Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Programs Show Up In The Tool Bar


  • This topic is locked This topic is locked
17 replies to this topic

#1 Mitco39

Mitco39

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 19 February 2007 - 12:12 AM

This is our company labtop and it has recently started acting very slow. Microsoft Word gets stuck on requesting a virus scan when opening it. The accounting programs open very slowly. This computer seems very conjested with old files and I would like to get these problems fixed before I go and clean up th hard drive.
Thanks alot in advance

Here is my highjack this file

=============

Logfile of HijackThis v1.99.1
Scan saved at 10:02:24 PM, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Janice\My Documents\My Received Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/home_page.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/18...e/bridge-c9.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 19 February 2007 - 04:14 AM

Welcome Mitco39 :thumbsup:

Could you reboot,rescan with Hijackthis and post a new,whole log please.
The log you've posted is incomplete.
Thanks
:flowers:
Posted Image
Posted Image

#3 Mitco39

Mitco39
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 19 February 2007 - 01:09 PM

Here is the copy after a reboot and a rescan.


Logfile of HijackThis v1.99.1
Scan saved at 11:02:38 AM, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Janice\My Documents\My Received Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/home_page.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/18...e/bridge-c9.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll

It looks the same as it did before?

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 19 February 2007 - 01:42 PM

It looks like you have a problem with Norton Antivirus,it's not running in Processes.
I suggest you do the following:

Either uninstall/reinstall it if you have the Norton Antivirus installation disk,or uninstall it from your system and install a freeware antivirus.
If you have the Norton install disk,go to Control Panel>Add or Remove Programs and remove it,then reboot,then reinstall it.

If there's no Norton uninstaller in Add\Remove Programs,download and run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Failing that if you haven't got the Norton installation disk,do the following:
Download AVG Free Edition Antivus:
http://free.grisoft.com/softw/70free/setup...ree_441a944.exe
Disconnect from the internet.
Uninstall Norton Antivirus [Norton Removal Tool],then reboot.
Install AVG Antivirus,update it's definitions and run a full system virus scan.

When you've done the above,post a new Hijackthis log please.
Posted Image
Posted Image

#5 Mitco39

Mitco39
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 19 February 2007 - 10:44 PM

Here is the log after the required was completed.



Logfile of HijackThis v1.99.1
Scan saved at 8:38:47 PM, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Janice\My Documents\My Received Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/home_page.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/18...e/bridge-c9.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 20 February 2007 - 03:27 AM

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*********************

Download DelDomains.zip and extract/unzip it to your desktop:
Now right click on Deldomains.inf 'Install'.
After right clicking on Deldomains.inf 'Install' it appeared nothing happened,this is normal.

*********************

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

*********************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/18...e/bridge-c9.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab


Find and delete if present:
C:\Program Files\SideFind
C:\Program Files\NavExcel

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.
Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Antispyware report and a new Hijackthis log into your next reply please.
Let me know how the pc is running now.
Posted Image
Posted Image

#7 Mitco39

Mitco39
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 20 February 2007 - 07:00 PM

The computer is running a little better, however the toolbar is still not showing the windows that are open :flowers:


Here is the New Hijack this and the AVG Reports

Thanks for your help so far :thumbsup:


Logfile of HijackThis v1.99.1
Scan saved at 4:51:39 PM, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Janice\My Documents\My Received Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/home_page.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

==========================================



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:32:34 PM 21/02/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dealhelper -> Adware.DealHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Adware.DealHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\dealhelper -> Adware.DealHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\dealhelper\KeyWord -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\update -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-4153434948-4166311935-279048624-1005\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-4153434948-4166311935-279048624-1005\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-4153434948-4166311935-279048624-1005\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Program Files\ISTbar\imagemap_normal.bmp -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Program Files\ISTbar\imagemap_over.bmp -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Program Files\ISTbar\version.txt -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Program Files\ISTbar\xml_istbar.xml -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ISTx.Installer -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag.1 -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CurVer -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-4153434948-4166311935-279048624-1005\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\Applications -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\Applications\ebatesver2.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\Applications\eeid33.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\Applications\sunclass.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\EbatesMoeMoneyMaker.inf -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\a.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\b.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ba.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bb.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bc.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bd.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\be.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bf.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bg.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bh.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bi.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bj.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bk.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bl.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bm.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bn.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bo.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bp.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bq.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\br.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bs.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bt.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bu.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bv.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bw.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bx.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\by.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\bz.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\c.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ca.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cb.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cc.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cd.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ce.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cf.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cg.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ch.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ci.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cj.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ck.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cl.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cm.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cn.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\co.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cp.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cq.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cr.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cs.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ct.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cu.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cv.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cw.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cx.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cy.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\cz.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\d.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\da.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\db.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dc.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dd.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\de.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\df.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dg.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dh.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\di.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dj.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dk.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dl.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dn.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dp.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dq.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dr.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ds.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dt.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\du.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dv.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dw.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dy.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\dz.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\e.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ea.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\eb.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ec.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\ed.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\f.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\g.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\h.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\i.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\j.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\k.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\l.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\m.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\n.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\p.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\q.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\r.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\s.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\t.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\u.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\v.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\w.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\x.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Code\y.class -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Html -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_autorediroffer0.htm -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_couponsautoredir0.htm -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_couponsoffer1.htm -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_disable0.htm -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_memoffer0.htm -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_nonmemoffer0.htm -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_preferences1.htm -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Html\ebates_script0.htm -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Html\topmoxie_conflicts2.htm -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Html\topmoxie_proxy.htm -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_clickhere.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_getcashback.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_getcashbck.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_no.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_submit.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_yes.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\clear.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\ebates.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\ebates1.ico -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\ebates1_hot.ico -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\ebateslogo1.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\logo_topmox.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\moe_question.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\moe_reminder.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\moe_top.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\moe_with_cash.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\Images\spacer.gif -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\System -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\System\browsers.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\System\loader.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\System\personality.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\System\shopping.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
C:\Program Files\EbatesMoeMoneyMaker\System\System\system.dls -> Adware.MoneyMaker : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\NavExcel.NavHelper -> Adware.NavExcel : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\NavExcel.NavHelper.1 -> Adware.NavExcel : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\NavExcel.NavHelper\CLSID -> Adware.NavExcel : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\NavExcel.NavHelper\CurVer -> Adware.NavExcel : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NavHelper -> Adware.NavExcel : Cleaned with backup (quarantined).
HKLM\SOFTWARE\NavExcel -> Adware.NavExcel : Cleaned with backup (quarantined).
HKLM\SOFTWARE\NavExcel\NavHelper -> Adware.NavExcel : Cleaned with backup (quarantined).
HKLM\SOFTWARE\NavExcel\NavHelper\v2.0.4d -> Adware.NavExcel : Cleaned with backup (quarantined).
C:\Documents and Settings\Janice\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Janice\Start Menu\Programs\Power Scan\Power Scan.lnk -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Program Files\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Program Files\Power Scan\powerscan.exe -> Adware.PowerScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Cleaned with backup (quarantined).
HKU\S-1-5-21-4153434948-4166311935-279048624-1005\Software\PowerScan -> Adware.PowerScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper -> Adware.SideFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 -> Adware.SideFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CLSID -> Adware.SideFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CurVer -> Adware.SideFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SideFind.Finder -> Adware.SideFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SideFind.Finder.1 -> Adware.SideFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SideFind.Finder\CLSID -> Adware.SideFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SideFind.Finder\CurVer -> Adware.SideFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\SideFind -> Adware.SideFind : Cleaned with backup (quarantined).
C:\data -> Downloader.IstBar.nh : Cleaned with backup (quarantined).


::Report end

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 20 February 2007 - 07:12 PM

Download and scan with the free 15 day trial of Counterspy
Once installed launch Counterspy.
Click on 'Spyware Scan',then click 'Updates' at the top right.
Once any available updates have been installed,click the 'Scan Now' button.
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into a Word/Text document,then save it to your desktop.

***************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.

Reboot,post the Counterspy report,the BitDefender Online Scanner log,and a new Hijackthis log into your next reply please.
Let me know how it's running now.
Posted Image
Posted Image

#9 Mitco39

Mitco39
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 21 February 2007 - 05:48 PM

Can you give me another online scanner...This one doesnt work.

It will scan for a bit then without warning the computer will just shut off.

If you could give me a alternative it would be great.

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 21 February 2007 - 06:08 PM

Try running this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.
Post the report with the Counterspy report please.
Posted Image
Posted Image

#11 Mitco39

Mitco39
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 21 February 2007 - 09:20 PM

Ok the scan completed but it did not allow me to correct the errors it found...here are the reports.

==================

Logfile of HijackThis v1.99.1
Scan saved at 7:13:58 PM, on 22/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Janice\My Documents\My Received Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/home_page.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

========================


Incident Status Location

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Janice\Cookies\janice@hitbox[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Janice\Cookies\janice@bluestreak[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Janice\Cookies\janice@atdmt[2].txt

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 21 February 2007 - 09:31 PM

Your log is clean :thumbsup:
If all's ok,please do the following:

Revert the following settings back to default:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

You should now go to Windows Update and install any available critical/high priority updates.

Read through the info found here,to help you prevent any possible future infections.
How did I get infected?
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Posted Image
Posted Image

#13 Mitco39

Mitco39
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 22 February 2007 - 12:25 AM

My toolbar still isnt working though? nothing shows up there and i am constantly using the task manager to switch between windows? Any suggestions on what would be causing this?

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 22 February 2007 - 04:41 AM

My toolbar still isnt working though?

What toolbar are you referring to,can you post more details please.
Posted Image
Posted Image

#15 Mitco39

Mitco39
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 22 February 2007 - 09:53 AM

The Windows tool bar. The one with the start button on it and the clock. I found out that if i turn off the quick launch on it, it disappears all together leaving me with no tool bar at all. Its weird i never had this happen to me before.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users