Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Alert Popup Problem


  • Please log in to reply
5 replies to this topic

#1 apacheteeth

apacheteeth

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 01 March 2007 - 10:39 PM

I have the same problem as another topic I found by tamarod, I have a security alert popup that leads to spyvermin among other sites. Here's my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:26:26 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\hijackthis\HijackThis.exe
D:\Program Files\BlueLight Internet\exec.exe
D:\Program Files\BlueLight Internet\exec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mybluelight.com/s/sp?r=al&c...indate=20040707
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\BLSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common\yiesrvc.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Image ActiveX Object\isadd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} - D:\Program Files\BlueLight Internet\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [BlueLight_uoltray] D:\Program Files\BlueLight Internet\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] D:\RATIGA~1\RATIGA~1\RATIGA~1\SCHOOL\MESSAGES\STUFF\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\blspc.exe" -w
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\RATIGA~1\RATIGA~1\RATIGA~1\SCHOOL\MESSAGES\STUFF\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common\yinsthelper.dll
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

and... I think the ALCMTR.EXE was the problem and I saw it under my processes earlier...thanks

i also can't access adobe acrobat... when I go to the website http://www.physicspp.com and try to acces the physics textbook it keeps having some kind of application error... i don't know if they're related, or if its a seperate problem.

Edited by apacheteeth, 01 March 2007 - 10:41 PM.


BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:19 AM

Posted 02 March 2007 - 10:09 AM

Welcome to BC :thumbsup:

Please go to Add/Remove Programs and Remove the following:
System Alert Popup



Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
http://siri.geekstogo.com/SmitfraudFix.exe
  • Double-click on SmitfraudFix.exe

    Posted Image

  • Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
  • In your next reply, please post the results of rapport.txt.
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "Risk Tool". Its not a virus, but a program used to stop system precesses. Antivirus programs cannot distinguish between "good" and malicious" use of the such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Microsoft MVP Consumer Security--2007-2010

#3 apacheteeth

apacheteeth
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 02 March 2007 - 08:24 PM

SmitFraudFix v2.146

Scan done at 18:14:24.07, Fri 03/02/2007
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\HP_Administrator


C:\Documents and Settings\HP_Administrator\Application Data


Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

C:\DOCUME~1\HP_ADM~1\FAVORI~1

C:\DOCUME~1\HP_ADM~1\FAVORI~1\Online Security Test.url FOUND !

Desktop


C:\Program Files

C:\Program Files\Image ActiveX Object\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


pe386-msguard-lzx32-huy32


Scanning wininet.dll infection


End

#4 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:19 AM

Posted 03 March 2007 - 02:24 AM

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes. To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". See How to Boot in "SAFE MODE" tutorial if needed.
  • Double-click on SmitfraudFix.exe.
  • Select 2 and hit Enter to delete the infected files

    Posted Image
  • You will be prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace Infected file? answer Y (yes) and hit Enter to restore a clean file.
  • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
  • In your next reply, please include a fresh Hijackthis log and rapport log.
============================

Download and scan with SUPERAntiSypware Free for Home Users
alternate site
  • Double-click SUPERAntiSypware.exe to install and use the default settings for installation.
  • Run SUPERAntiSypware and update the definitions before scanning by selecting "Check for Udates".
  • When done, select "Scan for Harmful Software".
  • There are three scanning options available. Choose "Perform Complete Scan" and click "Next".
  • When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
  • Place a checkmark next to items you wish to remove/quarantine and Click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked to Reboot, please do.
  • After Reboot, double-click on SuperAnti-Spyware icon on your Deskto[
  • Click Preferences, Click the Statistics/Logs Tab.
  • Under Scanner logs, Double-click SuperAnti-Spyware Scan Log.
  • It will open in your default test editor (such as Notepad or WordPad).
  • Please Highlight everything in the Notepad, then right-click and choose copy.
  • In your next reply, please post those results and include a fresh Hijackthis log.
  • Select close to exit the program.
Note: If you encounter any problems while downloading the updates, manually download and unzip them from here.
Microsoft MVP Consumer Security--2007-2010

#5 apacheteeth

apacheteeth
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 04 March 2007 - 02:01 PM

These are the logs after doing the Safe Mode section:
Logfile of HijackThis v1.99.1
Scan saved at 7:33:41 PM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mybluelight.com/s/sp?r=al&c...indate=20040707
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\BLSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} - D:\Program Files\BlueLight Internet\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [BlueLight_uoltray] D:\Program Files\BlueLight Internet\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\blspc.exe" -w
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\RATIGA~1\RATIGA~1\RATIGA~1\SCHOOL\MESSAGES\STUFF\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common\yinsthelper.dll
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

SmitFraudFix v2.146

Scan done at 19:30:40.06, Sat 03/03/2007
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"


Killing process


hosts


127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\HP_ADM~1\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\Image ActiveX Object\ Deleted

Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End


And these are the logs of the SuperAntiSpyware and an additional Hijackthis log:
SUPERAntiSpyware Scan Log
Generated 03/04/2007 at 10:36 AM

Application Version : 3.5.1016

Core Rules Database Version : 3193
Trace Rules Database Version: 1203

Scan type : Complete Scan
Total Scan Time : 00:56:54

Memory items scanned : 502
Memory threats detected : 0
Registry items scanned : 6497
Registry threats detected : 11
File items scanned : 49064
File threats detected : 186

Neopets Toolbar
HKLM\Software\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\InprocServer32
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\InprocServer32#ThreadingModel
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ProgID
C:\PROGRA~1\NEOPETS\TOOLBAR\TOOLBAR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD292324-974F-4224-D074-CACA427AA030}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CD292324-974F-4224-D074-CACA427AA030}
HKCR\Toolbar.Neopets
HKCR\Toolbar.Neopets\Clsid
HKU\S-1-5-21-1241260734-2240881449-3442659214-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{CD292324-974F-4224-D074-CACA427AA030}

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@click.cashengines[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.hbmediapro[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.drivecleaner[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.euroclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracking.publicidees[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@z1.adserver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yadro[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.antivermins[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.analsexclips[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@citi.bridgetrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.entrepreneur[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nextag[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www2.addfreestats[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@directtrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@estat[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@icc.intellisrv[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stimorolsex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sitestats.tiscali.co[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a.websponsors[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.2adultflashgames[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.newgrounds[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sex-porno.com[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adprofile[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.bridgetrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data4.perf.overture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dcs4z9z5284gol4nko46dauim_9c9l[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@qksrv[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.telegraph.co[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edge.ru4[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cgi-bin[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@webstats4u[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@LPearthlink2[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xiti[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hentaicounter[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hits.clickandtrack[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tradedoubler[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cgi-bin[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.clickxchange[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sales.liveperson[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.cnn[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adrevolver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.stopbounce[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@drivecleaner[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.cibleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats24[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anat.tacoda[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@belnk[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serviceswitching[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adknowledge[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@offeroptimizer[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.sex-porno.com[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cgi-bin[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@spylog[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hestia.sextrail.trakkerd[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@maxserving[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rapidresponse.directtrack[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@valueclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@partner2profit[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@66693905[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@list[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.cpmstar[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cnn.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adecn[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.monster[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media5.sitebrand[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trackalyzer[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@f[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@top2[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@s1.shinystat[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkyoidjcao.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats1.reliablestats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.goodcounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.googleadservices[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracking.server.yahoo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data2.perf.overture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cs.sexcounter[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.pestcapture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kanoodle[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.dmcmedia.co[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.xctrk[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@webstat[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fhg.best-sex-galleries[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@coolsavings[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@precisionclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@3.adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xxxcounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@programs.wegcash[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickthrough.wegcash[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@banners.decisionmark[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@roi[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.addesktop[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cz9.clickzs[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sexmix[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.realtechnetwork[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.smartadserver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@downloadanimalsex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.buddyprofile[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@weborama[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rambler[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@shinystat[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.addynamix[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adtech[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@offers.intermediainteractive[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.hqzoosex[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@banners.pictures.sprintpcs[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@entrepreneur[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@exitexchange[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.lair-alliance[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@campaign.indieclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.fimnetwork[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.sexmaxx[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adinterax[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracking.foxnews[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@canadapost.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@1.adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dist.belnk[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@undefinedcollect.realmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@qnsr[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@animalsexfilez.animalsex-blog[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.macromedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@paycounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnprod.oberon-media[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gostats[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@4.adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.0stats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@web4.realtracker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@keywordmax[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sexmaxx[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@toplist[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@click.zoopartners[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracker.affistats[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats.drivecleaner[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.tracking101[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.fastclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adultcheck[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@perf.overture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@usatoday1.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cz11.clickzs[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.revsci[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.downloadanimalsex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adlegend[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@2o7[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@ads.addynamix[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@mediaplex[1].txt

Browser Hijacker.Favorites
C:\RECYCLER\S-1-5-21-1241260734-2240881449-3442659214-1008\DC5.URL
C:\RECYCLER\S-1-5-21-1241260734-2240881449-3442659214-1008\DC6.URL



Logfile of HijackThis v1.99.1
Scan saved at 11:49:07 AM, on 3/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\BlueLight Internet\exec.exe
D:\Program Files\BlueLight Internet\exec.exe
C:\Documents and Settings\HP_Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mybluelight.com/s/sp?r=al&c...indate=20040707
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\BLSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} - D:\Program Files\BlueLight Internet\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [BlueLight_uoltray] D:\Program Files\BlueLight Internet\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\blspc.exe" -w
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\RATIGA~1\RATIGA~1\RATIGA~1\SCHOOL\MESSAGES\STUFF\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Ratigan's Folder2\Ratigan's Folder2\Ratigan's Folder\School\Messages\y\Common\yinsthelper.dll
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#6 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:19 AM

Posted 04 March 2007 - 09:11 PM

Your log is clean!!!! :thumbsup:



Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...

===================================

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 onlySave it to your desktop

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

=============================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.



========================================

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:
  • Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  • If you don't have a Firewall installed, please choose from the following:
  • If you don't have a Anti-Virus installed, please download the following free program:
  • Here are two great Preventive programs:
    • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
    • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
  • Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
    • Red for Warning
    • Yellow for Use Caution
    • Green for Safe
    • Grey for Unknown
    Here are the link to install SiteAdisor in Internet Explorer and Firefox
  • Anti-Spyware Programs I Recommend:
  • For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place]

Edited by sjpritch25, 04 March 2007 - 09:11 PM.

Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users