Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MyWebSearch removal

Started by bisan , Feb 03 2008 02:43 PM

  • Please log in to reply

#1
bisan
Posted 03 February 2008 - 02:43 PM

bisan

    New Member

  • Member
  • Pip
  • 2 posts
I did the steps listed on the " You Must Read This Before Posting A Hijackthis Log, Malware Cleaning Guide" .

After running the scans the first time, I deleted all my System Restore Points and scanned again.

Results for my scans are as follows:

AVG Anti-Spyware:
No reports available. I followed the configuration instructions carefully, but AVG Anti-Spyware would not give me a report for both of the scans I ran.
The first scan found some items and removed them.
The Quarentine Tab under Infections shows the following:
Origin: C:\RECYCLER\NPROTECT\01323838.EXE Infected with: Not-A-Virus.Adware.Comet Risk: Low
Origin: C:\Program Files\Screensavers.com\SSSUninst.exe Infected with: Adware.Generic Risk: Medium
Origin: C:\Program Files\Screensavers.com\ActiveDesktop\bin\ActiveDEsketopExe.exe Infected with: Adware.Generic Risk: Medium
Origin: C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll Infected with: Adware.Minibug Risk: Medium
Origin: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Infected with: Adware.Aws Risk Medium

The second scan only found some tracking cookies.

SUPERAntiSpyware Home Edition:
First Scan Results are as follows:

SUPERAntiSpyware Scan Log
Generated 02/01/2008 at 12:29 PM

Application Version : 3.6.1000

Core Rules Database Version : 3393
Trace Rules Database Version: 1385

Scan type : Complete Scan
Total Scan Time : 02:08:25

Memory items scanned : 539
Memory threats detected : 1
Registry items scanned : 7394
Registry threats detected : 56
File items scanned : 100462
File threats detected : 6

Adware.MyWebSearch
C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\4.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\TypeLib
C:\PROGRAM FILES\MYWEBSEARCH\BAR\4.BIN\MWSBAR.DLL
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
HKU\S-1-5-21-2403649493-745764551-3667710827-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-2403649493-745764551-3667710827-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-2403649493-745764551-3667710827-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\4.BIN\MWSOEMON.EXE
C:\WINDOWS\Prefetch\MWSOEMON.EXE-1A0FAB54.pf

Registry Cleaner Trial
HKCR\.03
HKCR\03_auto_file
HKCR\03_auto_file\shell
HKCR\03_auto_file\shell\edit
HKCR\03_auto_file\shell\edit\command

Trojan.Spyware Stormer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains\Files#C:\WINDOWS\Downloaded Program Files\Install.dll
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation#INF
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\InstalledVersion#LastModified

The results for the second scan are as follows:
SUPERAntiSpyware Scan Log
Generated 02/02/2008 at 01:16 AM

Application Version : 3.6.1000

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 01:39:51

Memory items scanned : 364
Memory threats detected : 0
Registry items scanned : 6663
Registry threats detected : 0
File items scanned : 92824
File threats detected : 0

Online - Panda Activescan

The log for the first Scan is as follows:
Incident Status Location

Potentially unwanted tool:Application/ViewPoint Not disinfected C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\zj2b8vj3.default\cookies.txt[.atdmt.com/]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
Virus:Generic Malware Disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
Virus:Generic Malware Disinfected C:\Program Files\WildTangent\Components\wtPropertyBag0200.dll


The results for the second scan are as follows:

Incident Status Location

Potentially unwanted tool:Application/ViewPoint Not disinfected C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL


This PC previously had a version of Norton Online Security provided by our ISP.
I read that ESET NOD32 Antivirus used less system resources than Norton so I uninstalled Norton.
After installing ESET NOD32 Antivirus I ran a scan.
The ESET NOd32 Scan log file is as follows:

Scan Log
Version of virus signature database: 2845 (20080202)
Date: 2/2/2008 Time: 10:33:18 AM
Scanned disks, folders and files: C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\wialog.txt » MIME - is OK (internal scanning not performed)
C:\DELL\Drivers\R56484\WinNT\NMSCFG.SYS » CAB - file is not an archive
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\Mary\ntuser.dat - error opening [4]
C:\Documents and Settings\Mary\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {32B06038-7D21-4D41-AD9B-7D95B6A934C7} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {67ABDDA4-0B9F-453F-858E-AE47FAE9C9D1} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {70E2307D-1AEA-48B7-861C-48E6C1E4BC1C} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {964BE0A3-9C91-4566-9329-532F4559015E} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {BAB9ACF6-4B68-4ABE-B063-133ED08567BA} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {D82BFAFA-CBEE-4F6D-94FC-553C8386DBA1} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » {DBF48292-D56E-4AD4-8B21-9B78300867F7} - error - password-protected file
C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2008 - 12-35-32.SBU » ZIP » backup.db - error - password-protected file
C:\Documents and Settings\Mary\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Drafts.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\E Moyle.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\lydia.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{9EB5DE3A-2F54-427C-91FB-F26B5C7124AE}\Message Store\edhelper_learningpage.imm » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{9EB5DE3A-2F54-427C-91FB-F26B5C7124AE}\Message Store\Inbox.imm » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\IM\Identities\{9EB5DE3A-2F54-427C-91FB-F26B5C7124AE}\Message Store\rdga-z.imm » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Mary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\Mary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\Mary\Local Settings\Temp\LSInstall.log » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\I386\NMSCFG.SYS » CAB - file is not an archive
C:\I386\COMPDATA\MSMQCOMP.TXT » MIME - is OK (internal scanning not performed)
C:\Program Files\Classic PhoneTools\olregist.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Adobe\ESD\uninst.exe » NSIS - error - unknown compression method
C:\Program Files\Common Files\GST\About\Info\ITALY\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\GST\About\Info\PORTUGAL\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiCL0001.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP10000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP20000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiPT0000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSL0001.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSP0000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiST0000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiVP0000.000 - error opening [4]
C:\Program Files\Dell\Support\UI\Search\catalog.wci\INDEX.000 - error opening [4]
C:\Program Files\Hewlett-Packard\hp deskjet assistant\bin\chrome\installed-chrome.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\chandir.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\chandir.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\chn.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\chn.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\D0000000.FCS - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\L0000895.FCS - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_die.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_die.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_dnd.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_dnd.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_ext.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_ext.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_rcv.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\prs_rcv.idx - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\storydb.dat - error opening [4]
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mary\Data\storydb.idx - error opening [4]
C:\Program Files\Logitech\Resource Center\installers\google\en\googltbr.exe » Petite v2.2 - unpack error
C:\Program Files\Logitech\Resource Center\installers\google\en_alt\googltbr.exe » Petite v2.2 - unpack error
C:\Program Files\Logitech\Resource Center\installers\wildtangent\blastrb2.exe » NSIS - bad archive
C:\Program Files\McAfee\McAfee VirusScan\Backups\DatBackup\LICENSE.DAT » MIME - is OK (internal scanning not performed)
C:\Program Files\McAfee\McAfee VirusScan\Backups\DatBackup\MESSAGES.DAT » MIME - is OK (internal scanning not performed)
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agent_lang_helper.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agentins.ini - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agntcons.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agntinst.htm - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agntinst.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » agntlang.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » default.htm - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » header.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » HtmlUtil.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/bg_left_1x314.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/icon_info_16x16.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/icon_mcafee_61x61.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/icon_progress_checked_13x13.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/icon_progress_hot_13x13.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » images/icon_progress_unchecked_13x13.gif - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » InstUtil.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » instwiz.css - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » instxp.css - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » lang_agnt.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » mcccom.lpk - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » pbar.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » setcss.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » SubInfoData.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui » ZIP » vssver.scc - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » agntcons.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » agntlang.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » comctl.lpk - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » config.ini - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » pbar.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » UnInsStr.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » uninst.vbs - error - password-protected file
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » uninstall.htm - incorrect CRC checksum, the file may be damaged
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab » CAB » screm.ui » ZIP » vssver.scc - error - password-protected file
C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\browser.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST » MIME - is OK (internal scanning not performed)
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST » MIME - is OK (internal scanning not performed)
C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL - Win32/Toolbar.Morpheus application - cleaned by deleting - quarantined [1]
C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL - Win32/Toolbar.MyWebSearch application - cleaned by deleting - quarantined [1]
C:\Program Files\SBC Yahoo!\Connection Manager\uninst.exe » NSIS - bad archive
C:\Program Files\Shutterfly\Studio\Scripts\mm_db_utils.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\promptTest.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\restore_database.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\save_database_copy.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\image_mod_examples\Blur.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\image_mod_examples\Composite.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\image_mod_examples\Equalize.py » MIME - is OK (internal scanning not performed)
C:\Program Files\Shutterfly\Studio\Scripts\image_mod_examples\set_exif_comment.py » MIME - is OK (internal scanning not performed)
C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe » NSIS - bad archive
C:\Program Files\Yahoo!\browser\Content\LaunchOffline.mht » MIME - is OK (internal scanning not performed)
C:\System Volume Information\catalog.wci\CiCL0001.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiP10000.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiP20000.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiPT0000.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiSL0001.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiSP0000.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiST0000.000 - error opening [4]
C:\System Volume Information\catalog.wci\CiVP0000.000 - error opening [4]
C:\System Volume Information\catalog.wci\INDEX.000 - error opening [4]
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000059.DLL - Win32/Toolbar.Morpheus application - cleaned by deleting - quarantined [1]
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000060.DLL - Win32/Toolbar.MyWebSearch application - cleaned by deleting - quarantined [1]
C:\WINDOWS\SoftwareDistribution\EventCache\{C4FB1955-F144-4C95-9706-130D7FED3921}.bin - error opening [4]
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log - error opening [4]
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SAM - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM - error opening [4]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG - error opening [4]
C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS » CAB - file is not an archive
Number of scanned objects: 280860
Number of threats found: 4
Time of completion: 11:17:15 AM Total scanning time: 2637 sec (00:43:57)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

ESET removed some of MyWebSearch, but it still seems that it has not been completely deleted.

Edited by bisan, 03 February 2008 - 02:59 PM.

  • 0

Advertisements

#2
bisan
Posted 03 February 2008 - 03:01 PM

bisan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
My HJT log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:50 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft

Money\System\mnyside.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!

\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program

Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!

\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common

Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program

Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2

\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"

/minimized
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP

Pro.exe" -win
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe"

/GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe"

/GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...enusearch.jhtml?

p=ZSYYYYYYYYUS
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar

V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1

\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32

\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft

Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -

https://support.dell...iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-

secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!

\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} -

http://www.spybounce...gdownloader.ocx
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) -

https://mysupport.na...pdatePortal.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1146099115781
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -

http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -

http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-

secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -

http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -

http://3dlifeplayer....l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) -

http://www.candystan...acheManager.CAB
O16 - DPF: {ED2E4BB5-60EA-4624-9DE2-998E441C699B} (OpenSiteInstall.opensite_install) -

http://www.zuvio.com...SiteInstall.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcaf...403/mcfscan.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common

Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32

\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32

Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32

\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12067 bytes

Unistall List is as follows:

1000 Borders & Backgrounds
101 Dalmatians StoryBook
3D Font Maker
Acronis True Image Home
Adobe Acrobat 5.0
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Advanced Drawing
AGSolitaire
All Holiday Clip Art
Amazing Calendar Maker
American Greetings Design Art Collection
American Greetings Spiritual Expressions 1.00
American Greetings® Art & More Store
American Greetings® Scrapbooks & More!
ArcSoft Media Card Companion
AT&T Yahoo! Applications
AVG Anti-Spyware 7.5
AZZ Cardfile
Barbie Magic Hair Styler
BookWorm Deluxe 1.01
BroadJump Client Foundation
Canon Photo, Home Edition
CCleaner (remove only)
CheckIt Diagnostics
Classic PhoneTools
ClickArt Celebrations & Holidays 2
ClickArt® Gallery
Click'N Design 3D (V5)
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
Crayola Magic 3D Coloring Book
CreataCard Gold 3
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Dell Support 5.0.0 (766)
DH Driver Cleaner.NET
Digital Line Detect
DVDSentry
Easy CD Creator 5 Basic
ESET NOD32 Antivirus
God Bless America Deluxe Screen Savers
greenstreet Picture Browser
Hallmark Scrapbook Studio Deluxe
HijackThis 2.0.2
hp deskjet 5600
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 3
Kaspersky Anti-Virus 6.0 SOS
Kaspersky Anti-Virus 6.0 SOS
Kid Pix Studio Deluxe
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Resource Center
Mathematics Worksheet Factory Lite 2.0
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Picture It! Photo 7.0
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Mighty Math Carnival Countdown
Mighty Math Zoo Zillions
Modem Helper
Mozilla Firefox (2.0.0.11)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MyDVD
Netscape Navigator 4.04
NVIDIA Drivers
OLYMPUS CAMEDIA Master 2.5
OneTouch Version 3.0
Paint Shop Pro 7
Panda ActiveScan
PaperPort 7.02
Personal PhotoAlbums
Personal PhotoCalendars
Personal PhotoCards
Photo Organizer
PowerDVD
PrintMaster 12
QuickTime
QuickVerse 7.0
RealPlayer
Science House
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Shockwave
Shutterfly Studio
Sierra Print Artist 6.0
Simply Kids
Simply Recreation
Simply School Days
Simply Vacations
Simply Vintage
Sound Blaster Live!
Stationery Maker with Wizards
StuffIt Standard
SUPERAntiSpyware Free Edition
The Print Shop 12
Total Internet
Total Internet™ Messenger
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Virtools 3D Life Player
Visual IP InSight(SBC)
WildTangent Web Driver
Willow Road Screen Art
Windows Genuine Advantage v1.3.0254.0
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 2
WinZip
Wrap It 1.01

Besides the MyWebSearch removal, there seems to be entries for programs I have uninstalled listed in the HJT log. Please advise which obsolete entries can be removed.
Any other suggestions to speed up my PC would be appreciated.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP