Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow/Freezing Internet Explorer. Linkoptimizer?

Started by CHORE , Jul 28 2006 02:52 PM

Please log in to reply

#1
CHORE

Posted 28 July 2006 - 02:52 PM

Member

Member
15 posts

My Internet Explorer has been running slowly, particularly when I open a new window. Additionally, whenever I make a Google search, a bogus anti-malware ad pops up. I noticed a program called "Linkoptimizer" in my "Add/Remove Programs" list.

Here's my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:00:00 PM, on 7/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\21ad72c5.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\FSScrCtl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bestbuy.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {A3463422-100A-6767-1DAE-9865BA77137A} - C:\WINDOWS\kfjei1.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [21ad72c5.exe] C:\WINDOWS\System32\21ad72c5.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [21ad72c5.exe] C:\Documents and Settings\user\Local Settings\Application Data\21ad72c5.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154106735312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Thanks for your help!

#2
sari

Posted 31 July 2006 - 11:30 AM

GeekU Admin

Community Leader
21,805 posts

CHORE,

Hi, and welcome to Geeks to Go. I'm sorry you've had to wait - it's been busy here.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A3463422-100A-6767-1DAE-9865BA77137A} - C:\WINDOWS\kfjei1.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [21ad72c5.exe] C:\WINDOWS\System32\21ad72c5.exe
O4 - HKCU\..\Run: [21ad72c5.exe] C:\Documents and Settings\user\Local Settings\Application Data\21ad72c5.exe

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\System32\21ad72c5.exe
C:\Documents and Settings\user\Local Settings\Application Data\21ad72c5.exe

After that, Reboot.

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
If it wants to install an ActiveX component allow it
Select either Home User or Company
Click the big Scan Now button
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Please include a new hijackthis report and the Activescan report in your log.

Thanks,

sari

#3
CHORE

Posted 31 July 2006 - 03:13 PM

Member

Topic Starter
Member
15 posts

Sari -

Thanks for your help!
Here are the new logs:

Logfile of HijackThis v1.99.1
Scan saved at 3:23:44 PM, on 7/31/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bestbuy.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154106735312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Incident Status Location

Adware:adware/ieloader Not disinfected Windows Registry
Potentially unwanted tool:application/kill&clean Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF69DF00-2734-477F-8257-27CD04F88779}
Dialer:dialer.min Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Adware:adware/spywaresheriff Not disinfected Windows Registry
Adware:adware/adrotator Not disinfected Windows Registry
Adware:adware/netword Not disinfected Windows Registry
Adware:adware/wetoffice Not disinfected Windows Registry
Adware:adware/spywaresoftstop Not disinfected Windows Registry
Adware:adware/mmediapd Not disinfected Windows Registry
Adware:adware/click Not disinfected Windows Registry
Adware:adware/quantos Not disinfected Windows Registry
Spyware:spyware/browseraccelerator Not disinfected Windows Registry
Adware:adware/wmmafia Not disinfected Windows Registry
Adware:adware/sinabar Not disinfected Windows Registry
Adware:adware/psic Not disinfected Windows Registry
Adware:adware/ourxin Not disinfected Windows Registry
Adware:adware/idonate Not disinfected Windows Registry
Adware:adware/brands Not disinfected Windows Registry
Adware:adware/eztracks Not disinfected Windows Registry
Adware:adware/roogoo Not disinfected Windows Registry
Adware:adware/targetad Not disinfected Windows Registry
Adware:adware/yazzle Not disinfected Windows Registry
Adware:adware/gator.gotsmiley Not disinfected Windows Registry
Adware:adware/spywarequake Not disinfected Windows Registry
Dialer:dialer.gun Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFB51760-344E-4FFB-BFFF-4B18C7AC1D63}
Potentially unwanted tool:application/seekmo Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
Adware:adware/trustin Not disinfected Windows Registry
Adware:adware/vog Not disinfected Windows Registry
Adware:adware/emediacodec Not disinfected Windows Registry
Adware:adware/flyswat Not disinfected Windows Registry
Adware:adware/ready2wear Not disinfected Windows Registry
Spyware:spyware/searchnet Not disinfected Windows Registry
Potentially unwanted tool:application/mediapipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
Adware:adware/shorty Not disinfected Windows Registry
Adware:adware/spyfalcon Not disinfected Windows Registry
Adware:adware/alfacleaner Not disinfected Windows Registry
Adware:adware/adwaresheriff Not disinfected Windows Registry
Adware:adware/confusearch Not disinfected Windows Registry
Potentially unwanted tool:application/malwarewipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3103509-F6EC-4592-B5F2-FD862199D778}
Adware:adware/youcouldwinthis Not disinfected Windows Registry
Potentially unwanted tool:application/errorsafe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
Adware:adware/spywarestrike Not disinfected Windows Registry
Dialer:dialer.fgw Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF25B447-C0EF-49BB-97D8-D7C3FA27DF5F}
Adware:adware/fchelp Not disinfected Windows Registry
Adware:adware/rbtoolbar Not disinfected Windows Registry
Adware:adware/dropspam Not disinfected Windows Registry
Dialer:dialer.epr Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E15D681-1D20-11D4-8B72-000021DA1956}
Adware:adware/startpage.anl Not disinfected Windows Registry
Adware:adware/crystalys Not disinfected Windows Registry
Adware:adware/adwhere Not disinfected Windows Registry
Adware:adware/winhound Not disinfected Windows Registry
Adware:adware/cws.payfortraffic Not disinfected Windows Registry
Dialer:dialer.dxp Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C881E6FC-C673-4FDD-AEF8-B36DFB10E401}
Potentially unwanted tool:application/spyaxe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
Adware:adware/enhancemsearch Not disinfected Windows Registry
Dialer:dialer.dvj Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c32ee4cb-e99f-4147-bfae-67ff3b6f8076}
Adware:adware/borlander Not disinfected Windows Registry
Adware:adware/mytoolbar Not disinfected Windows Registry
Adware:adware/cws.ezsearch Not disinfected Windows Registry
Adware:adware/ipend Not disinfected Windows Registry
Adware:adware/pigsearch Not disinfected Windows Registry
Adware:adware/securitytoolbar Not disinfected Windows Registry
Adware:adware/sweetbar Not disinfected Windows Registry
Adware:adware/syslibie Not disinfected Windows Registry
Adware:adware/videoc Not disinfected Windows Registry
Adware:adware/spyaxe Not disinfected Windows Registry
Adware:adware/falkag Not disinfected Windows Registry
Adware:adware/zeropopup Not disinfected Windows Registry
Adware:adware/webext Not disinfected Windows Registry
Adware:adware/bdnl Not disinfected Windows Registry
Adware:adware/masterbar Not disinfected Windows Registry
Adware:adware/ist.csearch Not disinfected Windows Registry
Adware:adware/cramtoolbar Not disinfected Windows Registry
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/cashsaver Not disinfected Windows Registry
Adware:adware/bonzibuddy Not disinfected Windows Registry
Adware:adware/blowsearch Not disinfected Windows Registry
Adware:adware/affilred Not disinfected Windows Registry
Adware:adware/adultlinks Not disinfected Windows Registry
Adware:adware/adservernow Not disinfected Windows Registry
Adware:adware/adbars Not disinfected Windows Registry
Adware:adware/cashdeluxe Not disinfected Windows Registry
Potentially unwanted tool:application/errorguard Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
Adware:adware/mpgcom Not disinfected Windows Registry
Adware:adware/surfassistant Not disinfected Windows Registry
Adware:adware/morwillsearch Not disinfected Windows Registry
Adware:adware/infocrawler Not disinfected Windows Registry
Adware:adware/adcom Not disinfected Windows Registry
Adware:adware/easyerror Not disinfected Windows Registry
Adware:adware/weblookup Not disinfected Windows Registry
Adware:adware/customtoolbar Not disinfected Windows Registry
Dialer:dialer.dkf Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
Adware:adware/quickbar Not disinfected Windows Registry
Dialer:dialer.dji Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C24626A-CC0D-49d6-8454-AAA5B97D4410}
Dialer:dialer.dip Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC3185AE-864F-4E62-9321-0E9FA1CBE6A4}
Adware:adware/2search Not disinfected Windows Registry
Adware:adware/upspiralbar Not disinfected Windows Registry
Adware:adware/uppcbar Not disinfected Windows Registry
Adware:adware/5-search Not disinfected Windows Registry
Adware:adware/bondreal Not disinfected Windows Registry
Adware:adware/popupsearches Not disinfected Windows Registry
Potentially unwanted tool:application/winfixer2005 Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
Adware:adware/securityerror Not disinfected Windows Registry
Adware:adware/mediaplex Not disinfected Windows Registry
Adware:adware/favadd Not disinfected Windows Registry
Adware:adware/windrv Not disinfected Windows Registry
Adware:adware/ddos Not disinfected Windows Registry
Adware:adware/activshopper Not disinfected Windows Registry
Adware:adware/mariasearch Not disinfected Windows Registry
Adware:adware/ieplus Not disinfected Windows Registry
Adware:adware/bestsearchengine Not disinfected Windows Registry
Adware:adware/qoologic Not disinfected Windows Registry
Adware:adware/searchresults Not disinfected Windows Registry
Adware:adware/cws.customie Not disinfected Windows Registry
Adware:adware/block-checker Not disinfected Windows Registry
Dialer:dialer.cso Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BC36767-3FCC-4948-8A13-703F887A3E87}
Adware:adware/adblock Not disinfected Windows Registry
Adware:adware/thingies Not disinfected Windows Registry
Adware:adware/spyblast Not disinfected Windows Registry
Adware:adware/enhsrch Not disinfected Windows Registry
Adware:adware/riversoft Not disinfected Windows Registry
Adware:adware/invisiblepop Not disinfected Windows Registry
Adware:adware/henbang Not disinfected Windows Registry
Adware:adware/stripplayer Not disinfected Windows Registry
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Adware:adware/appoli Not disinfected Windows Registry
Adware:adware/bdsearch Not disinfected Windows Registry
Adware:adware/gxb Not disinfected Windows Registry
Adware:adware/veevo Not disinfected Windows Registry
Dialer:dialer.bnz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D7334F5-CF58-4F22-8502-6CC0ACB2FE6B}
Adware:adware/searchexplorer Not disinfected Windows Registry
Dialer:dialer.bmt Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8512B008-B0AA-451F-A744-A289FD8FFDE6}
Adware:adware/popupdefence Not disinfected Windows Registry
Adware:adware/seekseek Not disinfected Windows Registry
Adware:adware/winres Not disinfected Windows Registry
Dialer:dialer.bkj Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E}
Adware:adware/browserplugin Not disinfected Windows Registry
Adware:adware/clicker.b Not disinfected Windows Registry
Adware:adware/surfplugin Not disinfected Windows Registry
Adware:adware/consumeralertsystem Not disinfected Windows Registry
Adware:adware/afaenhance Not disinfected Windows Registry
Adware:adware/seeqbar Not disinfected Windows Registry
Adware:adware/alibabar Not disinfected Windows Registry
Adware:adware/dudu Not disinfected Windows Registry
Adware:adware/hoonter Not disinfected Windows Registry
Adware:adware/ietoolbar Not disinfected Windows Registry

#4
sari

Posted 31 July 2006 - 03:18 PM

GeekU Admin

Community Leader
21,805 posts

CHORE,

Could you make sure your activescan log didn't get cut off? It's pretty long, and you may need 2 posts to get it all.

Thanks,

sari

#5
CHORE

Posted 31 July 2006 - 03:48 PM

Member

Topic Starter
Member
15 posts

Here's the 2nd half -- sorry about that

Adware:adware/psguard Not disinfected Windows Registry
Adware:adware/oemji Not disinfected Windows Registry
Adware:adware/winstat Not disinfected Windows Registry
Adware:adware/diytoolbar Not disinfected Windows Registry
Adware:adware/moneygainer Not disinfected Windows Registry
Adware:adware/weirdontheweb Not disinfected Windows Registry
Adware:adware/antivirus-gold Not disinfected Windows Registry
Adware:adware/kz515 Not disinfected Windows Registry
Adware:adware/miamore Not disinfected Windows Registry
Dialer:dialer.cbz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17243282-24D7-01A5-B2CE-4AD63FBA0B93}
Adware:adware/g-search Not disinfected Windows Registry
Adware:adware/bigtrafficnet Not disinfected Windows Registry
Adware:adware/maxifiles Not disinfected Windows Registry
Spyware:spyware/lefeat Not disinfected Windows Registry
Adware:adware/craft Not disinfected Windows Registry
Adware:adware/aurora Not disinfected Windows Registry
Adware:adware/digitalnames Not disinfected Windows Registry
Adware:adware/redbanner Not disinfected Windows Registry
Adware:adware/coolsavings Not disinfected Windows Registry
Adware:adware/richfind Not disinfected Windows Registry
Adware:adware/ctxpopup Not disinfected Windows Registry
Adware:adware/stickypops Not disinfected Windows Registry
Adware:adware/startpage.wl Not disinfected Windows Registry
Adware:adware/startpage.wh Not disinfected Windows Registry
Adware:adware/wazzup Not disinfected Windows Registry
Adware:adware/imgiant Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{630D6140-04C5-4db0-B27A-020D766FF09B}
Adware:adware/ezcybersearch Not disinfected Windows Registry
Adware:adware/advertor Not disinfected Windows Registry
Adware:adware/novo Not disinfected Windows Registry
Adware:adware/baidubar Not disinfected Windows Registry
Adware:adware/xmllib Not disinfected Windows Registry
Adware:adware/rxtoolbar Not disinfected Windows Registry
Adware:adware/mbkwbar Not disinfected Windows Registry
Adware:adware/virmaid Not disinfected Windows Registry
Adware:adware/startpage.acd Not disinfected Windows Registry
Adware:adware/popuper Not disinfected Windows Registry
Adware:adware/premiumsearch Not disinfected Windows Registry
Adware:adware/mshtmpre Not disinfected Windows Registry
Adware:adware/nowfind Not disinfected Windows Registry
Adware:adware/startpage.abr Not disinfected Windows Registry
Adware:adware/bluescreenwarning Not disinfected Windows Registry
Dialer:dialer.avv Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{600F23ED-5F29-49FF-1678-0E780F1A0814}
Adware:adware/d9x Not disinfected Windows Registry
Adware:adware/startpage.aai Not disinfected Windows Registry
Adware:adware/iebar Not disinfected Windows Registry
Potentially unwanted tool:application/eblaster Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4b58522-89aa-45ed-bf8d-ebe7207a5d2a}
Adware:adware/startpage.aaf Not disinfected Windows Registry
Spyware:spyware/way4find Not disinfected Windows Registry
Adware:adware/abox Not disinfected Windows Registry
Adware:adware/admess Not disinfected Windows Registry
Adware:adware/startpage.kc Not disinfected Windows Registry
Adware:adware/gogotools Not disinfected Windows Registry
Dialer:dialer.asl Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{042EEA26-2402-4E5A-B5BB-0FB445A5526E}
Adware:adware/77ttt Not disinfected Windows Registry
Adware:adware/hotoffers Not disinfected Windows Registry
Adware:adware/mediaback Not disinfected Windows Registry
Adware:adware/iguard Not disinfected Windows Registry
Adware:adware/topspyware Not disinfected Windows Registry
Adware:adware/adultlt Not disinfected Windows Registry
Adware:adware/adsmart Not disinfected Windows Registry
Adware:adware/searchforit Not disinfected Windows Registry
Adware:adware/pacimedia Not disinfected Windows Registry
Adware:adware/gatorclone Not disinfected Windows Registry
Adware:adware/popularsearches Not disinfected Windows Registry
Adware:adware/searcher Not disinfected Windows Registry
Adware:adware/navipromo Not disinfected Windows Registry
Potentially unwanted tool:application/iwon Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3001A8A6-2BE1-11D4-AEDE-0050DAC24E8F}
Adware:adware/abxsearch Not disinfected Windows Registry
Adware:adware/webdir Not disinfected Windows Registry
Dialer:dialer.ags Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A41C6220-6F42-4646-B119-FBE6F4D38E3C}
Adware:adware/mirar Not disinfected Windows Registry
Adware:adware/ipbill Not disinfected Windows Registry
Dialer:dialer.afa Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14051602-5C4E-11d6-916B-00E02964E8E3}
Adware:adware/winad Not disinfected Windows Registry
Dialer:dialer.adn Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02}
Dialer:dialer.adm Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCDB34A6-C1A6-4C89-9526-E84A579A0EF7}
Adware:adware/delta Not disinfected Windows Registry
Adware:adware/coolsearchhome Not disinfected Windows Registry
Adware:adware/instafinder Not disinfected Windows Registry
Adware:adware/azesearch Not disinfected Windows Registry
Adware:adware/clearsurfing Not disinfected Windows Registry
Adware:adware/toolbarins Not disinfected Windows Registry
Dialer:dialer.aas Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33331111-1111-1111-1111-622221193458}
Adware:adware/transponder Not disinfected Windows Registry
Adware:adware/iemenuextension Not disinfected Windows Registry
Adware:adware/otx Not disinfected Windows Registry
Adware:adware/cws.aboutblank Not disinfected Windows Registry
Adware:adware/looksmart Not disinfected Windows Registry
Adware:adware/cws.nfo Not disinfected Windows Registry
Adware:adware/toolbarsimbar Not disinfected Windows Registry
Spyware:spyware/iehelp Not disinfected Windows Registry
Dialer:dialer.za Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d6addbf-8227-4d36-ae46-116afbdafca0}
Dialer:dialer.yz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02C20140-76F8-4763-83D5-B660107B7A90}
Dialer:dialer.yy Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23273a1c-c870-43c4-a3e3-67dc98630ac6}
Dialer:dialer.yx Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB}
Adware:adware/commandertoolbar Not disinfected Windows Registry
Adware:adware/startpage.qh Not disinfected Windows Registry
Dialer:dialer.yc Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96b01a48-1317-4a87-91f7-10116f755705}
Spyware:spyware/linkreplacer Not disinfected Windows Registry
Adware:adware/cws.searchmeup Not disinfected Windows Registry
Adware:adware/esyndicate Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Adware:adware/findspy Not disinfected Windows Registry
Adware:adware/cleangetaway Not disinfected Windows Registry
Adware:adware/xrenoder Not disinfected Windows Registry
Adware:adware/mybhospy Not disinfected Windows Registry
Dialer:dialer.xs Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ceb29da4-7afa-4f24-b3cd-17351d590df0}
Spyware:spyware/petro-line Not disinfected Windows Registry
Adware:adware/btgrab Not disinfected Windows Registry
Adware:adware/gigabar Not disinfected Windows Registry
Adware:adware/hungryhands Not disinfected Windows Registry
Spyware:spyware/lowzones Not disinfected Windows Registry
Adware:adware/24-7-search Not disinfected Windows Registry
Dialer:dialer.xe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30CE93AE-4987-483C-9ABE-F2BD5301AB70}
Dialer:dialer.xd Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
Adware:adware program Not disinfected Windows Registry
Adware:adware/neon Not disinfected Windows Registry
Adware:adware/dailytoolbar Not disinfected Windows Registry
Adware:adware/browvil Not disinfected Windows Registry
Adware:adware/adshooter Not disinfected Windows Registry
Adware:adware/interkey Not disinfected Windows Registry
Adware:adware/globosearch Not disinfected Windows Registry
Adware:adware/ro2cn Not disinfected Windows Registry
Spyware:spyware/search3 Not disinfected Windows Registry
Spyware:spyware/escorcher Not disinfected Windows Registry
Spyware:spyware/fastsearchweb Not disinfected Windows Registry
Adware:adware/searchrelevancy Not disinfected Windows Registry
Spyware:spyware/surfsidekick Not disinfected Windows Registry
Adware:adware/stiebar Not disinfected Windows Registry
Spyware:spyware/iesearchtoolbar Not disinfected Windows Registry
Spyware:spyware/whazit Not disinfected Windows Registry
Adware:adware/mycustomie Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Dialer:dialer.vm Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F}
Adware:adware/fastvideoplayer Not disinfected Windows Registry
Adware:adware/startpage.na Not disinfected Windows Registry
Adware:adware/topconvert Not disinfected Windows Registry
Adware:adware/ebgames Not disinfected Windows Registry
Adware:adware/mytotalsearch Not disinfected Windows Registry
Spyware:spyware/bundleware Not disinfected Windows Registry
Adware:adware/activesearch Not disinfected Windows Registry
Adware:adware/deskwizz Not disinfected Windows Registry
Adware:adware/superspider Not disinfected Windows Registry
Spyware:spyware/spydeleter Not disinfected Windows Registry
Adware:adware/worldsearch Not disinfected Windows Registry
Spyware:spyware/shazaa Not disinfected Windows Registry
Adware:adware/getup Not disinfected Windows Registry
Adware:adware/quickbrowser Not disinfected Windows Registry
Adware:adware/mssearch Not disinfected Windows Registry
Adware:adware/startpage.mc Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Adware:adware/clkoptimizer Not disinfected Windows Registry
Adware:adware/powersearch Not disinfected Windows Registry
Adware:adware/kingporn Not disinfected Windows Registry
Adware:adware/iesearchbar Not disinfected Windows Registry
Adware:adware/thelocalsearch Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29D67D3C-509A-4544-903F-C8C1B8236554}
Adware:adware/whenusearch Not disinfected Windows Registry
Adware:adware/clocksync Not disinfected Windows Registry
Adware:adware/e2give Not disinfected Windows Registry
Adware:adware/tubby Not disinfected Windows Registry
Adware:adware/sgrunt Not disinfected Windows Registry
Spyware:spyware/marketscore Not disinfected Windows Registry
Adware:adware/fastfind Not disinfected Windows Registry
Adware:adware/sbsoft Not disinfected Windows Registry
Adware:adware/freescratch Not disinfected Windows Registry
Adware:adware/megasearch Not disinfected Windows Registry
Adware:adware/surebar Not disinfected Windows Registry
Adware:adware/locator Not disinfected Windows Registry
Adware:adware/midaddle Not disinfected Windows Registry
Adware:adware/searchsquire Not disinfected Windows Registry
Adware:adware/beginto Not disinfected Windows Registry
Spyware:spyware/omi Not disinfected Windows Registry
Adwar

#6
sari

Posted 01 August 2006 - 01:47 PM

GeekU Admin

Community Leader
21,805 posts

CHORE,

That log is obviously too big to post the whole thing, and I'd like to get that cleaned up before we move ahead.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Double-click sspsetup1.exe to install it.
Before installation it may ask you to check for program updates. Click YES.
Then finish installation leaving all the default options.
Once the program is installed, it will ask if you wish to reboot now choose YES.
We need to go into Safe Mode from here. To get into Safe Mode, while your computer is restarting continually tap the F8 key until a menu appears. User your up arrow key to highlight Safe Mode then hit enter.
Open SpySweeper, by double-clicking the icon on your desktop.
If will ask you if you want to run the Diagnostic version of SpySweeper click YES.
You will receive a prompt telling you it's running in Diagnostic version. Click OK.
Click Options on the left side (towards the bottom).
Click the Sweep tab.
Under Items to Sweep make sure the following are checked:
- Windows registry
- Memory objects
- Cookies
- Compressed Files
- System Restore Folder
Under Other Options make sure the following are checked:
- Sweep all user accounts
- Enable Direct Disk Sweeping
- Sweep for rootkits
Click OK. Click Start.
When it's done scanning, it will list any items found. Click Next.
Make sure everything found has a check next to it and click Next.
It will quarantine all items found.
Click Session Log in the lower left corner.
Click Save to File and save it on your desktop.
Close SpySweeper.
Restart your computer into normal Windows.
Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
If for some reason you didn't save the log you can get to it by clicking Options on the left. Then, View Session Log will be listed under Other Options.

Thanks,

sari

#7
CHORE

Posted 02 August 2006 - 11:08 AM

Member

Topic Starter
Member
15 posts

Here is the Spy Sweeper Log:

11:15 AM: Your spyware definitions have been updated.
Operation: File Access
Target:
Source: C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
11:15 AM: Tamper Detection
11:15 AM: IE Tracking Cookies Shield: Off
11:14 AM: IE Tracking Cookies Shield: Removed tribalfusion cookie
11:14 AM: IE Tracking Cookies Shield: Removed trafficmp cookie
11:14 AM: IE Tracking Cookies Shield: Removed serving-sys cookie
11:14 AM: IE Tracking Cookies Shield: Removed realmedia cookie
11:14 AM: IE Tracking Cookies Shield: Removed fastclick cookie
11:14 AM: IE Tracking Cookies Shield: Removed casalemedia cookie
11:14 AM: IE Tracking Cookies Shield: Removed atwola cookie
11:14 AM: IE Tracking Cookies Shield: Removed atlas dmt cookie
11:14 AM: IE Tracking Cookies Shield: Removed advertising cookie
11:14 AM: IE Tracking Cookies Shield: Removed pointroll cookie
11:14 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie
11:14 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
11:14 AM: IE Tracking Cookies Shield: On
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:13 AM: Shield States
11:13 AM: Spyware Definitions: 691
11:12 AM: Spy Sweeper 5.0.5.1286 started
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\TASKMGR.EXE
11:10 AM: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
Source: C:\WINDOWS\SYSTEM32\TASKMGR.EXE
11:10 AM: Tamper Detection
9:26 AM: The Spy Communication shield has blocked access to: PROMPT.ZANGOCASH.COM
9:26 AM: The Spy Communication shield has blocked access to: PROMPT.ZANGOCASH.COM
9:26 AM: The Spy Communication shield has blocked access to: PROMPT.ZANGOCASH.COM
9:26 AM: The Spy Communication shield has blocked access to: PROMPT.ZANGOCASH.COM
Operation: File Access
Target:
Source: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGW.EXE
8:00 AM: Tamper Detection
11:35 PM: BHO Shield: found: -- BHO installation allowed at user request
8:06 PM: Messenger service has been disabled.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:06 PM: Shield States
8:06 PM: Spyware Definitions: 691
8:05 PM: Spy Sweeper 5.0.5.1286 started
8:05 PM: Spy Sweeper 5.0.5.1286 started
8:05 PM: | Start of Session, Tuesday, August 01, 2006 |
********

Here is also a fresh HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 11:20:17 AM, on 8/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bestbuy.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154106735312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Edited by CHORE, 02 August 2006 - 11:10 AM.

#8
sari

Posted 02 August 2006 - 01:59 PM

GeekU Admin

Community Leader
21,805 posts

CHORE,

I realized you have 3 anti-virus programs running. This will cause conflicts and slowness. If your Norton subscription is not up-to-date, I would recommend uninstalling that program. AVG Free and Avast are both good programs, but you only need one, so please uninstall one of those as well.

Please review the Spysweeper instructions. Are you sure you clicked the Start button after setting the options in the Sweep tab? Your log doesn't indicate that Spysweeper actually scanned or fixed anything. Could you please try again?

Thanks,

sari

#9
CHORE

Posted 03 August 2006 - 10:37 PM

Member

Topic Starter
Member
15 posts

sari-

sorry for the slow reply, finals for summer school were up this week.

anyway, i've run spy sweeper twice now, and it's removerd a bunch of spy cookies as well as spyware quake, but the log i save is nowhere to be found once i log back in to unsafe mode. Procedure?

thanks,
chore

#10
sari

Posted 06 August 2006 - 08:10 AM

GeekU Admin

Community Leader
21,805 posts

CHORE,

Please try this in spysweeper:

Re-open Spysweeper, and click Options on the left. Then, View Session Log will be listed under Other Options.

Please post that log.

Thanks,

sari