items scanned : 5305
Registry threats detected : 10
File items scanned : 75326
File threats detected : 172

Adware.Tracking Cookie
C:\Documents and Settings\Mine\Cookies\mine@freeadultgames[1].txt
C:\Documents and Settings\Mine\Cookies\mine@sexythinxs[1].txt
C:\Documents and Settings\Mine\Cookies\mine@image.masterstats[1].txt
C:\Documents and Settings\Mine\Cookies\mine@mb[4].txt
C:\Documents and Settings\Mine\Cookies\mine@www.belstat[1].txt
C:\Documents and Settings\Mine\Cookies\mine@adultadworld[2].txt
C:\Documents and Settings\Mine\Cookies\mine@ad[4].txt
C:\Documents and Settings\Mine\Cookies\mine@login.tracking101[1].txt
C:\Documents and Settings\Mine\Cookies\mine@thrixxx[1].txt
C:\Documents and Settings\Mine\Cookies\mine@1069651398[1].txt
C:\Documents and Settings\Mine\Cookies\mine@a[1].txt
C:\Documents and Settings\Mine\Cookies\mine@ads.realtechnetwork[1].txt
C:\Documents and Settings\Mine\Cookies\mine@media303[2].txt
C:\Documents and Settings\Mine\Cookies\mine@cz4.clickzs[2].txt
C:\Documents and Settings\Mine\Cookies\mine@jamster[2].txt
C:\Documents and Settings\Mine\Cookies\mine@media.snapvine[1].txt
C:\Documents and Settings\Mine\Cookies\mine@mb[2].txt
C:\Documents and Settings\Mine\Cookies\mine@ads.monster[1].txt
C:\Documents and Settings\Mine\Cookies\mine@adv.webmd[1].txt
C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[15].txt
C:\Documents and Settings\Mine\Cookies\mine@tracking.foxnews[2].txt
C:\Documents and Settings\Mine\Cookies\mine@clicksor[2].txt
C:\Documents and Settings\Mine\Cookies\mine@admarketplace[2].txt
C:\Documents and Settings\Mine\Cookies\mine@popular[1].txt
C:\Documents and Settings\Mine\Cookies\mine@www.getsexgames[2].txt
C:\Documents and Settings\Mine\Cookies\mine@sales.liveperson[2].txt
C:\Documents and Settings\Mine\Cookies\mine@www.ez-tracks[1].txt
C:\Documents and Settings\Mine\Cookies\mine@adlegend[2].txt
C:\Documents and Settings\Mine\Cookies\mine@mb[1].txt
C:\Documents and Settings\Mine\Cookies\mine@myadultreviews[1].txt
C:\Documents and Settings\Mine\Cookies\mine@www.w3counter[2].txt
C:\Documents and Settings\Mine\Cookies\mine@cpvfeed[2].txt
C:\Documents and Settings\Mine\Cookies\mine@50715070[1].txt
C:\Documents and Settings\Mine\Cookies\mine@sexygames[2].txt
C:\Documents and Settings\Mine\Cookies\mine@jumps.ez-tracks[1].txt
C:\Documents and Settings\Mine\Cookies\mine@stats[3].txt
C:\Documents and Settings\Mine\Cookies\mine@ez-tracks[1].txt
C:\Documents and Settings\Mine\Cookies\mine@roiservice[2].txt
C:\Documents and Settings\Mine\Cookies\mine@adbrite[1].txt
C:\Documents and Settings\Mine\Cookies\mine@qnsr[2].txt
C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[3].txt
C:\Documents and Settings\Mine\Cookies\mine@mtr.splash.sexsearch[2].txt
C:\Documents and Settings\Mine\Cookies\mine@mb[6].txt
C:\Documents and Settings\Mine\Cookies\mine@dealtime[1].txt
C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[1].txt
C:\Documents and Settings\Mine\Cookies\mine@partner2profit[1].txt
C:\Documents and Settings\Mine\Cookies\mine@sexgamesfree[2].txt
C:\Documents and Settings\Mine\Cookies\mine@msnportal.112.2o7[1].txt
C:\Documents and Settings\Mine\Cookies\mine@hentaicounter[2].txt
C:\Documents and Settings\Mine\Cookies\mine@1070627706[1].txt
C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[6].txt
C:\Documents and Settings\Mine\Cookies\mine@sexybleepgames[1].txt
C:\Documents and Settings\Mine\Cookies\mine@try.starware[1].txt
C:\Documents and Settings\Mine\Cookies\mine@nextag[2].txt
C:\Documents and Settings\Mine\Cookies\mine@onlinerewardcenter[2].txt
C:\Documents and Settings\Mine\Cookies\mine@cz7.clickzs[2].txt
C:\Documents and Settings\Mine\Cookies\mine@www.pussysexgames[1].txt
C:\Documents and Settings\Mine\Cookies\mine@www.xxxgames[2].txt
C:\Documents and Settings\Mine\Cookies\mine@icc.intellisrv[2].txt
C:\Documents and Settings\Mine\Cookies\mine@ads.newgrounds[1].txt
C:\Documents and Settings\Mine\Cookies\mine@top[1].txt
C:\Documents and Settings\Mine\Cookies\mine@anat.tacoda[1].txt
C:\Documents and Settings\Mine\Cookies\mine@stats[4].txt
C:\Documents and Settings\Mine\Cookies\mine@anad.tacoda[1].txt
C:\Documents and Settings\Mine\Cookies\mine@toplist[1].txt
C:\Documents and Settings\Mine\Cookies\mine@adultchatspace[1].txt
C:\Documents and Settings\Mine\Cookies\mine@cz6.clickzs[1].txt
C:\Documents and Settings\Mine\Cookies\mine@server.cpmstar[2].txt
C:\Documents and Settings\Mine\Cookies\mine@www.belstat[2].txt
C:\Documents and Settings\Mine\Cookies\mine@ads.humornsex[1].txt
C:\Documents and Settings\Mine\Cookies\mine@myxxxgames[2].txt
C:\Documents and Settings\Mine\Cookies\mine@ad1.clickhype[1].txt
C:\Documents and Settings\Mine\Cookies\mine@indextools[2].txt
C:\Documents and Settings\Mine\Cookies\mine@www.adbrite[1].txt
C:\Documents and Settings\Mine\Cookies\mine@site.www.adbrite[2].txt
C:\Documents and Settings\Mine\Cookies\mine@m1.webstats4u[2].txt
C:\Documents and Settings\Mine\Cookies\mine@data4.perf.overture[1].txt
C:\Documents and Settings\Mine\Cookies\mine@lynxtrack[1].txt
C:\Documents and Settings\Mine\Cookies\mine@optimost[2].txt
C:\Documents and Settings\Mine\Cookies\mine@kanoodle[2].txt
C:\Documents and Settings\Mine\Cookies\mine@mb[5].txt
C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[14].txt
C:\Documents and Settings\Mine\Cookies\mine@interclick[1].txt
C:\Documents and Settings\Mine\Cookies\mine@76226072[2].txt
C:\Documents and Settings\Mine\Cookies\mine@banners.nbcupromotes[1].txt
C:\Documents and Settings\Mine\Cookies\mine@ads.cnn[1].txt
C:\Documents and Settings\Mine\Cookies\mine@pornnoxxx[1].txt
C:\Documents and Settings\Mine\Cookies\mine@vhost.oddcast[2].txt
C:\Documents and Settings\Mine\Cookies\mine@redorbit[2].txt
C:\Documents and Settings\Mine\Cookies\mine@xxx.freepornotoons[2].txt
C:\Documents and Settings\Mine\Cookies\mine@1070767430[1].txt
C:\Documents and Settings\Mine\Cookies\mine@media5.sitebrand[2].txt
C:\Documents and Settings\Mine\Cookies\mine@adinterax[2].txt
C:\Documents and Settings\Mine\Cookies\mine@sexygamesarea[2].txt
C:\Documents and Settings\Mine\Cookies\mine@adult-sex-games[1].txt
C:\Documents and Settings\Mine\Cookies\mine@publishers.clickbooth[1].txt
C:\Documents and Settings\Mine\Cookies\mine@ads.iconator[2].txt
C:\Documents and Settings\Mine\Cookies\mine@bizrate[1].txt
C:\Documents and Settings\Mine\Cookies\mine@www.sexygamesarea[1].txt
C:\Documents and Settings\Mine\Cookies\mine@order.jamster[2].txt
C:\Documents and Settings\Mine\Cookies\mine@focalex[2].txt
C:\Documents and Settings\Mine\Cookies\mine@track.searchignite[1].txt
C:\Documents and Settings\Mine\Cookies\mine@naiadsystems[1].txt
C:\Documents and Settings\Mine\Cookies\mine@data3.perf.overture[1].txt
C:\Documents and Settings\Mine\Cookies\mine@www.advertyz[2].txt
C:\Documents and Settings\Mine\Cookies\mine@74613876[2].txt
C:\Documents and Settings\Mine\Cookies\mine@www2.mystats[2].txt
C:\Documents and Settings\Mine\Cookies\mine@stats[1].txt
C:\Documents and Settings\Mine\Cookies\mine@stats[5].txt
C:\Documents and Settings\Mine\Cookies\mine@www.dragonball-xxx[2].txt
C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[16].txt
C:\Documents and Settings\Mine\Cookies\mine@www.hentaitoplist[2].txt
C:\Documents and Settings\Mine\Cookies\mine@i[2].txt
C:\Documents and Settings\Mine\Cookies\mine@LPBofA1[2].txt
C:\Documents and Settings\Mine\Cookies\mine@webpower[2].txt
C:\Documents and Settings\Mine\Cookies\mine@free[1].txt
C:\Documents and Settings\Mine\Cookies\mine@go.drivecleaner[1].txt
C:\Documents and Settings\Mine\Cookies\mine@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Mine\Cookies\mine@forums.sexyandfunny[2].txt
C:\Documents and Settings\Mine\Cookies\mine@pt.crossmediaservices[1].txt
C:\Documents and Settings\Mine\Cookies\mine@dcus[2].txt
C:\Documents and Settings\Mine\Cookies\mine@adultcomix[1].txt
C:\Documents and Settings\Mine\Cookies\mine@1063778287[2].txt
C:\Documents and Settings\Mine\Cookies\mine@fishadultgames[2].txt
C:\Documents and Settings\Mine\Cookies\mine@www.dodgersexcartoons[1].txt
C:\Documents and Settings\Mine\Cookies\mine@images.crossmediaservices[2].txt
C:\Documents and Settings\Mine\Cookies\mine@www.jamster[1].txt
C:\Documents and Settings\Mine\Cookies\mine@free.wegcash[2].txt
C:\Documents and Settings\Mine\Cookies\mine@uploaddir[1].txt
C:\Documents and Settings\Mine\Cookies\mine@stats[6].txt
C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[8].txt
C:\Documents and Settings\Mine\Cookies\mine@sec1.liveperson[1].txt
C:\Documents and Settings\Mine\Cookies\mine@cz5.clickzs[2].txt
C:\Documents and Settings\Mine\Cookies\mine@cz3.clickzs[2].txt
C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[11].txt
C:\Documents and Settings\Mine\Cookies\mine@1072463908[1].txt
C:\Documents and Settings\Mine\Cookies\mine@counter.surfcounters[1].txt
C:\Documents and Settings\Mine\Cookies\mine@network.realmedia[1].txt
C:\Documents and Settings\Mine\Cookies\mine@jokes[1].txt
C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[7].txt
C:\Documents and Settings\Mine\Cookies\mine@smileycentral[2].txt
C:\Documents and Settings\Mine\Cookies\mine@ads.glispa[2].txt
C:\Documents and Settings\Mine\Cookies\mine@1070548007[1].txt
C:\Documents and Settings\Mine\Cookies\mine@ad.yieldmanager[2].txt
C:\Documents and Settings\Mine\Cookies\mine@adultgames[1].txt

Malware.AntiVermins
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\DefaultIcon
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\DIDCreMgJdhj
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\fqUq
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\InProcServer32
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\InProcServer32#ThreadingModel
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\kOcHVMrlPxul
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\oxzyv
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\wdvi
HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\YelkyAxyb

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\DOCUMENTS AND SETTINGS\MINE\APPLICATION DATA\WINANTISPYWARE2007FREEINSTALL[1].EXE

Adware.Accoona
C:\PROGRAM FILES\FILESUBMIT\BOOCUTIESSS.ZIP\ATOOLBAR400005.EXE
C:\PROGRAM FILES\FILESUBMIT\HAUNTHALLDT.EXE\ATOOLBAR400005.EXE
C:\PROGRAM FILES\FILESUBMIT\JACKOLANTERNJAM.EXE\ATOOLBAR400005.EXE

Adware.Casino Games (Golden Palace Casino)
C:\PROGRAM FILES\SANDS OF THE CARIBBEAN GE\CASINO.EXE

Trojan.NewDotNet
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP623\A0193097.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP623\A0193102.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP659\A0219493.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP659\A0219495.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP687\A0235089.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP690\A0235302.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP693\A0235412.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP693\A0235416.EXE
C:\WINDOWS\NDNUNINSTALL6_98.EXE
C:\WINDOWS\NDNUNINSTALL7_14.EXE
C:\WINDOWS\NDNUNINSTALL7_48.EXE

Trojan.Media-Codec
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP686\A0235028.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP686\A0235047.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP686\A0235065.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP693\A0235419.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP693\A0235420.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP693\A0235421.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP693\A0235426.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP693\A0235427.ICO

Adware.WhenU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP695\A0235541.EXE

Trojan.NewDotNet-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP695\A0235542.EXE

Trojan.Smitfraud Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP696\A0235897.DLL


Logfile of HijackThis v1.99.1
Scan saved at 6:17:42 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SpywareBeGone.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Begone] "C:\Program Files\SpywareBeGone.exe" -FastScan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZGYYYYYYYYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Euchre - http://download2.games.yahoo.com/games/clients/y/et3_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/pub/mcgraw-hill/sup...s/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#6 ms_pammy

ms_pammy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 14 January 2007 - 06:25 PM

my gosh! by looking at the cookies I better password protect my pc, looks like the teenagers been looking around a bit!!

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 14 January 2007 - 06:27 PM

IE - Block Third party cookies
1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu.
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen.
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.
====================

You have no active AntiVirus!

Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/
========================
Fix this with HiJackThis – mark it, close IE, click fix checked

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZGYYYYYYYYUS
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 ms_pammy

ms_pammy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 15 January 2007 - 10:22 AM

Sorry I didnt make it back yesterday...here is what Ive done so far I blocked the 3rd party cookies, downloaded the AVG Antivirus, installed it and ran the scan.

However I dont understand this part.......

Fix this with HiJackThis – mark it, close IE, click fix checked

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZGYYYYYYYYUS

Can you please explain what to fix with hijack this?

Thanks again Pam

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 15 January 2007 - 10:24 AM

Run hijack scan only - go to that O8 entry - mark the box to the left of it - close IE - at the bottom of hijack click fix checked
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 ms_pammy

ms_pammy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 15 January 2007 - 12:00 PM

Ohh Ok...Got it! Always wondered how to get rid of that, I have tried several times in remove programs!

Again I want to thank you...your help has been greatly appreciated! ((:

Pam

#11 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 15 January 2007 - 12:01 PM

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#12 ms_pammy

ms_pammy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 15 January 2007 - 03:01 PM

Ok Done & Done! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users