Security Tool Bar 7.1 - Geeks to Go!

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

Security Tool Bar 7.1

Options

sbcroof View Member Profile	Sep 8 2007, 08:16 PM Post #1
New Member Posts: 3 OS: Windows XP	I got this spyware on my machine and followed some advice on here,but cannot get rid of it all. I got rid of the tool bar, but it will not let me keep yahoo as my hompage -changes it to about blank all the time. I also have the red blue icon in my lower right tool bar tray. Can anyone help?

sbcroof View Member Profile	Sep 9 2007, 06:47 AM Post #2
New Member Posts: 3 OS: Windows XP	I attached a copy of my HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:46:39 AM, on 9/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Video ActiveX Access\iesmn.exe C:\Program Files\Video ActiveX Access\iesmin.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qw2002.quicken.com/cgi-bin/qd.cgi/w...=4&sn=20110 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing) O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe O4 - Startup: PowerReg SchedulerV2.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O22 - SharedTaskScheduler: biisk - {f39d0dee-b2f0-4591-9187-1cc39c1df98a} - C:\WINDOWS\system32\kzpkwj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -- End of file - 7855 bytes

sbcroof View Member Profile	Sep 9 2007, 07:38 AM Post #3
New Member Posts: 3 OS: Windows XP	Also Combofix Log ComboFix 07-09-09.4 - "Scott" 2007-09-09 9:03:27.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.58 [GMT -4:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\video activex access C:\Program Files\video activex access\iesbpl.dll C:\Program Files\video activex access\iesbunst.exe C:\Program Files\video activex access\iesmin.exe C:\Program Files\video activex access\iesmn.exe C:\Program Files\video activex access\iesunst.exe C:\Program Files\video activex access\ot.ico C:\Program Files\video activex access\ts.ico C:\setup.exe C:\WINDOWS\system32\drivers\ASC3550.SYS C:\WINDOWS\system32\wnsintsu.exe ((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 ))))))))))))))))))))))))))))))) . 2007-09-09 09:11 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\asc3550.sys 2007-09-09 09:11 14,848 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\asc3550.sys 2007-09-09 09:02 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-08 21:59 <DIR> d-------- C:\VundoFix Backups 2007-09-08 21:49 <DIR> d-------- C:\Program Files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-07-18 18:15 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-13 06:23 1033216 --------- C:\WINDOWS\explorer.exe 2006-10-14 16:53 563712 --------- C:\DOCUME~1\Scott\gotomypc_370.exe 2003-04-03 21:20 207759 --------- C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C3C4699-B285-475F-BE47-0B26088CE876}] C:\Program Files\Video ActiveX Access\iesplg.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}"= C:\Program Files\Video ActiveX Access\iesbpl.dll [ ] [HKEY_CLASSES_ROOT\CLSID\{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2002-12-13 18:05] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00] "POINTER"="point32.exe" [] "Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2004-12-11 12:04] "IPInSightMonitor 01"="C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 04:34] "IPInSightLAN 01"="C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 04:34] "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 20:22] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 15:30] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-15 21:25] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-02-07 18:39] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ DESKTOP.INI [2002-09-03 11:00:00] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-04-03 21:12:49] C:\DOCUME~1\Scott\STARTM~1\Programs\Startup\ DESKTOP.INI [2002-09-03 11:00:00] PowerReg SchedulerV2.exe [2004-01-18 10:31:33] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\ DESKTOP.INI [2002-09-03 11:00:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{f39d0dee-b2f0-4591-9187-1cc39c1df98a}"= C:\WINDOWS\system32\kzpkwj.dll [2007-09-08 09:01 12800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido anti-malware\guard.sys R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys S3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\System32\drivers\NMSCFG.SYS S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe . Contents of the 'Scheduled Tasks' folder "2007-09-04 00:06:09 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Scott.job" - C:\Program Files\Norton AntiVirus\Navw32.exe . ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-09 09:19:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-09-09 9:35:04 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-09 09:34 . --- E O F ---

« Next Oldest · Malware Removal - HijackThis™ Logs Go Here · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Pop ups and security alert in tool bar that says network-ivirus. antiv	1 / 161	17th September 2006 - 02:11 AM jimdburd started - last by Noviciate
Security Tool Bar 7.1	7 / 613	6th September 2007 - 10:16 AM chcseattle started - last by Rawe
my start tool bar is gone	1 / 115	15th May 2008 - 02:05 PM Djgeek started - last by fawoodward
Tool Bar Sys_06.ocx [CLOSED]	3 / 159	11th June 2008 - 08:26 AM david james started - last by IndiGenus
Virus Alert in tool bar [CLOSED]	10 / 505	19th August 2008 - 11:40 AM Luxdragon started - last by Mike