Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please, please, please Help [CLOSED]

Started by murphy_karena , Jun 27 2004 01:28 PM

  • This topic is locked This topic is locked

#1
murphy_karena
Posted 27 June 2004 - 01:28 PM

murphy_karena

    New Member

  • Member
  • Pip
  • 3 posts
My computer has been hijacked by allaboutsearching.com. I am getting a ton of pop-ups and my homepage keeps getting directed to allaboutsearching.com. My computer is also running painfully slow.

I have been trying for a while to get rid of this spyware but I have been unsuccessful. I have been reading the posts here and I have run Spybot, CWS Shredder and AdAware.

AdAware found a lot of problems but when I deleted them I think I deleted something important because I could no longer get online. I had to restore what I deleted and I could get back online but, of course, the spyware is still there.

I also downloaded a pop-up blocker called StopZilla just so my computer will run. I have a feeling this might be Spyware as well because at one point I tried to uninstall it and my computer got worse. I reinstalled it so I can at least get online to get help for this problem.

I don’t know much about computers at all so I was wondering if there is someone out there that can help me. This has been a very frustrating experience.

I will post my hijack this as well as my AdAware scan. I have changed by homepage back to www.msn.com but if I reboot it will go back to allaboutsearching.com

Here are my scans:

Logfile of HijackThis v1.97.7
Scan saved at 3:22:16 PM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearc.../searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish....ishUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.cyberpatr...nline/setup.exe
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab



Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Sunday, June 27, 2004 2:59:26 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R298 20.04.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


6-27-2004 2:59:26 PM - Scan started. (Custom mode)


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

ClearSearch Object recognized!
Type : File
Data : clrschp072.exe
Object : C:\
FileSize : 76 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright
CompanyName : Clear Search
FileDescription : Loader
InternalName : Loader
OriginalFilename : Loader.exe
ProductName : Loader
Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:26 PM
Last modified : 8/20/2003 6:11:00 PM



WhenU Object recognized!
Type : File
Data : saveinstcssm.exe
Object : C:\
FileSize : 387 KB
FileVersion : 2, 5, 4, 1
ProductVersion : 2, 5, 4, 1
Copyright : Copyright 2000
CompanyName : WhenU.com, Inc.
FileDescription : Save! Setup
InternalName : SaveInstCsSm
OriginalFilename : SaveInstCsSm.exe
ProductName : Save! Setup
Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:27 PM
Last modified : 12/10/2003 7:02:50 PM



Tracking Cookie Object recognized!
Type : File
Data : bill@advertising[1].txt
Object : C:\Documents and Settings\Bill\Cookies\

Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:49 PM
Last modified : 6/24/2004 3:25:24 AM



Tracking Cookie Object recognized!
Type : File
Data : bill@atdmt[2].txt
Object : C:\Documents and Settings\Bill\Cookies\

Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:49 PM
Last modified : 6/19/2004 11:02:46 AM



Tracking Cookie Object recognized!
Type : File
Data : bill@doubleclick[1].txt
Object : C:\Documents and Settings\Bill\Cookies\

Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:49 PM
Last modified : 6/21/2004 11:20:00 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Bill\Cookies\

Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:49 PM
Last modified : 6/19/2004 11:02:50 AM



Tracking Cookie Object recognized!
Type : File
Data : bill@hitbox[1].txt
Object : C:\Documents and Settings\Bill\Cookies\

Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:49 PM
Last modified : 6/19/2004 11:02:50 AM



Tracking Cookie Object recognized!
Type : File
Data : bill@lop[1].txt
Object : C:\Documents and Settings\Bill\Cookies\

Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:49 PM
Last modified : 6/24/2004 3:15:26 AM



Tracking Cookie Object recognized!
Type : File
Data : bill@mediaplex[1].txt
Object : C:\Documents and Settings\Bill\Cookies\

Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:49 PM
Last modified : 6/19/2004 11:01:06 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Bill\Cookies\

Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:49 PM
Last modified : 6/24/2004 3:25:22 AM



Tracking Cookie Object recognized!
Type : File
Data : bill@sexlist[2].txt
Object : C:\Documents and Settings\Bill\Cookies\

Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:49 PM
Last modified : 6/21/2004 11:24:26 PM



Verticity Object recognized!
Type : File
Data : 3.exe
Object : C:\Documents and Settings\Bill\Local Settings\Temp\ckz3358c5bf\Files\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Verticity
InternalName : 3
OriginalFilename : 3.exe
ProductName : Uninstall
Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:53 PM
Last modified : 9/22/2003 7:05:12 PM



Verticity Object recognized!
Type : File
Data : 5.exe
Object : C:\Documents and Settings\Bill\Local Settings\Temp\ckz3358c5bf\Files\
FileSize : 20 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Verticity
InternalName : 5
OriginalFilename : 5.exe
ProductName : Project1
Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:53 PM
Last modified : 5/5/2003 3:42:54 PM



TurboDownload Object recognized!
Type : File
Data : iedriver.exe
Object : C:\Documents and Settings\Bill\Local Settings\Temp\ckz3358c5bf\Files\
FileSize : 152 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Verticity Pakistan (Pvt) Ltd.
InternalName : IEDRIVER
OriginalFilename : IEDRIVER.EXE
ProductName : Internet Explorer Driver
Created on : 6/24/2004 12:59:01 PM
Last accessed : 6/27/2004 6:59:53 PM
Last modified : 9/18/2003 6:48:12 PM



Verticity Object recognized!
Type : File
Data : ieupdate.exe
Object : C:\Documents and Settings\Bill\Local Settings\Temp\ckz3358c5bf\Files\
FileSize : 120 KB
FileVersion : 2.00.0003
ProductVersion : 2.00.0003
CompanyName : Verticity Pakistan (Pvt) Ltd.
InternalName : IEUPDATE
OriginalFilename : IEUPDATE.EXE
ProductName : Internet Explorer Update
Created on : 6/24/2004 12:59:02 PM
Last accessed : 6/27/2004 6:59:53 PM
Last modified : 7/1/2003 10:19:32 PM



TurboDownload Object recognized!
Type : File
Data : td.exe
Object : C:\Documents and Settings\Bill\Local Settings\Temp\ckz3358c5bf\Files\
FileSize : 48 KB
FileVersion : 2.00
ProductVersion : 2.00
CompanyName : Verticity
InternalName : td
OriginalFilename : td.exe
ProductName : Internet Explorer
Created on : 6/24/2004 12:59:02 PM
Last accessed : 6/27/2004 6:59:54 PM
Last modified : 9/18/2003 7:27:46 PM



Tracking Cookie Object recognized!
Type : File
Data : bill@doubleclick[1].txt
Object : C:\Documents and Settings\Bill\Local Settings\Temp\Cookies\

Created on : 6/24/2004 12:59:02 PM
Last accessed : 6/27/2004 6:59:54 PM
Last modified : 11/3/2003 2:52:36 PM



Virtumundo Object recognized!
Type : File
Data : cidrules.dll
Object : C:\Documents and Settings\Bill\Local Settings\Temp\
FileSize : 108 KB
FileVersion : 0, 402, 23, 1953
ProductVersion : 1, 1, 0, 0
Copyright : Copyright
CompanyName : Virtumundo, Inc.
FileDescription : cidrules
InternalName : cidrules
OriginalFilename : cidrules.dll
ProductName : Virtumundo, Inc. cidrules
Created on : 6/24/2004 12:59:02 PM
Last accessed : 6/27/2004 6:59:59 PM
Last modified : 6/16/2004 7:45:32 PM



IBIS Toolbar Object recognized!
Type : File
Data : iexploreskins.exe
Object : C:\Documents and Settings\Bill\Local Settings\Temp\
FileSize : 6 KB
Created on : 6/24/2004 12:59:02 PM
Last accessed : 6/27/2004 7:00:01 PM
Last modified : 3/19/2004 8:21:54 AM



Virtumundo Object recognized!
Type : File
Data : inetadpt.dll
Object : C:\Documents and Settings\Bill\Local Settings\Temp\
FileSize : 192 KB
FileVersion : 0, 403, 29, 1705
ProductVersion : 1, 1, 0, 0
Copyright : Copyright 2003
InternalName : inetadpt.dll
OriginalFilename : inetadpt.dll
ProductName : TargetSoft
Created on : 6/24/2004 12:59:02 PM
Last accessed : 6/27/2004 7:00:01 PM
Last modified : 6/16/2004 7:45:34 PM



MemoryWatcher Object recognized!
Type : File
Data : memorywatcher_b.exe
Object : C:\Documents and Settings\Bill\Local Settings\Temp\
FileSize : 501 KB
Created on : 6/24/2004 12:59:02 PM
Last accessed : 6/27/2004 7:00:02 PM
Last modified : 6/17/2004 9:53:22 PM



Virtumundo Object recognized!
Type : File
Data : wincore.dll
Object : C:\Documents and Settings\Bill\Local Settings\Temp\
FileSize : 184 KB
FileVersion : 0, 403, 19, 1928
ProductVersion : 1, 1, 0, 0
Copyright : Copyright 2003
InternalName : wincore.dll
OriginalFilename : wincore.dll
ProductName : TargetSoft
Created on : 6/24/2004 12:59:02 PM
Last accessed : 6/27/2004 7:00:03 PM
Last modified : 6/16/2004 7:45:32 PM



Virtumundo Object recognized!
Type : File
Data : winhost32.exe
Object : C:\Documents and Settings\Bill\Local Settings\Temp\
FileSize : 96 KB
FileVersion : 0, 310, 14, 1115
ProductVersion : 1, 0, 0, 0
OriginalFilename : winhost32.exe
ProductName : TargetSoft
Created on : 6/24/2004 12:59:02 PM
Last accessed : 6/27/2004 7:00:03 PM
Last modified : 6/16/2004 7:45:30 PM



Rads01.Quadrogram Object recognized!
Type : File
Data : wowex32[1].exe
Object : C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\6R8ZUDED\
FileSize : 448 KB
FileVersion : 1.00
ProductVersion : 1.00
InternalName : wowex32
OriginalFilename : wowex32.exe
ProductName : wowex32
Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:00:49 PM
Last modified : 6/19/2004 2:00:04 AM



MemoryWatcher Object recognized!
Type : File
Data : memorywatcher_b[1].exe
Object : C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\GHCFKBSV\
FileSize : 501 KB
Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:01:23 PM
Last modified : 6/17/2004 9:53:22 PM



Tracking Cookie Object recognized!
Type : File
Data : guest@advertising[1].txt
Object : C:\Documents and Settings\Guest\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:32 PM
Last modified : 9/2/2003 10:15:58 PM



Tracking Cookie Object recognized!
Type : File
Data : guest@bluestreak[2].txt
Object : C:\Documents and Settings\Guest\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:32 PM
Last modified : 1/3/2003 1:39:48 AM



Tracking Cookie Object recognized!
Type : File
Data : guest@doubleclick[1].txt
Object : C:\Documents and Settings\Guest\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:32 PM
Last modified : 9/2/2003 10:16:12 PM



Tracking Cookie Object recognized!
Type : File
Data : guest@excite[1].txt
Object : C:\Documents and Settings\Guest\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:32 PM
Last modified : 9/2/2003 10:17:48 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Guest\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:32 PM
Last modified : 9/2/2003 10:16:58 PM



Tracking Cookie Object recognized!
Type : File
Data : user@0[2].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:52 PM
Last modified : 6/19/2004 2:28:56 AM



Tracking Cookie Object recognized!
Type : File
Data : user@0[3].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:52 PM
Last modified : 6/23/2004 9:25:14 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:53 PM
Last modified : 6/23/2004 9:25:08 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:53 PM
Last modified : 6/23/2004 9:40:10 PM



Tracking Cookie Object recognized!
Type : File
Data : user@advertising[2].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/27/2004 6:44:01 PM
Last accessed : 6/27/2004 6:44:01 PM
Last modified : 6/27/2004 6:44:01 PM



Tracking Cookie Object recognized!
Type : File
Data : user@atdmt[2].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 6:43:34 PM
Last modified : 6/23/2004 9:41:00 PM



Tracking Cookie Object recognized!
Type : File
Data : user@doubleclick[1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 6:43:33 PM
Last modified : 6/23/2004 9:40:24 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/27/2004 6:45:08 PM
Last accessed : 6/27/2004 6:45:20 PM
Last modified : 6/27/2004 6:45:20 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/27/2004 6:47:05 PM
Last accessed : 6/27/2004 6:49:52 PM
Last modified : 6/27/2004 6:49:52 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 6:47:04 PM
Last modified : 6/24/2004 11:58:32 AM



Tracking Cookie Object recognized!
Type : File
Data : user@hitbox[1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/27/2004 6:45:07 PM
Last accessed : 6/27/2004 6:49:52 PM
Last modified : 6/27/2004 6:49:52 PM



Tracking Cookie Object recognized!
Type : File
Data : user@hitbox[2].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 6:45:07 PM
Last modified : 6/24/2004 11:58:32 AM



Tracking Cookie Object recognized!
Type : File
Data : user@internetfuel[1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:53 PM
Last modified : 6/23/2004 9:28:20 PM



Tracking Cookie Object recognized!
Type : File
Data : user@mediaplex[1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:53 PM
Last modified : 6/24/2004 11:43:46 AM



Tracking Cookie Object recognized!
Type : File
Data : user@questionmarket[1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:54 PM
Last modified : 6/21/2004 1:17:58 PM



Tracking Cookie Object recognized!
Type : File
Data : user@rub[1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 6:40:51 PM
Last modified : 6/23/2004 9:11:58 PM



Tracking Cookie Object recognized!
Type : File
Data : user@rub[2].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/27/2004 6:40:51 PM
Last accessed : 6/27/2004 6:40:51 PM
Last modified : 6/27/2004 6:40:51 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/27/2004 6:44:01 PM
Last accessed : 6/27/2004 6:44:01 PM
Last modified : 6/27/2004 6:44:01 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:54 PM
Last modified : 6/23/2004 9:29:40 PM



Tracking Cookie Object recognized!
Type : File
Data : user@tmpad[1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:54 PM
Last modified : 6/21/2004 12:53:46 PM



Tracking Cookie Object recognized!
Type : File
Data : user@trafficmp[2].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:54 PM
Last modified : 6/21/2004 12:53:46 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:54 PM
Last modified : 6/23/2004 9:40:08 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\User\Cookies\
FileSize : 1 KB
Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:54 PM
Last modified : 6/23/2004 9:31:36 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:03:55 PM
Last modified : 6/23/2004 9:28:22 PM



Cydoor Object recognized!
Type : File
Data : cd_clint.dll
Object : C:\Documents and Settings\User\Local Settings\Temp\
FileSize : 151 KB
FileVersion : 3, 2, 1, 0
ProductVersion : 3, 2, 1, 0
Copyright : Copyright © Cydoor Technologies, Inc. 1999-2001
CompanyName : Cydoor Technologies, Inc.
FileDescription : Cydoor Technologies ad-system
InternalName : CD_Clint.dll
OriginalFilename : CD_Clint.dll
ProductName : Cydoor Technologies ad-system
Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:04:11 PM
Last modified : 1/14/2002 5:57:00 PM



IBIS Toolbar Object recognized!
Type : File
Data : iexploreskins.exe
Object : C:\Documents and Settings\User\Local Settings\Temp\
FileSize : 6 KB
Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 7:04:11 PM
Last modified : 3/19/2004 8:21:54 AM



PeopleOnPage Object recognized!
Type : File
Data : autoupdate.exe
Object : C:\Program Files\AutoUpdate\
FileSize : 220 KB
Created on : 6/24/2004 12:59:03 PM
Last accessed : 6/27/2004 6:38:20 PM
Last modified : 6/17/2004 9:55:34 PM



eUniverse Object recognized!
Type : File
Data : tipb.exe
Object : C:\Program Files\BikiniDesk\
FileSize : 32 KB
FileVersion : 1, 3, 5, 0
ProductVersion : 1, 3, 5, 0
Copyright : Copyright © 2003
FileDescription : Setup
InternalName : Tipb
OriginalFilename : tipb.EXE
ProductName : Setup
Created on : 6/24/2004 12:59:04 PM
Last accessed : 6/27/2004 7:06:24 PM
Last modified : 11/15/2003 11:07:40 AM



ClearSearch Object recognized!
Type : File
Data : loader.exe
Object : C:\Program Files\ClearSearch\
FileSize : 76 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright
CompanyName : Clear Search
FileDescription : Loader
InternalName : Loader
OriginalFilename : Loader.exe
ProductName : Loader
Created on : 6/24/2004 12:59:04 PM
Last accessed : 6/27/2004 6:38:20 PM
Last modified : 8/20/2003 6:11:00 PM



PromulGate Object recognized!
Type : File
Data : dpi.exe
Object : C:\Program Files\Common Files\Dpi\
FileSize : 92 KB
Created on : 6/24/2004 12:59:04 PM
Last accessed : 6/27/2004 6:38:20 PM
Last modified : 1/16/2004 7:01:26 PM



eUniverse Object recognized!
Type : File
Data : rvupdmgr.exe
Object : C:\Program Files\Common Files\updmgr\
FileSize : 24 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 2003
FileDescription : kkv MFC Application
InternalName : kkv
OriginalFilename : kkv.EXE
ProductName : kkv Application
Created on : 6/24/2004 12:59:04 PM
Last accessed : 6/27/2004 7:07:17 PM
Last modified : 8/23/2003 1:16:40 AM



eUniverse Object recognized!
Type : File
Data : simgr.exe
Object : C:\Program Files\Common Files\updmgr\
FileSize : 84 KB
FileVersion : 1, 3, 0, 0
ProductVersion : 1, 3, 0, 0
Copyright : Copyright © 2003
FileDescription : sui MFC Application
InternalName : sui
OriginalFilename : sui.EXE
ProductName : sui Application
Created on : 6/24/2004 12:59:04 PM
Last accessed : 6/27/2004 7:07:17 PM
Last modified : 11/6/2003 2:07:34 AM



eUniverse Object recognized!
Type : File
Data : updmgr.exe
Object : C:\Program Files\Common Files\updmgr\
FileSize : 60 KB
FileVersion : 1, 5, 1, 0
ProductVersion : 1, 5, 1, 0
FileDescription : Application
InternalName : updmgr
ProductName : Pnmgr Application
Created on : 6/24/2004 12:59:04 PM
Last accessed : 6/27/2004 6:38:20 PM
Last modified : 12/11/2003 1:05:22 AM



eUniverse Object recognized!
Type : File
Data : incfindbho.dll
Object : C:\Program Files\IncrediFind\BHO\
FileSize : 40 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2003
FileDescription : BHO Module
InternalName : BHO
OriginalFilename : BHO.DLL
ProductName : BHO Module
Created on : 6/24/2004 12:59:05 PM
Last accessed : 6/27/2004 7:08:05 PM
Last modified : 10/16/2003 5:49:20 PM



eUniverse Object recognized!
Type : File
Data : incfindbho150.dll
Object : C:\Program Files\IncrediFind\BHO\
FileSize : 44 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2003
FileDescription : BHO Module
InternalName : BHO
OriginalFilename : BHO.DLL
ProductName : BHO Module
Created on : 6/24/2004 12:59:05 PM
Last accessed : 6/27/2004 6:40:46 PM
Last modified : 12/23/2003 9:57:12 PM



eUniverse Object recognized!
Type : File
Data : tipb.exe
Object : C:\Program Files\PowerSearch\Toolbar\
FileSize : 32 KB
FileVersion : 1, 3, 5, 0
ProductVersion : 1, 3, 5, 0
Copyright : Copyright © 2003
FileDescription : Setup
InternalName : Tipb
OriginalFilename : tipb.EXE
ProductName : Setup
Created on : 6/24/2004 12:59:05 PM
Last accessed : 6/27/2004 7:09:47 PM
Last modified : 11/15/2003 11:07:40 AM



Ebates MoneyMaker Object recognized!
Type : File
Data : ebatesmoemoneymaker.exe
Object : C:\Program Files\Windows Media Player\
FileSize : 244 KB
Created on : 6/24/2004 12:59:05 PM
Last accessed : 6/27/2004 7:10:11 PM
Last modified : 6/16/2004 7:42:34 PM



PromulGate Object recognized!
Type : File
Data : pcsvc.exe
Object : C:\WINDOWS\system32\pcs\
FileSize : 35 KB
FileVersion : 2.14.0000
Created on : 6/24/2004 12:59:05 PM
Last accessed : 6/27/2004 6:38:20 PM
Last modified : 1/28/2004 1:42:24 PM



Virtumundo Object recognized!
Type : File
Data : cidrules.dll
Object : C:\WINDOWS\system32\
FileSize : 108 KB
FileVersion : 0, 402, 23, 1953
ProductVersion : 1, 1, 0, 0
Copyright : Copyright
CompanyName : Virtumundo, Inc.
FileDescription : cidrules
InternalName : cidrules
OriginalFilename : cidrules.dll
ProductName : Virtumundo, Inc. cidrules
Created on : 6/24/2004 12:59:05 PM
Last accessed : 6/27/2004 6:40:49 PM
Last modified : 6/16/2004 7:45:32 PM



TurboDownload Object recognized!
Type : File
Data : dp-him.exe
Object : C:\WINDOWS\system32\
FileSize : 60 KB
Created on : 6/24/2004 12:59:05 PM
Last accessed : 6/27/2004 7:17:04 PM
Last modified : 11/24/2003 5:48:40 AM



Virtumundo Object recognized!
Type : File
Data : inetadpt.dll
Object : C:\WINDOWS\system32\
FileSize : 192 KB
FileVersion : 0, 403, 29, 1705
ProductVersion : 1, 1, 0, 0
Copyright : Copyright 2003
InternalName : inetadpt.dll
OriginalFilename : inetadpt.dll
ProductName : TargetSoft
Created on : 6/24/2004 12:59:05 PM
Last accessed : 6/27/2004 6:38:11 PM
Last modified : 6/16/2004 7:45:34 PM



TurboDownload Object recognized!
Type : File
Data : td.exe
Object : C:\WINDOWS\system32\
FileSize : 48 KB
FileVersion : 2.00
ProductVersion : 2.00
CompanyName : Verticity
InternalName : td
OriginalFilename : td.exe
ProductName : Internet Explorer
Created on : 6/24/2004 12:59:05 PM
Last accessed : 6/27/2004 7:18:45 PM
Last modified : 9/18/2003 7:27:46 PM



Virtumundo Object recognized!
Type : File
Data : wincore.dll
Object : C:\WINDOWS\system32\
FileSize : 184 KB
FileVersion : 0, 403, 19, 1928
ProductVersion : 1, 1, 0, 0
Copyright : Copyright 2003
InternalName : wincore.dll
OriginalFilename : wincore.dll
ProductName : TargetSoft
Created on : 6/24/2004 12:59:06 PM
Last accessed : 6/27/2004 6:40:55 PM
Last modified : 6/16/2004 7:45:32 PM



Virtumundo Object recognized!
Type : File
Data : winhost32.exe
Object : C:\WINDOWS\system32\
FileSize : 96 KB
FileVersion : 0, 310, 14, 1115
ProductVersion : 1, 0, 0, 0
OriginalFilename : winhost32.exe
ProductName : TargetSoft
Created on : 6/24/2004 12:59:06 PM
Last accessed : 6/27/2004 6:42:51 PM
Last modified : 6/16/2004 7:45:30 PM



Virtumundo Object recognized!
Type : File
Data : winupd.dll
Object : C:\WINDOWS\system32\
FileSize : 152 KB
FileVersion : 0, 403, 29, 1730
ProductVersion : 1, 1, 0, 0
Copyright : Copyright 2003
InternalName : winupd.dll
ProductName : TargetSoft
Created on : 6/24/2004 12:59:06 PM
Last accessed : 6/27/2004 6:42:48 PM
Last modified : 6/16/2004 7:44:30 PM



WildTangent Object recognized!
Type : File
Data : wtcpl.cpl
Object : C:\WINDOWS\system32\
FileSize : 44 KB
FileVersion : 1.6.0.37
ProductVersion : 1.6.0.37
Copyright : Copyright
CompanyName : WildTangent, Inc.
FileDescription : wtcpl
InternalName : wtcpl
OriginalFilename : wtcpl.cpl
ProductName : Wild Tangent wtcpl
Created on : 6/24/2004 12:59:06 PM
Last accessed : 6/27/2004 6:53:06 PM
Last modified : 9/27/2002 7:47:26 PM



BrilliantDigital Object recognized!
Type : File
Data : bdedownloader.dll
Object : C:\WINDOWS\Temp\Altnet\
FileSize : 93 KB
FileVersion : 3, 0, 39, 0
ProductVersion : 3, 0, 39, 0
Copyright : Copyright
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEDownloader
InternalName : BDEDownloader
OriginalFilename : BDEDownloader.dll
ProductName : Brilliant Digital Entertainment Inc. BDEDownloader
Created on : 6/24/2004 12:59:06 PM
Last accessed : 6/27/2004 7:19:03 PM
Last modified : 7/21/2003 6:39:40 PM



BrilliantDigital Object recognized!
Type : File
Data : bdefdi.dll
Object : C:\WINDOWS\Temp\Altnet\
FileSize : 49 KB
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEFdiTest
InternalName : BDEFdiTest
OriginalFilename : BDEFdiTest.exe
ProductName : Brilliant Digital Entertainment Inc. BDEFdiTest
Created on : 6/24/2004 12:59:06 PM
Last accessed : 6/27/2004 7:19:04 PM
Last modified : 7/21/2003 6:39:40 PM



WildTangent Object recognized!
Type : File
Data : wcmdmgr.exe
Object : C:\WINDOWS\wt\backup\1.6.0.037\
FileSize : 140 KB
FileVersion : 1.6.0.37
ProductVersion : 1.6.0.37
Copyright : Copyright
CompanyName : WildTangent, Inc.
FileDescription : wcmdmgr
InternalName : WildTangent Updater Service
OriginalFilename : wcmdmgr.exe
ProductName : WildTangent Updater Service
Created on : 6/24/2004 12:59:06 PM
Last accessed : 6/27/2004 7:19:06 PM
Last modified : 9/27/2002 7:47:32 PM



WildTangent Object recognized!
Type : File
Data : wcmdmgrl.exe
Object : C:\WINDOWS\wt\backup\1.6.0.037\
FileSize : 20 KB
FileVersion : 1.6.0.37
ProductVersion : 1.6.0.37
Copyright : Copyright
CompanyName : WildTangent, Inc.
FileDescription : wcmdmgrl
InternalName : wcmdmgrl
OriginalFilename : wcmdmgrl.exe
ProductName : Wild Tangent wcmdmgrl
Created on : 6/24/2004 12:59:06 PM
Last accessed : 6/27/2004 7:19:07 PM
Last modified : 9/27/2002 7:47:34 PM



WildTangent Object recognized!
Type : File
Data : wtcpl.cpl
Object : C:\WINDOWS\wt\backup\1.6.0.037\
FileSize : 44 KB
FileVersion : 1.6.0.37
ProductVersion : 1.6.0.37
Copyright : Copyright
CompanyName : WildTangent, Inc.
FileDescription : wtcpl
InternalName : wtcpl
OriginalFilename : wtcpl.cpl
ProductName : Wild Tangent wtcpl
Created on : 6/24/2004 12:59:07 PM
Last accessed : 6/27/2004 7:19:07 PM
Last modified : 9/27/2002 7:47:26 PM



WildTangent Object recognized!
Type : File
Data : wtisa.dll
Object : C:\WINDOWS\wt\backup\1.6.0.037\
FileSize : 32 KB
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
Copyright : Copyright 2002
CompanyName : WildTangent, Inc.
FileDescription : Information Services Client
InternalName : ISA
OriginalFilename : wtisa.dll
ProductName : Information Services Application
Created on : 6/24/2004 12:59:07 PM
Last accessed : 6/27/2004 7:19:07 PM
Last modified : 9/27/2002 7:47:40 PM



WildTangent Object recognized!
Type : File
Data : wdinuseplugin.dll
Object : C:\WINDOWS\wt\
FileSize : 40 KB
FileVersion : 1, 5, 4, 003
ProductVersion : 1, 5, 4, 003
Copyright : Copyright
CompanyName : WildTangent, Inc
FileDescription : Web Driver in-use check plugin
InternalName : Web Driver in-use check plugin
OriginalFilename : WDInUsePlugin.dll
ProductName : Web Driver in-use check plugin
Created on : 6/24/2004 12:59:07 PM
Last accessed : 6/27/2004 7:19:08 PM
Last modified : 4/10/2002 9:08:48 PM



WildTangent Object recognized!
Type : File
Data : wtvh.dll
Object : C:\WINDOWS\wt\
FileSize : 52 KB
Created on : 6/24/2004 12:59:07 PM
Last accessed : 6/27/2004 7:19:08 PM
Last modified : 1/15/2003 9:26:12 PM



Disk scan result for C:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 84

3:19:12 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:19:46:245
Objects scanned :127302
Objects identified :84
Objects ignored :0
New objects :84
  • 0

Advertisements

#2
ditto
Posted 27 June 2004 - 09:17 PM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Hello murphy_karena and welcome to the site!

Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of [inetadpt.dll]. Reboot.


Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearc.../searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe

If you dont use msn messenger fix this too:
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working. <_<

ditto
  • 0

#3
Smokey
Posted 27 June 2004 - 10:07 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Add these to that list as well:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab

The following are optional and not required (fix the ones you don't need, they're taking up your RAM):
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Quicktime Tray Icon)
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (Yahoo Messenger)
  • 0

#4
murphy_karena
Posted 28 June 2004 - 06:23 AM

murphy_karena

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you so much nathanhuth and ditto!

I did what you said and rebooted. On reboot I got a message that said c:\windows\bxx55.dll the specified module could not be found. I clicked OK and things seem to be running correctly but I don't know if this is something I need.

When I ran hijack this again it was a little different and some of the things you asked me to remove were already gone. I removed the rest of them and here is my new log is posted below. My homepage does not seem to be hijacked anymore but on start-up some search bar tried to load and I couldn't get rid of it. I am also still getting a fair amount of pop-ups. Anyway, here is my log:

Logfile of HijackThis v1.97.7
Scan saved at 8:15:13 AM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\documents and settings\bill\local settings\temp\SQ5AW.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\HpilNv.exe
C:\WINDOWS\System32\FmlxfJ7.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [0stW3EV] occpbrd.exe
O4 - HKLM\..\Run: [53YDYWJ374KTD9] C:\WINDOWS\System32\TcvE0HeT.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [SQ5AW] C:\documents and settings\bill\local settings\temp\SQ5AW.exe
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\User\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

Thanks again for all of your help. It's definiately getting better!

Karen
  • 0

#5
ditto
Posted 28 June 2004 - 11:26 AM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Fix these entries:

O4 - HKLM\..\Run: [0stW3EV] occpbrd.exe
O4 - HKLM\..\Run: [53YDYWJ374KTD9] C:\WINDOWS\System32\TcvE0HeT.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

reboot and run a virus scan found here

http://housecall.antivirus.com/

restart after the scan and post a new log

ditto
  • 0

#6
murphy_karena
Posted 29 June 2004 - 08:34 AM

murphy_karena

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks again ditto!

I fixed those entries and ran the housecall virus scan. It found 8 infected files and I deleted them.

Here is my latest Hijack this:

Logfile of HijackThis v1.97.7
Scan saved at 10:30:55 AM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\documents and settings\bill\local settings\temp\SQ5AW.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [SQ5AW] C:\documents and settings\bill\local settings\temp\SQ5AW.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#7
Kat
Posted 03 September 2005 - 01:13 AM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP