Hello,
I got Agent Ransack to work (I did not have search subfolders clicked first time!)
Here is the log from the scan I ran:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini (4 KB, 5/4/2005 6:09:24 AM)
163 [Iwantsearch]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.050327-1216.log (2 KB, 3/27/2005 1:20:38 PM)
7 27.03.2005 12:18:22 - found: Iwantsearch Settings
8 27.03.2005 12:18:22 - found: Iwantsearch Uninstall settings
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.050327-1220.txt (3 KB, 3/27/2005 1:20:38 PM)
31 Iwantsearch: Uninstall settings (Registry key, nothing done)
34 Iwantsearch: Settings (Registry key, nothing done)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.050327-1907.txt (3 KB, 3/27/2005 8:07:15 PM)
31 Iwantsearch: Uninstall settings (Registry key, fixed)
34 Iwantsearch: Settings (Registry key, fixed)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Iwantsearch.zip (1 KB, 3/27/2005 8:05:47 PM)
1 PK ¸˜{2“¸ §̃sbRecovery.reg;Ó` i² ˜° Gù d̀læ%Ú-UÜ"Ơê@©9rWPü–ÿ—â@’_›¹y]ns £aỈÜ Ô|Ơm<¦.¡= £=XÙ́bª‚[«Iƒ ÜR(ƯÓ¾] Ư·™¡L>z0_̉ă)ZP¾ËÎ ••@xß+ڨŨ<ëø =AÈ©p%z ½ÆÑô@́\ ÙÍ o¼+´ƠJ¿ø¡, ÚF™dAMÎEÛ îTÏ„íæo ;D´MW Lˆ j› ! Ä–:EGƠ[ œÛÓ˜ PK “¸ §̃PK ¸˜{2Zhèƒÿ0 sbRecovery.iniEÖßÏêø ø( á®dA– X x 2 €ˆx qƒZ¢b¥ [6à0Ư/”?ˆ ̉ ¡hßÚj{ 7 ÁÆ ö›ađ¦̉ A¢ó1o x²lw²R̉& ‹ô 8O à £ ¦ LCú *@ è̀w§J FÇO‡ }¼‡‚+³V E ̉”Ø $5¡̃²¹₫¡3û²–!× ´½vƠN jÏ->} ’Ÿü;ip Ăç‚°‰wµS»NX] — 4ª e£ Å¢Ç* ›ÜĂ—, Éå k”êTt‡¤ÏĂ >Ô–IĂéµ÷̣K¹µÔ~ ƒƯ:Ưo°ˆQ” ¢`‹¹́bh ÄPK Zhèƒÿ0 PK ¸˜{2“¸ §̃ €sbRecovery.regPK ¸˜{2Zhèƒÿ0 € sbRecovery.iniPK xA Grecovery information for Iwantsearch for use with Spybot-Search&Destroy
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Iwantsearch1.zip (1 KB, 3/27/2005 8:05:47 PM)
1 PK ¸˜{2 ß‚kèÀ sbRecovery.reg;Ó` i² ˜° GqR¤9̃~́™cÆ|ª²̣z™u ƒ8t{¿©«ă(× i K#Ä ‡: ç9|#ưĐ;µL¿ˆĐ$ sÙ¦æĐ P"@¿ 7 §Îûuïà1¢Æ÷T̉ U¨ûÛL >! q6f™X̣¢&˜c çA<·M}Ë!«É̉UÚG ¥º¤í¼ØÜÆÿRsNªè’ £¨áĂịär>³E₫áÆVOó1s] Ø${$ Z¿ °KÚ:œ<¸ƒîùoÉz × Dsqîrdç ú ±¶¤øY áƯ‘Ô(J¯×ïb/è˜ vPK ß‚kèÀ PK ¸˜{2Ÿv’±ú( sbRecovery.iniEÖßÏêø ø( á®lÔỮ\̉ä ŸÚZ*€,ư 2₫| S¢QVa+µÇç¦ÓÄ ´öæ v< „§(ͺ̀ Dè Åê€!ú OØbe*1ê×ă^^̀–øB8,ØP—ÑŒƯ ¤Ip” Ï'ĐÇi“ mäÉ gÜÑ pÄ3ư4‹)»¬¢ă¾"Ùí§¼|¯AzpÔ|áÖ{ä! X‡‚@‰L«ÉÆ)Éă¥?¯Æ<<:“æ60Ô ÃU 1~¢dNO]vaFIh¾ƒ' ¡à§$xÜ](SÔ¨ C¡½M7 «P/_ n -Cë§aÜÁ$° ̉?ö [PK Ÿv’±ú( PK ¸˜{2 ß‚kèÀ €sbRecovery.regPK ¸˜{2Ÿv’±ú( €$ sbRecovery.iniPK xZ Grecovery information for Iwantsearch for use with Spybot-Search&Destroy
C:\Documents and Settings\The Moe Family\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-09-24 02-35-51.txt (122 KB, 9/24/2004 2:35:51 AM)
2362 Data : IWantSearch.url
2364 Comment : Problematic URL discovered:
http://www.iwantsearch.comC:\Documents and Settings\The Moe Family\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-09-26 09-13-13.txt (110 KB, 9/26/2004 9:13:13 AM)
896 Possible Browser Hijack attempt : S-1-5-21-1177238915-602162358-725345543-1004\Software\Microsoft\Internet Explorer\MainStart Pageiwantsearch.com
900 Data : "
http://www.iwantsearch.com"906 Data : "
http://www.iwantsearch.com"2287 Data : IWantSearch.url
2289 Comment : Problematic URL discovered:
http://www.iwantsearch.comC:\Documents and Settings\The Moe Family\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2004-09-27 18-01-42.txt (62 KB, 9/27/2004 6:01:42 PM)
1048 Possible Browser Hijack attempt : S-1-5-21-1177238915-602162358-725345543-1004\Software\Microsoft\Internet Explorer\MainStart Pageiwantsearch.com
1052 Data : "
http://www.iwantsearch.com"1058 Data : "
http://www.iwantsearch.com"C:\Documents and Settings\The Moe Family\Local Settings\History\History.IE5\index.dat (192 KB, 5/28/2005 11:17:27 AM)
0 arch.ebay.com/dodger-mat_W0QQsojsZ1QQfromZR40'đ đ đ đ đ URL Ü{!mbÅ Ü{!mbÅ Â2‹ `h₫ ´»2p đ Visited: The Moe Family@http://t.trafficmp.com/b.t/emB4/1990449571555701320đ đ đ đ đ đ đ đ đ đ đ đ đ đ URL ?JqbÅ ?JqbÅ Â2D `h₫ ¼»2© đ Visited: The Moe Family@http://contact.ebay.com/ws/eBayISAPI.dll?AskSellerQuestionđ đ đ đ đ đ đ đ đ đ đ đ URL @É¡sÁbÅ @É¡sÁbÅ Â2ưk`h₫ Œ»2ăl đ Visited: The Moe Family@about:blankđ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ URL €;"́»bÅ €;"́»bÅ Â2‹f`h₫ ¬D»2pg đ Visited: The Moe Family@http://www.geekstogo.com/forum/index.phpđ 0Please stand by...đ đ đ đ URL àà":²cÅ àà":²cÅ Ă2ï‘`h₫ œ¨¼2Ô’ đ Visited: The Moe Family@http://cbs.sportsline.com ”NFL, MLB, NBA, NHL, NCAA, Fantasy Sports and more: CBS SportsLine.comđ đ đ đ đ đ đ đ đ đ đ đ đ đ đ URL '£»bÅ '£»bÅ Â2Jf`h₫ Øt»2/g đ Visited: The Moe Family@http://www.getfound.com/bin/gethtmlcustom.asp?affid=782&popid=50078&mt=microsoft+office`Shopping for microsoft office - Click Now!đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ URL €ñ“â»bÅ €ñ“â»bÅ Â2ƒf`h₫ ́»2hg đ Visited: The Moe Family@http://ads.cc214142.com/hserver/site=AIUSA.DGSW/area=DGSW.MONSTERRETNEW.600X400.956/uid=3480228827084215722URL @ #¼bÅ @ #¼bÅ Â2»f`h₫ Đ`»2"h đ Visited: The Moe Family@http://www.getfound.com/bin/gethtmlcustom.asp?affid=782&popid=50104&mt=donate LShopping for donate - Click Now!đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ URL ÇƯ-¼bÅ ÇƯ-¼bÅ Â2Æf`h₫ Đœ»2+h đ Visited: The Moe Family@http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.htmlˆGeeks To Go Forums -> Malware Removal - HiJackThis Logs Go Heređ đ đ đ đ URL P²!2¼bÅ P²!2¼bÅ Â2f`h₫ ´<»2/h đ Visited: The Moe Family@http://www.geekstogo.com/forum/Metallica-m7027.html(Viewing Profileđ đ đ đ URL `× O¼bÅ `× O¼bÅ Â2äf`h₫ À»2Ih đ Visited: The Moe Family@http://z1.adserver.com/w/cp.x;rid=1;tid=2;ev=1;dt=3;ac=14;c=98;đ đ đ đ đ đ đ đ đ đ đ URL đ1 é±cÅ đ1 é±cÅ Ă2§‘`h₫ È„¼2Œ’ đ Visited: The Moe Family@http://www.geekstogo.com/forum/index.php?act=Post&CODE=02&f=37&t=28994pGeeks To Go Forums -> Replying in Non-stop pop-upsđ đ đ đ đ đ đ đ đ đ đ đ đ URL „‘»bÅ „‘»bÅ Â2ff`h₫ œx»2Kg đ Visited: The Moe Family@http://www.iwantsearch.comdIwantSearch.com - best search for your needs!đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ URL Wî ¼bÅ Wî ¼bÅ Â2·f`h₫ Èl»2 h đ Visited: The Moe Family@http://www.geekstogo.com/forum/index.php?showtopic=28994&st=0&p=144251&XGeeks To Go Forums -> Non-stop pop-upsđ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ URL °> ¤±cÅ °> ¤±cÅ Ă2i‘`h₫ ¼¼2N’ đ Visited: The Moe Family@java script:redirect_to('&act=Search&CODE=getreplied', 0)đ đ đ đ đ đ đ đ đ đ đ đ đ URL B<O¼bÅ B<O¼bÅ Â2äf`h₫ Ø»2Ih đ Visited: The Moe Family@http://media.fastclick.net/w/pop.cgi?sid=20722&m=2&CK=N&JS=N&c=3601018623372969769&SZ=1đ đ đ đ đ URL ßEO¼bÅ ßEO¼bÅ Â2äf`h₫ È»2Ih đ Visited: The Moe Family@http://z1.adserver.com/w/cp.x;rid=1;tid=2;ev=1;dt=3;ac=14;c=98;;nc=1đ đ đ đ đ đ đ đ đ đ URL P¾Œ¦±cÅ P¾Œ¦±cÅ Ă2k‘`h₫ <¼2P’ đ Visited: The Moe Family@http://www.geekstogo.com/forum/index.php?act=Search&nav=gr&CODE=show&searchid=2df6b525039d31324e42b07f0642e185&search_in=posts&result_type=topics (Search Resultsđ đ đ đ đ đ đ đ đ đ đ đ URL ° d ²cÅ ° d ²cÅ Ă2¢’`h₫ ¬D¼2¢’ đ Visited: The Moe Family@http://www.geekstogo.com/forum/index.php? 0Please stand by...đ đ đ đ URL đƯsÎÀbÅ đƯsÎÀbÅ Â2jk`h₫ ”,»2Ol đ Visited: The Moe Family@http://www.cnn.comCNN.comđ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ URL `s´«ÀbÅ `s´«ÀbÅ Â2Kk`h₫ <»20l đ Visited: The Moe Family@http://www.geekstogo.com/forum/index.php?act=Search&nav=gr&CODE=show&searchid=0f14431b1a99d1529918ec2f9cfb8eb1&search_in=posts&result_type=topics (Search Resultsđ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ đ URL ƠÎÀbÅ ƠÎÀbÅ Â2jk`h₫ ´8»2Ol đ Visited: The Moe Family@http://www.cnn.com/cnn_adspaces/adsPopup2.html?0đ $Advertisementđ đ đ đ đ URL ̀ÎÀbÅ ̀ÎÀbÅ Â2jk`h₫ è(»2Ol đ Visited: The Moe
C:\Documents and Settings\The Moe Family\Local Settings\Temporary Internet Files\Content.IE5\GDIJKHIN\index[3].htm (83 KB, 5/28/2005 11:20:19 AM)
32 ='middle' alt='' /> <input type="radio" class="radiobutton" name="iconid" value="10" /> <img src="style_images/1/folder_post_icons/icon10.gif" align='middle' alt='' /> <input type="radio" class="radiobutton" name="iconid" value="11" /> <img src="style_images/1/folder_post_icons/icon11.gif" align='middle' alt='' /> <input type="radio" class="radiobutton" name="iconid" value="12" /> <img src="style_images/1/folder_post_icons/icon12.gif" align='middle' alt='' /> <input type="radio" class="radiobutton" name="iconid" value="13" /> <img src="style_images/1/folder_post_icons/icon13.gif" align='middle' alt='' /> <input type="radio" class="radiobutton" name="iconid" value="14" /> <img src="style_images/1/folder_post_icons/icon14.gif" align='middle' alt='' /><br /> <input type="radio" class="radiobutton" name="iconid" value="0" checked="checked" /> [ Use None ] </td> </tr> <tr> <td colspan="2" class="formsubtitle">File Attachments</td> </tr> <tr> <td class="pformleft" valign="top"><b>Attachments</b><br />Global Space Left: 2mb</td> <td class="pformright"><input class="forminput" type="file" size="30" name="FILE_UPLOAD" /> <input type="submit" onclick="Override=1;" name="attachgo" value="Add This Attachment" class="button" /><!--IBF.UPLOADED_ITEMS--></td> </tr> <tr> <td class="formbuttonrow" colspan="2"> <input type="submit" name="submit" value="Add Reply" tabindex="7" class="button" accesskey="s" /> <input type="submit" name="preview" value="Preview Post" tabindex="8" class="button" /> </td> </tr> </table> </div> </form> <br style="clear: all;" /><br /> <div class="borderwrap"> <div class="maintitle">Last 10 Posts [ In reverse order ]</div> <table cellspacing="1"><tr> <td class="row2" valign="top" width="20%"><b>Metallica</b></td> <td class="row2" valign="top" width="80%">Posted Yesterday, 06:35 AM</td> </tr> <tr> <td class="row1" valign="top" width="20%"> </td> <td class="row1" valign="top" width="80%"><span class="postcolor">Please download Agent Ransack from: <br /><a href='http://www.mythicsoft.com/agentransack/' target='_blank'>
http://www.mythicsof...entransack/</a> <br /><br />Run the program and make sure there are Checkmarks in the Expert User and Containing Text boxes on the Advanced tab. <br /><br />In the bottom bar type or paste <b>iwantsearch</b><br /><br />Then click Start Search. <br /><br />It will take quite a while before it's done. <br /><br />When it is click "Save results" (icon #4 from the left) <br />Choose save to clipboard and paste them into your next post. <br /><br />Regards,</span></td> </tr><tr> <td class="row2" valign="top" width="20%"><b>Herb119</b></td> <td class="row2" valign="top" width="80%">Posted Yesterday, 06:00 AM</td> </tr> <tr> <td class="row1" valign="top" width="20%"> </td> <td class="row1" valign="top" width="80%"><span class="postcolor">Yes, I have had this start page problem for quite some time. Regardless of what I change the start page to, it always goes back to <a href='http://www.iwantsearch.com/' target='_blank'>
http://www.iwantsear.../a></span></td> </tr><tr> <td class="row2" valign="top" width="20%"><b>Metallica</b></td> <td class="row2" valign="top" width="80%">Posted May 26 2005, 11:40 PM</td> </tr> <tr> <td class="row1" valign="top" width="20%"> </td> <td class="row1" valign="top" width="80%"><span class="postcolor">Can you change your startpage and see if it stays the way you set it.<br /><br />I wouldn't be surprised if the popups originated there.<br /><br />Regards,</span></td> </tr><tr> <td class="row2" valign="top" width="20%"><b>Herb119</b></td> <td class="row2" valign="top" width="80%">Posted May 26 2005, 08:35 PM</td> </tr> <tr> <td class="row1" valign="top" width="20%"> </td> <td class="row1" valign="top" width="80%"><span class="postcolor">I just booted up my computer and got on to the Web, and sure enough, three pop-ups hit me within the first minute!<br /><br />Thank for all of the help you are giving me!</span></td> </tr><tr> <td class="row2" valign="top" width="20%"><b>Herb119</b></td> <td class="row2" valign="top" width="80%">Posted May 26 2005, 05:51 PM</td> </tr> <tr> <td class="row1" valign="top" width="20%"> </td> <td class="row1" valign="top" width="80%"><span class="postcolor">Thank you so much for the guidance! I did as you instructed, and here is my new HijackThis log:<br /><br />Logfile of HijackThis v1.99.1<br />Scan saved at 5:50:25 PM, on 5/26/2005<br />Platform: Windows XP SP2 (WinNT 5.01.2600)<br />MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)<br /><br />Running processes:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\csrss.exe<br />C:\WINDOWS\system32\winl
33 exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\Program Files\STOPzilla!\szntsvc.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />C:\Program Files\STOPzilla!\Stopzilla.exe<br />C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />c:\progra~1\mcafee.com\vso\mcvsescn.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />C:\WINDOWS\system32\RUNDLL32.EXE<br />C:\Program Files\Spyware Doctor\swdoctor.exe<br />C:\Program Files\Internet Explorer\iexplore.exe<br />c:\progra~1\intern~1\iexplore.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe<br />C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe<br />C:\WINDOWS\System32\CTsvcCDA.exe<br />C:\WINDOWS\system32\drivers\dcfssvc.exe<br />C:\PROGRA~1\Iomega\System32\AppServices.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe<br />C:\WINDOWS\System32\nvsvc32.exe<br />C:\WINDOWS\system32\wdfmgr.exe<br />C:\WINDOWS\System32\MsPMSPSv.exe<br />c:\progra~1\mcafee.com\vso\mcvsftsn.exe<br />C:\Program Files\Messenger\msmsgs.exe<br />C:\Program Files\MSN Messenger\msnmsgr.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />C:\WINDOWS\explorer.exe<br />C:\Program Files\MSN\MSNCoreFiles\msn.exe<br />C:\Program Files\HijackThis\HijackThis.exe<br /><br />R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = <a href='http://searchmiracle.com/sp.php' target='_blank'>
http://searchmiracle...m/sp.php</a><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>
http://www.iwantsear...arch.com</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank<br />R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm<br />R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online<br />R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1<br />O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll<br />O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe<br />O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll<br />O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll<br />O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll<br />O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup<br />O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup<br />O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask<br />O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"<br />O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe<br />O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun<br />O4 - HKLM\..\Run: [abu] abu.exe<br />O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files&
C:\Documents and Settings\The Moe Family\Local Settings\Temporary Internet Files\Content.IE5\GDIJKHIN\index[4].htm (102 KB, 5/28/2005 11:21:04 AM)
17 exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\Program Files\STOPzilla!\szntsvc.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />C:\Program Files\STOPzilla!\Stopzilla.exe<br />C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />c:\progra~1\mcafee.com\vso\mcvsescn.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />C:\WINDOWS\system32\RUNDLL32.EXE<br />C:\Program Files\Spyware Doctor\swdoctor.exe<br />C:\Program Files\Internet Explorer\iexplore.exe<br />c:\progra~1\intern~1\iexplore.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe<br />C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe<br />C:\WINDOWS\System32\CTsvcCDA.exe<br />C:\WINDOWS\system32\drivers\dcfssvc.exe<br />C:\PROGRA~1\Iomega\System32\AppServices.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe<br />C:\WINDOWS\System32\nvsvc32.exe<br />C:\WINDOWS\system32\wdfmgr.exe<br />C:\WINDOWS\System32\MsPMSPSv.exe<br />c:\progra~1\mcafee.com\vso\mcvsftsn.exe<br />C:\Program Files\Messenger\msmsgs.exe<br />C:\Program Files\MSN Messenger\msnmsgr.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />C:\WINDOWS\explorer.exe<br />C:\Program Files\MSN\MSNCoreFiles\msn.exe<br />C:\Program Files\HijackThis\HijackThis.exe<br /><br />R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = <a href='http://searchmiracle.com/sp.php' target='_blank'>
http://searchmiracle...m/sp.php</a><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>
http://www.iwantsear...arch.com</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank<br />R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm<br />R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online<br />R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1<br />O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll<br />O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe<br />O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll<br />O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll<br />O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll<br />O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup<br />O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup<br />O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask<br />O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"<br />O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe<br />O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun<br />O4 - HKLM\..\Run: [abu] abu.exe<br />O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files&
17 Win2k, XP and Mandrake<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post1"> <!-- THE POST 142287 --> <div class="postcolor">Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:<br /><br />R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = <a href='http://searchmiracle.com/sp.php' target='_blank'>
http://searchmiracle...m/sp.php</a><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>
http://www.iwantsear...arch.com</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank<br /><br />O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe<br /><br />O4 - HKLM\..\Run: [abu] abu.exe<br /><br />O4 - HKLM\..\Run: [SetupSixthAimRoad] C:\Documents and Settings\All Users\Application Data\scr bash setup sixth\First Window.exe<br /><br />O4 - HKLM\..\Run: [golumm] C:\WINDOWS\System32\golumm\services.exe<br /><br />O4 - HKLM\..\Run: [REEGRUN] C:\index.exe<br /><br />O4 - HKLM\..\RunServices: [Windows Compliant] exvwwp.exe<br />O4 - HKLM\..\RunServices: [MSNMSGR5] MSNMSGR5.exe<br />O4 - HKCU\..\Run: [Gbzth] C:\WINDOWS\System32\d?dplay.exe<br /><br />O4 - HKCU\..\Run: [CornBags] C:\DOCUME~1\LOCALS~1\APPLIC~1\GRIMDO~1\WEBADMINCITY.exe<br /><br />O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\System32\golumm\services.exe<br /><br />O16 - DPF: {03EE37F2-24A6-2160-1236-1054485169B8} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0422EFAF-329B-1795-0B3C-0D8B2934D274} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {05669230-6FD3-0DDC-7AA1-55407243F25F} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br /><br />O16 - DPF: {0676AEFF-A62D-1FCC-E82F-1C93254F4816} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0776B53B-C3F1-6857-4520-09AF0EEFE301} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {082C671D-F4F9-06FC-F166-5D09798304F7} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0872BBDF-14C7-3774-0998-07285BB35361} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {08C727A5-FEE4-0032-D1A4-7B255E7133F2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0A637158-84DF-0420-624A-19883CE5C7BE} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0A86BB98-9511-386F-7FFE-004A42E8EAA2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0D83B617-CDF8-4DF1-F38F-34971E114000} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0F35295A-80B5-59DE-54CC-7F8419FB36D7} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {1221690F-F801-46BC-C5A4-7F2B5D89436A} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {133F0599-EDCA-0E96-C383-02633494CDFE} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {14F40B04-7241-28D7-C0C6-236E1633B291} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {15E449F2-291F-04B9-8187-622B4EE1645D} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {16752296-4578-13E4-9695-7B1644CE0785} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {17381D1E-BFE7-2809-15E1-22FD3FC917A6} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {19E4B143-49E9-4F74-3338-4AA40075C353} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {1BB8D993-DC3A-45E2-A61C-065576196DC2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/1/gdnUS20819 esses:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\csrss.exe<br />C:\WINDOWS\system32\winlogon.exe<br />C:\WINDOWS\system32\services.exe<br />C:\WINDOWS\system32\lsass.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\Program Files\STOPzilla!\szntsvc.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\Explorer.EXE<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe<br />C:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />C:\Program Files\STOPzilla!\Stopzilla.exe<br />C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />c:\progra~1\mcafee.com\vso\mcvsescn.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />C:\WINDOWS\system32\RUNDLL32.EXE<br />C:\PROGRA~1\SPYWAR~1\swdoctor.exe<br />C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe<br />C:\WINDOWS\System32\CTsvcCDA.exe<br />C:\WINDOWS\system32\drivers\dcfssvc.exe<br />C:\PROGRA~1\Iomega\System32\AppServices.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe<br />C:\WINDOWS\System32\nvsvc32.exe<br />C:\WINDOWS\system32\wdfmgr.exe<br />C:\WINDOWS\System32\MsPMSPSv.exe<br />c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />C:\WINDOWS\System32\alg.exe<br />C:\Program Files\MSN\MSNCoreFiles\msn.exe<br />C:\Program Files\MSN Messenger\msnmsgr.exe<br />c:\progra~1\mcafee.com\vso\mcvsftsn.exe<br />C:\Program Files\Messenger\msmsgs.exe<br />C:\Program Files\HijackThis\HijackThis.exe<br /><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>
http://www.iwantsear...arch.com</a><br />R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm<br />R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online<br />R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1<br />O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll<br />O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll<br />O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll<br />O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll<br />O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup<br />O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup<br />O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask<br />O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"<br />O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe<br />O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun<br />O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\iba
22 Windows XP<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post1"> <!-- THE POST 144251 --> <div class="postcolor">Yes, I have had this start page problem for quite some time. Regardless of what I change the start page to, it always goes back to <a href='http://www.iwantsearch.com/' target='_blank'>
http://www.iwantsearch.com/</a> <!--IBF.ATTACHMENT_144251--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&CODE=showcard&MID=57168','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="
http://www.geekstogo...MID=57168"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!--<a href="
http://www.geekstogo...7168.html"><img src='style_images/1/p_email.gif' border='0' alt='Email Poster' /></a>--></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="
http://www.geekstogo...&st=0"><img src='style_images/1/p_edit.gif' border='0' alt='Edit Post' /></a><a href="#" onclick="multiquote_add(144251); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_144251" alt="+" /></a><a href="
http://www.geekstogo...38;qpid=144251" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 144299--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry144299"></a><span class="normalname"><a href='http://www.geekstogo.com/forum/Metallica-m7027.html'>Metallica</a></span></td> <td class="row2" valign="top" width="99%"> <!-- POSTED DATE DIV --> <div style="float: left;"> <span class="postdetails"> <img src='style_images/1/to_post_off.gif' alt='post' border='0' style='padding-bottom:2px' /> Yesterday, 06:35 AM</span> </div> <!-- REPORT / DELETE / EDIT / QUOTE DIV --> <div align="right"> <span class="postdetails"> Post <a title="Show the link to this post" href="#" onclick="link_to_post(144299); return false;">#7</a> </span> </div> </td> </tr> <tr> <td valign="top" class="post2"> <span class="postdetails"> <img src='http://www.geekstogo.com/forum/uploads/av-7027.gif' border='0' width='60' height='23' alt='' /><br /><br /> Malware Expert<br /> <img src="staff.gif" alt="Group Icon" /><br /><br /> Group: Global Moderator<br /> Posts: 3,447<br /> Joined: 23-November 04<br /> Member No.: 7,027<br /> Operating System:<br />
23 Win2k, XP and Mandrake<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post2"> <!-- THE POST 144299 --> <div class="postcolor">Please download Agent Ransack from: <br /><a href='http://www.mythicsoft.com/agentransack/' target='_blank'>
http://www.mythicsof...entransack/</a> <br /><br />Run the program and make sure there are Checkmarks in the Expert User and Containing Text boxes on the Advanced tab. <br /><br />In the bottom bar type or paste <b>iwantsearch</b><br /><br />Then click Start Search. <br /><br />It will take quite a while before it's done. <br /><br />When it is click "Save results" (icon #4 from the left) <br />Choose save to clipboard and paste them into your next post. <br /><br />Regards, <!--IBF.ATTACHMENT_144299--></div> <br /><br />--------------------<br /> <div class="signature"><span style='color:brown'><b>Pieter</b></span><br /><br /><a href='http://metallica.geekstogo.com/' target='_blank'><span style='color:red'><b>Remove & prevent spyware</b></span></a></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_offline.gif' border='0' alt='User is offline' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&CODE=showcard&MID=7027','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="
http://www.geekstogo...;MID=7027"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="#" onclick="multiquote_add(144299); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_144299" alt="+" /></a><a href="
http://www.geekstogo...38;qpid=144299" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 146172--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry146172"></a><span class="normalname"><a href='http://www.geekstogo.com/forum/Herb119-m57168.html'>Herb119</a></span></td> <td class="row2" valign="top" width="99%"> <!-- POSTED DATE DIV --> <div style="float: left;"> <span class="postdetails"> <img src='style_images/1/to_post_off.gif' alt='post' border='0' style='padding-bottom:2px' /> Today, 11:20 AM</span> </div> <!-- REPORT / DELETE / EDIT / QUOTE DIV --> <div align="right"> <span class="postdetails"> Post <a title="Show the link to this post" href="#" onclick="link_to_post(146172); return false;">#8</a> </span> </div> </td> </tr> <tr> <td valign="top" class="post1"> <span class="postdetails"> <br /><br /> Member<br /> <img src='style_images/1/pip.gif' border='0' alt='*' /><img src='style_images/1/pip.gif' border='0' alt='*' /><br /><br /> Group: Member<br /> Posts: 6<br /> Joined: 25-May 05<br /> Member No.: 57,168<br /> Operating System:<br />
C:\Documents and Settings\The Moe Family\Local Settings\Temporary Internet Files\Content.IE5\GDIJKHIN\Non_stop_pop_ups-t28994[1].htm (99 KB, 5/28/2005 11:18:33 AM)
17 exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\Program Files\STOPzilla!\szntsvc.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />C:\Program Files\STOPzilla!\Stopzilla.exe<br />C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />c:\progra~1\mcafee.com\vso\mcvsescn.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />C:\WINDOWS\system32\RUNDLL32.EXE<br />C:\Program Files\Spyware Doctor\swdoctor.exe<br />C:\Program Files\Internet Explorer\iexplore.exe<br />c:\progra~1\intern~1\iexplore.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe<br />C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe<br />C:\WINDOWS\System32\CTsvcCDA.exe<br />C:\WINDOWS\system32\drivers\dcfssvc.exe<br />C:\PROGRA~1\Iomega\System32\AppServices.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe<br />C:\WINDOWS\System32\nvsvc32.exe<br />C:\WINDOWS\system32\wdfmgr.exe<br />C:\WINDOWS\System32\MsPMSPSv.exe<br />c:\progra~1\mcafee.com\vso\mcvsftsn.exe<br />C:\Program Files\Messenger\msmsgs.exe<br />C:\Program Files\MSN Messenger\msnmsgr.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />C:\WINDOWS\explorer.exe<br />C:\Program Files\MSN\MSNCoreFiles\msn.exe<br />C:\Program Files\HijackThis\HijackThis.exe<br /><br />R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = <a href='http://searchmiracle.com/sp.php' target='_blank'>
http://searchmiracle...m/sp.php</a><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>
http://www.iwantsear...arch.com</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank<br />R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm<br />R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online<br />R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1<br />O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll<br />O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe<br />O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll<br />O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll<br />O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll<br />O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup<br />O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup<br />O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask<br />O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"<br />O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe<br />O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun<br />O4 - HKLM\..\Run: [abu] abu.exe<br />O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files&
17 Win2k, XP and Mandrake<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post1"> <!-- THE POST 142287 --> <div class="postcolor">Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:<br /><br />R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = <a href='http://searchmiracle.com/sp.php' target='_blank'>
http://searchmiracle...m/sp.php</a><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target='_blank'>
http://www.iwantsear...arch.com</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank<br /><br />O2 - BHO: (no name) - {7B996AF3-32E1-89E6-A9CB-F9C9C1758652} - C:\DOCUME~1\THEMOE~1\APPLIC~1\SEEKFU~1\twospam.exe<br /><br />O4 - HKLM\..\Run: [abu] abu.exe<br /><br />O4 - HKLM\..\Run: [SetupSixthAimRoad] C:\Documents and Settings\All Users\Application Data\scr bash setup sixth\First Window.exe<br /><br />O4 - HKLM\..\Run: [golumm] C:\WINDOWS\System32\golumm\services.exe<br /><br />O4 - HKLM\..\Run: [REEGRUN] C:\index.exe<br /><br />O4 - HKLM\..\RunServices: [Windows Compliant] exvwwp.exe<br />O4 - HKLM\..\RunServices: [MSNMSGR5] MSNMSGR5.exe<br />O4 - HKCU\..\Run: [Gbzth] C:\WINDOWS\System32\d?dplay.exe<br /><br />O4 - HKCU\..\Run: [CornBags] C:\DOCUME~1\LOCALS~1\APPLIC~1\GRIMDO~1\WEBADMINCITY.exe<br /><br />O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\System32\golumm\services.exe<br /><br />O16 - DPF: {03EE37F2-24A6-2160-1236-1054485169B8} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0422EFAF-329B-1795-0B3C-0D8B2934D274} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {05669230-6FD3-0DDC-7AA1-55407243F25F} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br /><br />O16 - DPF: {0676AEFF-A62D-1FCC-E82F-1C93254F4816} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0776B53B-C3F1-6857-4520-09AF0EEFE301} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {082C671D-F4F9-06FC-F166-5D09798304F7} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0872BBDF-14C7-3774-0998-07285BB35361} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {08C727A5-FEE4-0032-D1A4-7B255E7133F2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0A637158-84DF-0420-624A-19883CE5C7BE} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0A86BB98-9511-386F-7FFE-004A42E8EAA2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0D83B617-CDF8-4DF1-F38F-34971E114000} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {0F35295A-80B5-59DE-54CC-7F8419FB36D7} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {1221690F-F801-46BC-C5A4-7F2B5D89436A} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {133F0599-EDCA-0E96-C383-02633494CDFE} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {14F40B04-7241-28D7-C0C6-236E1633B291} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {15E449F2-291F-04B9-8187-622B4EE1645D} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {16752296-4578-13E4-9695-7B1644CE0785} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {17381D1E-BFE7-2809-15E1-22FD3FC917A6} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {19E4B143-49E9-4F74-3338-4AA40075C353} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/...S208.exe</a><br />O16 - DPF: {1BB8D993-DC3A-45E2-A61C-065576196DC2} - <a href='http://69.50.188.54/1/gdnUS208.exe' target='_blank'>
http://69.50.188.54/1/gdnUS20819 esses:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\csrss.exe<br />C:\WINDOWS\system32\winlogon.exe<br />C:\WINDOWS\system32\services.exe<br />C:\WINDOWS\system32\lsass.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\Program Files\STOPzilla!\szntsvc.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\Explorer.EXE<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe<br />C:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />C:\Program Files\STOPzilla!\Stopzilla.exe<br />C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe<br />C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe<br />c:\progra~1\mcafee.com\vso\mcvsescn.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe<br />C:\WINDOWS\system32\RUNDLL32.EXE<br />C:\PROGRA~1\SPYWAR~1\swdoctor.exe<br />C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe<br />C:\WINDOWS\System32\CTsvcCDA.exe<br />C:\WINDOWS\system32\drivers\dcfssvc.exe<br />C:\PROGRA~1\Iomega\System32\AppServices.exe<br />c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe<br />C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe<br />C:\WINDOWS\System32\nvsvc32.exe<br />C:\WINDOWS\system32\wdfmgr.exe<br />C:\WINDOWS\System32\MsPMSPSv.exe<br />c:\PROGRA~1\mcafee.com\vso\mcshield.exe<br />C:\WINDOWS\System32\alg.exe<br />C:\Program Files\MSN\MSNCoreFiles\msn.exe<br />C:\Program Files\MSN Messenger\msnmsgr.exe<br />c:\progra~1\mcafee.com\vso\mcvsftsn.exe<br />C:\Program Files\Messenger\msmsgs.exe<br />C:\Program Files\HijackThis\HijackThis.exe<br /><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.iwantsearch.com' target=&