Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help needed in IE highjack and Malware[RESOLVED]


  • This topic is locked This topic is locked

#1
jas16

jas16

    Member

  • Member
  • PipPip
  • 13 posts
Hi
Thanks for this forum to help the people like me. I am getting pop up and IE startpage changes to master69.biz?1462. After scanning found some malwares.
I ran AVG, Antispy, spybot.

After going through the processes given in You must read this......
I generated the following HT log file. Please help me to clean my syatem from malwares.

Logfile of HijackThis v1.99.1
Scan saved at 4:46:11 PM, on 5/26/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\S3APPHK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\HFFEXT\HFFSRV.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\APPLICATION DATA\RSSU.EXE
C:\PROGRAM FILES\COMMON FILES\QWWR\QWWRM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: (no name) - {D318D1B0-6075-20A8-0BB6-44A1E8E43A9B} - C:\WINDOWS\SYSTEM\SHEUIOLZ.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [Encrypted Disk Auto Mount] rundll32.exe edshell.dll,MountAll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Multi Desktop 3.00] C:\PROGRAM FILES\MULTI DESKTOP\MULTIDESK.EXE
O4 - HKCU\..\Run: [Anre] C:\WINDOWS\Application Data\rssu.exe
O4 - HKCU\..\Run: [QWWR] C:\PROGRAM FILES\COMMON FILES\QWWR\QWWRM.EXE
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [Multi Desktop 3.00] C:\PROGRAM FILES\MULTI DESKTOP\MULTIDESK.EXE
O4 - HKCU\..\RunServices: [Anre] C:\WINDOWS\Application Data\rssu.exe
O4 - HKCU\..\RunServices: [QWWR] C:\PROGRAM FILES\COMMON FILES\QWWR\QWWRM.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = x
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,202.63.164.17

Thanks,

Jas
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Download: DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: (no name) - {D318D1B0-6075-20A8-0BB6-44A1E8E43A9B} - C:\WINDOWS\SYSTEM\SHEUIOLZ.DLL (file missing)

O4 - HKCU\..\Run: [Anre] C:\WINDOWS\Application Data\rssu.exe
O4 - HKCU\..\Run: [QWWR] C:\PROGRAM FILES\COMMON FILES\QWWR\QWWRM.EXE

O4 - HKCU\..\RunServices: [Anre] C:\WINDOWS\Application Data\rssu.exe
O4 - HKCU\..\RunServices: [QWWR] C:\PROGRAM FILES\COMMON FILES\QWWR\QWWRM.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)

Then reboot and let me know how it goes.

Can you tell me a bit more about:
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe

I found it's called HideFilesAndFolders_S, but I couldn't find out who makes and/or distributes it.

Regards,
  • 0

#3
jas16

jas16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Dear Metallica,

WOW thanks for the response so fast. Im so thankul to you.

I have followed your instructions and will keep you posted what happens.
Regarding
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
Yes this is hide Files n folders by softstack and their URL is

http://www.softstack.com/hff.html

Thanks again and ill post the results tomorrow.

Jas

( I once again thankyou for your help)
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Thank you for the info on hffsrv.exe :tazz:
  • 0

#5
jas16

jas16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi

Thanks agn for help. I am almost done except for minor problems.

Today i ran NAV and it detected 5 threats, adware Bargainbuddy.
NAV was not able to delete them.
Here is logfile of NAV.

NAV SCAN REPORT

Threat category: AdwareSource: msexreg.exe,Description: The compressed file msexreg.exe within C:\WINDOWS\SYSTEM\netut80ex.vxd is a Adware threat.

Threat category: AdwareSource: javexulm.vxd,Description: The compressed file javexulm.vxd within C:\WINDOWS\SYSTEM\netut80ex.vxd is a Adware threat.

Threat category: AdwareSource: exul.exe,Description: The compressed file exul.exe within C:\WINDOWS\SYSTEM\netut80ex.vxd is a Adware threat.

Threat category: AdwareSource: mqexdlm.srg,Description: The compressed file mqexdlm.srg within C:\WINDOWS\SYSTEM\netut80ex.vxd is a Adware threat.

Threat category: AdwareSource: exdl.exe,Description: The compressed file exdl.exe within C:\WINDOWS\SYSTEM\netut80ex.vxd is a Adware threat.


I ran HT and the following is the fresh log file of same

Logfile of HijackThis v1.99.1
Scan saved at 11:19:54 AM, on 5/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\S3APPHK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\HFFEXT\HFFSRV.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [Encrypted Disk Auto Mount] rundll32.exe edshell.dll,MountAll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Multi Desktop 3.00] C:\PROGRAM FILES\MULTI DESKTOP\MULTIDESK.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = x
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,202.63.164.17

Please help me to remove Adware.

Thanks again
With Best Regards,
Jas
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Reboot into safe mode and delete:
C:\WINDOWS\SYSTEM\netut80ex.vxd

Let me know if it will go peacefully.

Regards,
  • 0

#7
jas16

jas16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Pieter,

I removed C:\WINDOWS\SYSTEM\netut80ex.vxd file and started scanning syatem with NAV. Though it showed clean, while scanning masterbiz69 window popped up. Explorer link and cinemaplugin was put on desktop :tazz:.

Here is the latest HT log file.

Logfile of HijackThis v1.99.1
Scan saved at 3:26:26 PM, on 5/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\S3APPHK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\HFFEXT\HFFSRV.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [Encrypted Disk Auto Mount] rundll32.exe edshell.dll,MountAll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Multi Desktop 3.00] C:\PROGRAM FILES\MULTI DESKTOP\MULTIDESK.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.archiviosex.net
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = x
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,202.63.164.17

Regards
Jas
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Use DellDomains.inf again

Download the RKFiles.zip from here:
http://skads.org/special/rkfiles.zip
1. Reboot into safe mode
2. Open the C:\Antispyware\RKFiles folder
* Locate and double-click the RKFILES.BAT to run this tool.
* Sit back and wait untill its finished.
* When it is finally finished a text file will open.
* Save the contents of that text file.
Note: It should save by default to C:\Log.txt
3. Reboot back to Normal Mode.
4. Post the log

Regards,
  • 0

#9
jas16

jas16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello pieter,
I followed ur instructions and here is the log file.....

ECHO is off

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES,
THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\vsapi32.dll: UPX!t4
C:\WINDOWS\tsc.exe: UPX!
Finished
bye

Regards,
Jas
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Those belong to your antivirus program.
We'll have to try something else.

Please download Agent Ransack from:
http://www.mythicsof...m/agentransack/

Run the program and make sure there are Checkmarks in the Expert User and Containing Text boxes on the Advanced tab.

In the bottom bar type or paste masterbiz69

Then click Start Search.

It will take quite a while before it's done.

When it is click "Save results" (icon #4 from the left)
Choose save to clipboard and paste them into your next post.

Regards,
  • 0

Advertisements


#11
jas16

jas16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Pieter,
Done as per ur instruction and here is the result
Jas


C:\WINDOWS\Temporary Internet Files\Content.IE5\EX3OTOVI\Help_needed_in_IE_highjack_and_Malware-t29018[2].html (87 KB, 5/27/05 4:26:00 PM)
23 windows 98<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post2"> <!-- THE POST 144095 --> <div class="postcolor">Hi Pieter,<br /><br />I removed C:\WINDOWS\SYSTEM\netut80ex.vxd file and started scanning syatem with NAV. Though it showed clean, while scanning masterbiz69 window popped up. Explorer link and cinemaplugin was put on desktop <!--emo&:tazz:--><img src='style_emoticons/default/sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /><!--endemo-->. <br /><br />Here is the latest HT log file.<br /><br />Logfile of HijackThis v1.99.1<br />Scan saved at 3:26:26 PM, on 5/27/05<br />Platform: Windows 98 SE (Win9x 4.10.2222A)<br />MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)<br /><br />Running processes:<br />C:\WINDOWS\SYSTEM\KERNEL32.DLL<br />C:\WINDOWS\SYSTEM\MSGSRV32.EXE<br />C:\WINDOWS\SYSTEM\MPREXE.EXE<br />C:\WINDOWS\SYSTEM\mmtask.tsk<br />C:\WINDOWS\SYSTEM\MSTASK.EXE<br />C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE<br />C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE<br />C:\WINDOWS\EXPLORER.EXE<br />C:\WINDOWS\TASKMON.EXE<br />C:\WINDOWS\SYSTEM\SYSTRAY.EXE<br />C:\WINDOWS\SYSTEM\IRMON.EXE<br />C:\WINDOWS\SYSTEM\S3APPHK.EXE<br />C:\WINDOWS\SYSTEM\STIMON.EXE<br />C:\WINDOWS\HFFEXT\HFFSRV.EXE<br />C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE<br />C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE<br />C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE<br />C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE<br />C:\WINDOWS\SYSTEM\WMIEXE.EXE<br />C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE<br />C:\WINDOWS\SYSTEM\DDHELP.EXE<br />C:\WINDOWS\SYSTEM\PSTORES.EXE<br />C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE<br /><br />O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL<br />O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL<br />O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll<br />O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL<br />O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll<br />O3 - Toolbar: &amp;Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX<br />O3 - Toolbar: &amp;Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL<br />O3 - Toolbar: &amp;Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll<br />O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll<br />O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun<br />O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe<br />O4 - HKLM\..\Run: [SystemTray] SysTray.Exe<br />O4 - HKLM\..\Run: [IrMon] IrMon.exe<br />O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme<br />O4 - HKLM\..\Run: [S3apphk] S3apphk.exe<br />O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup<br />O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE<br />O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe<br />O4 - HKLM\..\Run: [Encrypted Disk Auto Mount] rundll32.exe edshell.dll,MountAll<br />O4 - HKLM\..\Run: [TkBellExe] &quot;C:\Program Files\Common Files\Real\Update_OB\realsched.exe&quot; -osboot<br />O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program File
26 Win2k, XP and Mandrake<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post1"> <!-- THE POST 144139 --> <div class="postcolor">Those belong to your antivirus program.<br />We'll have to try something else.<br /><br />Please download Agent Ransack from: <br /><a href='http://www.mythicsoft.com/agentransack/' target='_blank'>http://www.mythicsof...entransack/</a> <br /><br />Run the program and make sure there are Checkmarks in the Expert User and Containing Text boxes on the Advanced tab. <br /><br />In the bottom bar type or paste <b>masterbiz69</b><br /><br />Then click Start Search. <br /><br />It will take quite a while before it's done. <br /><br />When it is click &quot;Save results&quot; (icon #4 from the left) <br />Choose save to clipboard and paste them into your next post. <br /><br />Regards, <!--IBF.ATTACHMENT_144139--></div> <br /><br />--------------------<br /> <div class="signature"><span style='color:brown'><b>Pieter</b></span><br /><br /><a href='http://metallica.geekstogo.com/' target='_blank'><span style='color:red'><b>Remove & prevent spyware</b></span></a></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=7027','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...;MID=7027"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="#" onclick="multiquote_add(144139); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_144139" alt="+" /></a><a href="http://www.geekstogo...38;qpid=144139" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!-- END TABLE --><!-- TABLE FOOTER --> <div class="barc"> <div style="float: right; padding: 5px 5px 0 0;"><a href="http://www.geekstogo...8&#38;view=old" style='text-decoration:none'>&laquo; Next Oldest</a> &middot; <a href="http://www.geekstogo..._Here-f37.html" style='font-weight: bold;text-decoration:none'>Malware Removal - HiJackThis Logs Go Here</a> &middot; <a href="http://www.geekstogo...8&#38;view=new" style='text-decoration:none'>Next Newest &raquo;</a></div> <div> <form action="http://www.geekstogo...rum/index.php?" method="post" name="search"> <input type="hidden" name="forums" value="37" /> <input type="hidden" name="topic" value="29018" /> <input type="hidden" name="act" value="Search" /> <input type="hidden" name="CODE" value="searchtopic" /> <input type="text" size="25" name="keywords" class="searchinput" value="Enter Keywords" onfocus="this.value = '';" />&nbsp; <input type="submit" value="Search Topic" class="button" /> </form> </div> </div> </div> <br /><table cellspacing="0"> <tr> <td style='padding-left:0px' width="30%" nowrap="nowrap" valign="middle"><div></div></td> <td class='nopad' style='padding:5px 0px 5px 0px' align="right" width="70%"><a href="java script:ShowHide('qr_open','qr_closed');" title="Open Fast Reply Window" accesskey="f"><img src='style_images/1/t_qr.gif' border='0' alt='Fast Reply' /></a><a href="http://www.geekstogo...8;t=29018"><img src='style_images/1/t_reply.gif' border='0' alt='Reply to this topic' /></a><a href="java script:ShowHide('topic_open','topic_closed')" title="Open Topic Options"><img src='style_images/1/t_options.gif' border='0' alt='Topic Options' /></a><a href="http://www.geekstogo...topic-f37.html" title="Start a new topic"><img src='style_images/1/t_new.gif' border='0' alt='Start new topic' /></a><!----></td> </tr> </table> <div class="borderwrap"> <div class="formsubtitle" style="padding: 4px;">1 User(s) are reading this topic (0 Guests and 0 Anonymous Users)</div> <div class="row1" style="padding: 4px;">1 Members: <a href='http://www.geekstogo.com/forum/jas16-m56776.htm

C:\WINDOWS\Temporary Internet Files\Content.IE5\EX3OTOVI\index[5].php (62 KB, 5/27/05 4:09:12 PM)
32 e_images/1/folder_post_icons/icon14.gif" align='middle' alt='' /><br /> <input type="radio" class="radiobutton" name="iconid" value="0" checked="checked" />&nbsp;&nbsp;[ Use None ] </td> </tr> <tr> <td colspan="2" class="formsubtitle">File Attachments</td> </tr> <tr> <td class="pformleft" valign="top"><b>Attachments</b><br />Global Space Left: 2mb</td> <td class="pformright"><input class="forminput" type="file" size="30" name="FILE_UPLOAD" /> <input type="submit" onclick="Override=1;" name="attachgo" value="Add This Attachment" class="button" /><!--IBF.UPLOADED_ITEMS--></td> </tr> <tr> <td class="formbuttonrow" colspan="2"> <input type="submit" name="submit" value="Add Reply" tabindex="7" class="button" accesskey="s" />&nbsp; <input type="submit" name="preview" value="Preview Post" tabindex="8" class="button" /> </td> </tr> </table> </div> </form> <br style="clear: all;" /><br /> <div class="borderwrap"> <div class="maintitle">Last 10 Posts [ In reverse order ]</div> <table cellspacing="1"><tr> <td class="row2" valign="top" width="20%"><b>Metallica</b></td> <td class="row2" valign="top" width="80%">Posted Today, 04:10 AM</td> </tr> <tr> <td class="row1" valign="top" width="20%">&nbsp;</td> <td class="row1" valign="top" width="80%"><span class="postcolor">Use DellDomains.inf again<br /><br />Download the RKFiles.zip from here:<br /><a href='http://skads.org/special/rkfiles.zip' target='_blank'>http://skads.org/spe...iles.zip</a><br />1. Reboot into <a href='http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406' target='_blank'>safe mode</a><br />2. Open the C:\Antispyware\RKFiles folder<br />* Locate and double-click the RKFILES.BAT to run this tool.<br />* Sit back and wait untill its finished.<br />* When it is finally finished a text file will open.<br />* Save the contents of that text file.<br />Note: It should save by default to C:\Log.txt<br />3. Reboot back to Normal Mode.<br />4. Post the log <br /><br />Regards,</span></td> </tr><tr> <td class="row2" valign="top" width="20%"><b>jas16</b></td> <td class="row2" valign="top" width="80%">Posted Today, 04:05 AM</td> </tr> <tr> <td class="row1" valign="top" width="20%">&nbsp;</td> <td class="row1" valign="top" width="80%"><span class="postcolor">Hi Pieter,<br /><br />I removed C:\WINDOWS\SYSTEM\netut80ex.vxd file and started scanning syatem with NAV. Though it showed clean, while scanning masterbiz69 window popped up. Explorer link and cinemaplugin was put on desktop <!--emo&;)--><img src='style_emoticons/default/sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /><!--endemo-->. <br /><br />Here is the latest HT log file.<br /><br />Logfile of HijackThis v1.99.1<br />Scan saved at 3:26:26 PM, on 5/27/05<br />Platform: Windows 98 SE (Win9x 4.10.2222A)<br />MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)<br /><br />Running processes:<br />C:\WINDOWS\SYSTEM\KERNEL32.DLL<br />C:\WINDOWS\SYSTEM\MSGSRV32.EXE<br />C:\WINDOWS\SYSTEM\MPREXE.EXE<br />C:\WINDOWS\SYSTEM\mmtask.tsk<br />C:\WINDOWS\SYSTEM\MSTASK.EXE<br />C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE<br />C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE<br />C:\WINDOWS\EXPLORER.EXE<br />C:\WINDOWS\TASKMON.EXE<br />C:\WINDOWS\SYSTEM\SYSTRAY.EXE<br />C:\WINDOWS\SYSTEM\IRMON.EXE<br />C:\WINDOWS\SYSTEM\S3APPHK.EXE<br />C:\WINDOWS\SYSTEM\STIMON.EXE<br />C:\WINDOWS\HFFEXT\HFFSRV.EXE<br />C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE<br />C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE<br />C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE<br />C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE<br />C:\WINDOWS\SYSTEM\WMIEXE.EXE<br />C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE<br />C:\WINDOWS\SYSTEM\DDHELP.EXE<br />C:\WINDOWS\SYSTEM\PSTORES.EXE<br />C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE<br /><br />O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL<br />O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\

C:\WINDOWS\Temporary Internet Files\Content.IE5\KPCF0V43\index[5].php (83 KB, 5/27/05 4:12:06 PM)
23 windows 98<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post2"> <!-- THE POST 144095 --> <div class="postcolor">Hi Pieter,<br /><br />I removed C:\WINDOWS\SYSTEM\netut80ex.vxd file and started scanning syatem with NAV. Though it showed clean, while scanning masterbiz69 window popped up. Explorer link and cinemaplugin was put on desktop <!--emo&;)--><img src='style_emoticons/default/sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /><!--endemo-->. <br /><br />Here is the latest HT log file.<br /><br />Logfile of HijackThis v1.99.1<br />Scan saved at 3:26:26 PM, on 5/27/05<br />Platform: Windows 98 SE (Win9x 4.10.2222A)<br />MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)<br /><br />Running processes:<br />C:\WINDOWS\SYSTEM\KERNEL32.DLL<br />C:\WINDOWS\SYSTEM\MSGSRV32.EXE<br />C:\WINDOWS\SYSTEM\MPREXE.EXE<br />C:\WINDOWS\SYSTEM\mmtask.tsk<br />C:\WINDOWS\SYSTEM\MSTASK.EXE<br />C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE<br />C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE<br />C:\WINDOWS\EXPLORER.EXE<br />C:\WINDOWS\TASKMON.EXE<br />C:\WINDOWS\SYSTEM\SYSTRAY.EXE<br />C:\WINDOWS\SYSTEM\IRMON.EXE<br />C:\WINDOWS\SYSTEM\S3APPHK.EXE<br />C:\WINDOWS\SYSTEM\STIMON.EXE<br />C:\WINDOWS\HFFEXT\HFFSRV.EXE<br />C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE<br />C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE<br />C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE<br />C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE<br />C:\WINDOWS\SYSTEM\WMIEXE.EXE<br />C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE<br />C:\WINDOWS\SYSTEM\DDHELP.EXE<br />C:\WINDOWS\SYSTEM\PSTORES.EXE<br />C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE<br /><br />O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL<br />O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL<br />O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll<br />O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL<br />O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll<br />O3 - Toolbar: &amp;Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX<br />O3 - Toolbar: &amp;Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL<br />O3 - Toolbar: &amp;Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll<br />O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll<br />O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun<br />O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe<br />O4 - HKLM\..\Run: [SystemTray] SysTray.Exe<br />O4 - HKLM\..\Run: [IrMon] IrMon.exe<br />O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme<br />O4 - HKLM\..\Run: [S3apphk] S3apphk.exe<br />O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup<br />O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE<br />O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe<br />O4 - HKLM\..\Run: [Encrypted Disk Auto Mount] rundll32.exe edshell.dll,MountAll<br />O4 - HKLM\..\Run: [TkBellExe] &quot;C:\Program Files\Common Files\Real\Update_OB\realsched.exe&quot; -osboot<br />O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program File

C:\WINDOWS\Temporary Internet Files\Content.IE5\TC83X1S5\index[3].php (76 KB, 5/27/05 3:33:50 PM)
23 windows 98<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post2"> <!-- THE POST 144095 --> <div class="postcolor">Hi Pieter,<br /><br />I removed C:\WINDOWS\SYSTEM\netut80ex.vxd file and started scanning syatem with NAV. Though it showed clean, while scanning masterbiz69 window popped up. Explorer link and cinemaplugin was put on desktop <!--emo&:)--><img src='style_emoticons/default/sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /><!--endemo-->. <br /><br />Here is the latest HT log file.<br /><br />Logfile of HijackThis v1.99.1<br />Scan saved at 3:26:26 PM, on 5/27/05<br />Platform: Windows 98 SE (Win9x 4.10.2222A)<br />MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)<br /><br />Running processes:<br />C:\WINDOWS\SYSTEM\KERNEL32.DLL<br />C:\WINDOWS\SYSTEM\MSGSRV32.EXE<br />C:\WINDOWS\SYSTEM\MPREXE.EXE<br />C:\WINDOWS\SYSTEM\mmtask.tsk<br />C:\WINDOWS\SYSTEM\MSTASK.EXE<br />C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE<br />C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE<br />C:\WINDOWS\EXPLORER.EXE<br />C:\WINDOWS\TASKMON.EXE<br />C:\WINDOWS\SYSTEM\SYSTRAY.EXE<br />C:\WINDOWS\SYSTEM\IRMON.EXE<br />C:\WINDOWS\SYSTEM\S3APPHK.EXE<br />C:\WINDOWS\SYSTEM\STIMON.EXE<br />C:\WINDOWS\HFFEXT\HFFSRV.EXE<br />C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE<br />C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE<br />C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE<br />C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE<br />C:\WINDOWS\SYSTEM\WMIEXE.EXE<br />C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE<br />C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE<br />C:\WINDOWS\SYSTEM\DDHELP.EXE<br />C:\WINDOWS\SYSTEM\PSTORES.EXE<br />C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE<br /><br />O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL<br />O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL<br />O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll<br />O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL<br />O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll<br />O3 - Toolbar: &amp;Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX<br />O3 - Toolbar: &amp;Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL<br />O3 - Toolbar: &amp;Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll<br />O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll<br />O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun<br />O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe<br />O4 - HKLM\..\Run: [SystemTray] SysTray.Exe<br />O4 - HKLM\..\Run: [IrMon] IrMon.exe<br />O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme<br />O4 - HKLM\..\Run: [S3apphk] S3apphk.exe<br />O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup<br />O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE<br />O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe<br />O4 - HKLM\..\Run: [Encrypted Disk Auto Mount] rundll32.exe edshell.dll,MountAll<br />O4 - HKLM\..\Run: [TkBellExe] &quot;C:\Program Files\Common Files\Real\Update_OB\realsched.exe&quot; -osboot<br />O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program File
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Those are the Temporary internet files you downloaded here.
That didn't help much.

Ah ..... hang on.
Could it be you misread the window?
I found a lot of people complaining about master69.biz

If so repeat the ransack search for master69

Regards,
  • 0

#13
jas16

jas16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hi
I checked now it puts the start page as skymasters.biz not master69.
so searching for skymasters.
Regards,
Jas
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
OK. I'll be around for a while, so no rush. :tazz:
  • 0

#15
jas16

jas16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi pieter,
i searched agn for skymasters and i got the following results
Regards,
Jas.

C:\ffastun.ffl (640 KB, 5/27/05 3:45:50 PM)
1 N\PRServe[1].html a NWINDOWS\Temporary Internet Files\Content.IE5\O5M7O1IJ\ads[4].html a NWINDOWS\Temporary Internet Files\Content.IE5\O5M7O1IJ\ads[3].html \?a NWINDOWS\Temporary Internet Files\Content.IE5\LJVVL14E\ads[1].html V NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\CA23MDGV.htmlI V NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\CA9WJ67V.htmlI G a NWINDOWS\Temporary Internet Files\Content.IE5\MLLYJ2DK\trading_stock_quote[1].htmlJ l m  RProgram Files\Common Files\Symantec Shared\VirusDefs\20050525.018\TECHNOTE.TXT V NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\login[7].htmlI W WINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\admsg[2].htmlg[2 V NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\screen2[1].html V NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\screen2[2].html V NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\search8[1].html V NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\search8[2].html V NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\search8[3].html ]b NWINDOWS\Temporary Internet Files\Content.IE5\KPCF0V43\download3045[2].html >z b NWINDOWS\Temporary Internet Files\Content.IE5\FUKB7HCH\virusstats[2].htmlxx .Lb NWINDOWS\Temporary Internet Files\Content.IE5\EX3OTOVI\spywareguard[1].html.htmlIgns\RIBBONS.POT_ 3 V NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\Static[1].htmlI V NWINDOWS\Temporary Internet Files\Content.IE5\FUKB7HCH\about[3].htmlI V NWINDOWS\Temporary Internet Files\Content.IE5\FUKB7HCH\admsg[5].htmlI K!Da NWINDOWS\Temporary Internet Files\Content.IE5\KPCF0V43\ads[2].html ma NWINDOWS\Temporary Internet Files\Content.IE5\FUKB7HCH\ads[4].html C a NWINDOWS\Temporary Internet Files\Content.IE5\EX3OTOVI\ads[1].html `ia NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\wiki[1].html r<a NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\ads[1].html fc+a NWINDOWS\Temporary Internet Files\Content.IE5\CNNRAKTX\wiki[1].html V NWINDOWS\Temporary Internet Files\Content.IE5\FUKB7HCH\CA6ZEXYH.htmlI ܚb NWINDOWS\Temporary Internet Files\Content.IE5\TC83X1S5\kephyr[1].htmlI 'k{b NWINDOWS\Temporary Internet Files\Content.IE5\FUKB7HCH\index[1].htmlI Vb NWINDOWS\Temporary Internet Files\Content.IE5\EX3OTOVI\skymasters[1].htmlxx p b NWINDOWS\Temporary Internet Files\Content.IE5\EX3OTOVI\sbdownload[1].htmlxx 4 b NWINDOWS\Temporary Internet Files\Content.IE5\CNNRAKTX\findfast[1].html 6 b NWINDOWS\Temporary Internet Files\Content.IE5\4PUJSDAN\sbversion[1].txt Ca NWINDOWS\Temporary Internet Files\Content.IE5\O5M7O1IJ\viewer[1].htmlI ?a NWINDOWS\Temporary Internet Files\Content.IE5\EX3OTOVI\login[1].htmlI @a NWINDOWS\Temporary Internet Files\Content.IE5\UHNC5CBY\splash[1].htmlI &hb NWINDOWS\Temporary Internet Files\Content.IE5\DS8391OD\download2859[1].html kb NWINDOWS\Temporary Internet Files\Content.IE5\CNZVA4H1\supportus[1].htmlxx t`a NWINDOWS\Temporary Internet Files\Content.IE5\UFYBITQB\login[1].htmlI b NWINDOWS\Temporary Internet Files\Content.IE5\81Y7O9YB\google336[1].htmlxxTb NWINDOWS\Temporary Internet Files\Content.IE5\37XFNPWW\trading_stock_quote[1].html4 a NWINDOWS\Temporary Internet Files\Content.IE5\C5I3K1YR\wiki[1].htmla NWINDOWS\Temporary Internet Files\Content.IE5\81Y7O9YB\ads[1].htmlvb NWINDOWS\Temporary Internet Files\Content.IE5\37XFNPWW\got-a-virus[1].htmlxa NWINDOWS\Temporary Internet Files\Content.IE5\UFYBITQB\comments[1].htmlA a NWINDOWS\Temporary Internet Files\Content.IE5\TZRR1TOE\notify[1].htmlI6ǹa NWINDOWS\Temporary Internet Files\Content.IE5\TC83X1S5\index[2].htmlI a NWINDOWS\Temporary Internet Files\Content.IE5\DS8391OD\trans[1].htmlI 3a NWINDOWS\Temporary Internet Files\Content.IE5\GTMN8PQB\stats[2].htmlIl m  RProgram Files\Common Files\Symantec Shared\VirusDefs\20050525.018\NCSACERT.TXT ںa NWINDOWS\Temporary Internet Files\Content.IE5\GTMN8PQB\download[1].html a NWINDOWS\Temporary Internet Files\Content.IE5\TZRR1TOE\03[1].htmlN a NWINDOWS\Temporary Internet Files\Content.IE5\LJVVL14E\04[1].htmlTm a NWINDOWS\Temporary Internet Files\Content.IE5\FUKB7HCH\02[1].html8 a NWINDOWS\Temporary Internet Files\Content.IE5\EX3OTOVI\01[1].html a NWINDOWS\Temporary Internet Files\Content.IE5\DS8391OD\0001[1].html a NWINDOWS\Temporary Internet Files\Content.IE5\37XFNPWW\05[1].htmlJĹa NWINDOWS\Temporary Internet Files\Content.IE5\GTMN8PQB\default[1].html 2a NWINDOWS\Temporary Internet Files\Content.IE5\DS8391OD\admsg[2].htmlIg}ya NWINDOWS\Temporary Internet Files\Content.IE5\DS8391OD\CAL8EPPZ.htmlI9u1a NWINDOWS\Temporary

C:\WINDOWS\USER.DAT (849 KB, 5/27/05 5:12:40 PM)
0 URL8 )2(0U My Yahoo!.urlMYYAHO~1.URL<-2vw2+ Windows Media.urlWINDOW~2.URL<.2vv24 Windows Update.urlWINDOW~1.URL4&2qw2+ Windows.urlWINDOWS.URL>02Ѳ02 Yahoo! Bookmarks.urlYAHOO!~1.URL:+2̲0 W Yahoo! Mail.urlYAHOO!~2.URL2$2̲0 W Yahoo!.urlYAHOO!.URL{User REGTYPE1 SALUTmr FNAMEsaj LNAMEa NAMEsaj a COMPANlid INDIV0ttAdobe JOrder B6'121 Photoshop 6.0PHOTOS~1.0nB.current C:\WINDOWS\media\start.wav ffma .savedC:\WINDOWS\media\start.wav TypedURLs u url1http://www.geek.com url2http://mail.yahoo.com/ u url3mail.yahoo.como.com url25http://www.sikhnet.com/ url25http://www.sikhnet.com/n url25http://www.sikhnet.com/ n url25http://www.sikhnet.com/n url25http://www.sikhnet.com/ url25http://www.sikhnet.com/ url25http://www.sikhnet.com/ url25http://www.sikhnet.com/.com n url25http://www.sikhnet.com/n url25http://www.sikhnet.com/n url25http://www.sikhnet.com/n url25http://www.sikhnet.com/url25http://www.sikhnet.com/om n url25http://www.sikhnet.com/om n url25http://www.sikhnet.com/om n url25http://www.sikhnet.com/n url25http://www.sikhnet.com/m n url25http://www.sikhnet.com/n url25http://www.sikhnet.com/ n url25http://www.sikhnet.com/n url25http://www.sikhnet.com/n url25http://www.sikhnet.com///com/nard_martinez58tinez58z58//mmm.comotmail.comminijairajjj/minijairajjjmmr.commm/.com/itr.com//om//Screenshots.htmlenshots.htmllScreenshots.htmln/can/reso.aspso.aspmn url25http://www.google.comasp)InstallLocationsMRU om aG:\win98\ MRUListacedb bf:\WIN98 cf:\WIN98\ dE:\win98\ s eG:\n98\ s eG:\p&{8646D2C0-9ACA-11D9-B59F-B69B83CCD371} UsernameMain Identity &User ID{8646D2C0-9ACA-11D9-B59F-B69B83CCD371} Directory NameF tp:/ Identity Ordinal u Attachment PathA:\Phadnis;General TileWallpaper0 WallpaperStyle0 Wallpaper BackupWallpaper WallpaperFileTimer WallpaperFileTimem WallpaperFileTimeUTURLSearchHooks &{CFBFAE00-17A6-11D0-99CB-00C04FD64497}}gSettings OpenDirD:\Waqt - Part 1.avier.11.2003.XXX.DVDRip.DivX-xDMNx.avi Main Anchor Underlineyes Cache_Update_FrequencyOnce_Per_Session Display Inline Imagesyes Do404Search Local PageC:\WINDOWS\SYSTEM\blank.htm Save_Session_History_On_Exitno Show_FullURLno Show_StatusBaryes Show_ToolBaryes Show_URLinStatusBaryes Show_URLToolBaryes Start Pagewww.skymasters.biz?1462 Use_DlgBox_Colorsyes ;Search Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch CU,A Show_ChannelBandno www. FullScreenno LastCheckedHiM_ /www ,Window_Placement, "Error Dlg Displayed On Every Errorno Error Dlg Details Pane Openno rch Disable Script Debuggeryes CS Use FormSuggestno tact FormSuggest PW Askno NotifyDownloadCompleteyes / AddToFavoritesExpanded AutoSearch pi/r concЖBr concЖB conceBKFirst Home Pagehttp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b12Hsearchhtg.com * 2searchinn.com * 2sesupport.com * Display Inline Imagesyes Do404Search Local PageC:\WINDOWS\SYSTEM\blank.htm Save_Session_History_On_Exitno Show_FullURLno Show_StatusBaryes Show_ToolBaryes Show_URLinStatusBaryes Show_URLToolBaryes Start Pageabout:blank Use_DlgBox_Colorsyes ;Search Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch CU,A Show_ChannelBandno www. FullScreenno LastCheckedHiM_ /www ,Window_Placement, "Error Dlg Displayed On Every Errorno Error Dlg Details Pane Openno rch Disable Script Debuggeryes CS Use FormSuggestno tact FormSuggest PW Askno NotifyDownloadCompleteyes / AddToFavoritesExpanded AutoSearch pi/r concЖB concЖBr concЖB conceBKFirst Home Pagehttp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1 1A10 |Ph :9Oy "qM2#0|j* @r5 ?]r$ %]L5 Hz#4qM:1 Vr; .]L* uS ; @r$ &]L6 uS 1! Oy * @r4 0 AD ;:Vz 3 uS ?2 Oy % ]L, uS 0? Oy >2@R', 2Hz'# qM$ 2@R"8 4Hz4 ?(@R# &<Vz/.2 |j 3 qM % ]L5 <Vz%-, |j517 uS ;% Oy 5qr$ &<Vz;/? !A{[#'<|j* <qM ,0|j > @R?8 mM ',uS 1!uS !' Oy - uS 8! uS ' ]L6 :Vr4 &<Vz?28 |j > ]L5 aT) "() ^Eg 0 Vz 7 @r% 9]L8 Vz:.-Oy : Vz;.=Oy <2@R2$ 2Hz ( qM# 22@R>9 2Hz7 <(@R2 ?<Vz1%= |j ' qM $ 6 Vvt ! @R#( mM 4+uS 8!AD ,uS "qM ' @R#( :Vz?28 |j9 "2@R?8 2uS >! Oy ) @r% 9 uS 8! Oy 9 uS >! n |Ph :9Oy <uS - Vz1%=Oy 2qM$3;|j? %@r4 & AD 1:Vz > uS 11 Oy $ ]L) uS -& Oy "(@R?8 4Hz" f DsA "*A: !-BsA "*A $ O-[S^5 "u' "f |Ph:;4O O-[S^5 "H -n hJD?-1m5 3f!A{[ 8 @:1) !A{[#'<| ? O-[S^5 "u$ &6 Vvt> @ $ ) |Ph;%;O 1 |Ph;%;u! "f DOV V > )!A{[$91| 2f DOV 2a6 O-[S^6 H & n hJ|! &]$? n hJD>7 m+ >f DOV V !'( gk_ !*u! :6!A{[<>?| - 0!A{[<> V $ ) ^Eg &u' <n hJD&6 m ' ) ^Eg ?1I= %f DOV 8u; O-[sA ;-A, O-[S^. H ! ) ^Eg &q>>; (tNh*) V >#n hJD!, m; n hJD! >u! <6 Vvt ; V 8 O-[S^/ u ,6 Vvt( !@ ' ) ^Eg 5 V 3f |Ph :9O 4f DOV 0u5 86 Vvt ; @/ 1 9_{B >q;/ O-[S^ 9t RGDBn '.ExCr''InfraredInterrupt
148 sbjr.com * - sbnl.com * -:sbnt.com * -gsbvr.com * -scbm.com * -tbvg.com * -tdak.com * - tdko.com * -Htefs.com * -utfil.com * -torc.com * -Ϙwbkb.com * -aavc.com * -)acjp.com * -Vtjar.com * -tjaw.com * -tjdo.com * -ݙtjem.com * - tjgo.com * -7wabu.com * -dwabq.com * UU000 Type aavc Logic Flagsnn000 Type Flags ValueType Value //Actions Order000ggFFB NameHide Read Messages Enabled VersionU U000 Mess Type Logic Flags//Actions Order000mmFFC NameShow Downloaded Messages Enabled , VersionrrFFF NameHide Read or Ignored Messages Enabled Versiont SearchHistory t00all media fixer pro t01pdf creator t02pdf creater t03pdf factory t04spybot t05slotchbar t06findfast t07sidefind t08180search assistant t09power scan t10IPC games t11internet tv t12watch tv pro Enabled , Version..---........000///0001101100000022000/////00111111111F F F F F F G G G H J I I H I J J RGDB O MUHU000 Type Logic Flags0G0Criteria Order000nJn000 Type Flags ValueType Value /I/Actions Order000fFfFFA NameShow All Messages Enabled VersionLL0Criteria Order000000 Type PK0Criteria Order000000 Mess Type ''Domains &&Ranges Components DeskHtmlVersion DeskHtmlMinorVersion Settings GeneralFlagst t SearchHistory t00all media fixer pro t01pdf creator t02pdf creater t03pdf factory t04spybot t05slotchbar t06findfast t07sidefind t08180search assistant t09power scan t10IPC games t11internet tv t12watch tv pro)) Agent_EXE !!Agent Ransack!!RecentFolders Settings Options MatchFilenameCase MatchContentsCase AutoConvertToDos TreatContentsAsRegExp ExcludeFilename OnePhaseSearch EOLUnix EOLMac""RecentFileName9 ^ Window Settings NameColWidth LocationColWidth SizeColWidthF TypeColWidth ModifiedColWidth Frame_Maximized FrameWidth FrameHeight Frame_XX Frame_YX redfunny.com((www * ""skymasters.biz((www * ##archiviosex.net((www * . . Agent Ransack Order <-2 2cX Agent Ransack.lnkAGENTR~1.LNK. 2 2cX Help.lnkHELP.LNK8)2 2cX HTML Help.lnkHTMLHE~1.LNKF72 2cX Uninstall Agent Ransack.lnkUNINST~1.LNK$$Recent File ListQQRecentContains om 1skymasters 1028 2masterbiz69V V Window Settings NameColWidth LocationColWidth SizeColWidthF TypeColWidth ModifiedColWidth Frame_Maximized FrameWidth FrameHeight Frame_XX Frame_YX.FileListWidth8 * /E whazit.com * 3s wildarcade.com * 5 playminigolf.com * 1 xtrocash.org * V host.sk- xtrocash * 0; xupiter.com * 1 xjupiter.com * 3 xxxtoolbar.com * - zedo.com * 2 zestyfind.com * 3D dialerzona.com * 3v zonadialer.com * UHU000 Type Logic Flags0G0Criteria Order000nJn000 Type Flags ValueType Value /I/Actions Order000fFfFFA NameShow All Messages Enabled VersionLL0Criteria Order000000 Type PK0Criteria Order000000 Mess Type

C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat (8272 KB, 5/27/05 4:05:42 PM)
15089 URL cb p `hA2IJ 2IJ http://www.skymaster...?1462skymasters[1].htmlHTTP/1.1 200 OK

C:\WINDOWS\Temporary Internet Files\Content.IE5\81Y7O9YB\Help_needed_in_IE_highjack_and_Malware-t29018[2].html (124 KB, 5/27/05 5:08:46 PM)
C:\WINDOWS\Temporary Internet Files\Content.IE5\EX3OTOVI\index[3].php (64 KB, 5/27/05 1:31:56 PM)
17 />O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE<br />O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE<br />O8 - Extra context menu item: &amp;Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm<br />O8 - Extra context menu item: Yahoo! &amp;Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: Yahoo! &amp;Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: &amp;Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html<br />O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html<br />O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html<br />O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html<br />O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html<br />O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O9 - Extra 'Tools' menuitem: Show &amp;Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra button: - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)<br />O15 - Trusted Zone: www.master69.biz<br />O15 - Trusted Zone: www.sgrunt.biz<br />O15 - Trusted Zone: www.yeak.net<br />O15 - Trusted Zone: www.redfunny.com<br />O15 - Trusted Zone: www.skymasters.biz<br />O15 - Trusted Zone: www.archiviosex.net<br />O15 - Trusted Zone: <a href='http://ny.contentmatch.net' target='_blank'>http://ny.contentmatch.net</a> (HKLM)<br />O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - <a href='http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab' target='_blank'>http://a840.g.akamai...an53.cab</a><br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = x<br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,202.63.164.17<br /><br />Thanks,<br /><br />Jas <!--IBF.ATTACHMENT_142313--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_offline.gif' border='0' alt='User is offline' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=56776','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...MID=56776"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="http://www.geekstogo...3&#38;st="><img src='style_images/1/p_edit.gif' border='0' alt='Edit Post' /></a><a href="#" onclick="multiquote_add(142313); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_142313" alt="+" /></a><a href="http://www.geekstogo...38;qpid=142313" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 142324--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry142324"></a><span class="normalname"><a href='http://www.geekstogo.co

C:\WINDOWS\Temporary Internet Files\Content.IE5\4PUJSDAN\index[2].php (36 KB, 5/26/05 4:57:20 PM)
17 />O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE<br />O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE<br />O8 - Extra context menu item: &amp;Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm<br />O8 - Extra context menu item: Yahoo! &amp;Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: Yahoo! &amp;Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: &amp;Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html<br />O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html<br />O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html<br />O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html<br />O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html<br />O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O9 - Extra 'Tools' menuitem: Show &amp;Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra button: - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)<br />O15 - Trusted Zone: www.master69.biz<br />O15 - Trusted Zone: www.sgrunt.biz<br />O15 - Trusted Zone: www.yeak.net<br />O15 - Trusted Zone: www.redfunny.com<br />O15 - Trusted Zone: www.skymasters.biz<br />O15 - Trusted Zone: www.archiviosex.net<br />O15 - Trusted Zone: <a href='http://ny.contentmatch.net' target='_blank'>http://ny.contentmatch.net</a> (HKLM)<br />O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - <a href='http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab' target='_blank'>http://a840.g.akamai...an53.cab</a><br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = x<br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,202.63.164.17<br /><br />Thanks,<br /><br />Jas <!--IBF.ATTACHMENT_142313--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=56776','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...MID=56776"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="http://www.geekstogo...3&#38;st="><img src='style_images/1/p_edit.gif' border='0' alt='Edit Post' /></a><a href="#" onclick="multiquote_add(142313); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_142313" alt="+" /></a><a href="http://www.geekstogo...38;qpid=142313" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!-- END TABLE --><!-- TABLE FOOTER --> <div class="barc"> <div style="float: right; padding: 5px 5px 0 0;"><a href="http://www.geekstogo...8&#38;view=old" st

C:\WINDOWS\Temporary Internet Files\Content.IE5\KPCF0V43\index[5].php (83 KB, 5/27/05 4:12:06 PM)
17 />O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE<br />O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE<br />O8 - Extra context menu item: &amp;Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm<br />O8 - Extra context menu item: Yahoo! &amp;Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: Yahoo! &amp;Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: &amp;Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html<br />O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html<br />O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html<br />O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html<br />O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html<br />O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O9 - Extra 'Tools' menuitem: Show &amp;Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra button: - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)<br />O15 - Trusted Zone: www.master69.biz<br />O15 - Trusted Zone: www.sgrunt.biz<br />O15 - Trusted Zone: www.yeak.net<br />O15 - Trusted Zone: www.redfunny.com<br />O15 - Trusted Zone: www.skymasters.biz<br />O15 - Trusted Zone: www.archiviosex.net<br />O15 - Trusted Zone: <a href='http://ny.contentmatch.net' target='_blank'>http://ny.contentmatch.net</a> (HKLM)<br />O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - <a href='http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab' target='_blank'>http://a840.g.akamai...an53.cab</a><br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = x<br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,202.63.164.17<br /><br />Thanks,<br /><br />Jas <!--IBF.ATTACHMENT_142313--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=56776','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...MID=56776"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="http://www.geekstogo...&#38;st=0"><img src='style_images/1/p_edit.gif' border='0' alt='Edit Post' /></a><a href="#" onclick="multiquote_add(142313); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_142313" alt="+" /></a><a href="http://www.geekstogo...38;qpid=142313" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 142324--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry142324"></a><span class="normalname"><a href='http://www.geekstogo.co
23 mon Files\Symantec Shared\Script Blocking\SBServ.exe&quot; -reg<br />O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet<br />O4 - HKCU\..\Run: [Multi Desktop 3.00] C:\PROGRAM FILES\MULTI DESKTOP\MULTIDESK.EXE<br />O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe<br />O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE<br />O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE<br />O8 - Extra context menu item: &amp;Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm<br />O8 - Extra context menu item: Yahoo! &amp;Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: Yahoo! &amp;Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: &amp;Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html<br />O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html<br />O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html<br />O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html<br />O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html<br />O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O15 - Trusted Zone: www.redfunny.com<br />O15 - Trusted Zone: www.skymasters.biz<br />O15 - Trusted Zone: www.archiviosex.net<br />O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - <a href='http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab' target='_blank'>http://a840.g.akamai...an53.cab</a><br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = x<br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,202.63.164.17<br /><br />Regards<br />Jas <!--IBF.ATTACHMENT_144095--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=56776','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...MID=56776"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="http://www.geekstogo...&#38;st=0"><img src='style_images/1/p_edit.gif' border='0' alt='Edit Post' /></a><a href="#" onclick="multiquote_add(144095); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_144095" alt="+" /></a><a href="http://www.geekstogo...38;qpid=144095" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 144098--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry144098"></a><span class="normalname"><a href='http://www.geekstogo.com/forum/Metallica-m7027.html'>Metallica</a></span></td> <td class="row2" valign="top" width="99%"> <!-- POSTED DATE D

C:\WINDOWS\Temporary Internet Files\Content.IE5\TC83X1S5\index[3].php (76 KB, 5/27/05 3:33:50 PM)
17 />O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE<br />O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE<br />O8 - Extra context menu item: &amp;Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm<br />O8 - Extra context menu item: Yahoo! &amp;Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: Yahoo! &amp;Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: &amp;Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html<br />O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html<br />O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html<br />O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html<br />O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html<br />O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O9 - Extra 'Tools' menuitem: Show &amp;Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra button: - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)<br />O15 - Trusted Zone: www.master69.biz<br />O15 - Trusted Zone: www.sgrunt.biz<br />O15 - Trusted Zone: www.yeak.net<br />O15 - Trusted Zone: www.redfunny.com<br />O15 - Trusted Zone: www.skymasters.biz<br />O15 - Trusted Zone: www.archiviosex.net<br />O15 - Trusted Zone: <a href='http://ny.contentmatch.net' target='_blank'>http://ny.contentmatch.net</a> (HKLM)<br />O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - <a href='http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab' target='_blank'>http://a840.g.akamai...an53.cab</a><br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = x<br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,202.63.164.17<br /><br />Thanks,<br /><br />Jas <!--IBF.ATTACHMENT_142313--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=56776','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...MID=56776"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="http://www.geekstogo...&#38;st=0"><img src='style_images/1/p_edit.gif' border='0' alt='Edit Post' /></a><a href="#" onclick="multiquote_add(142313); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_142313" alt="+" /></a><a href="http://www.geekstogo...38;qpid=142313" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 142324--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry142324"></a><span class="normalname"><a href='http://www.geekstogo.co
23 mon Files\Symantec Shared\Script Blocking\SBServ.exe&quot; -reg<br />O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet<br />O4 - HKCU\..\Run: [Multi Desktop 3.00] C:\PROGRAM FILES\MULTI DESKTOP\MULTIDESK.EXE<br />O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe<br />O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE<br />O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE<br />O8 - Extra context menu item: &amp;Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm<br />O8 - Extra context menu item: Yahoo! &amp;Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: Yahoo! &amp;Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: &amp;Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html<br />O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html<br />O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html<br />O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html<br />O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html<br />O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O15 - Trusted Zone: www.redfunny.com<br />O15 - Trusted Zone: www.skymasters.biz<br />O15 - Trusted Zone: www.archiviosex.net<br />O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - <a href='http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab' target='_blank'>http://a840.g.akamai...an53.cab</a><br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = x<br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,202.63.164.17<br /><br />Regards<br />Jas <!--IBF.ATTACHMENT_144095--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=56776','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...MID=56776"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="http://www.geekstogo...&#38;st=0"><img src='style_images/1/p_edit.gif' border='0' alt='Edit Post' /></a><a href="#" onclick="multiquote_add(144095); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_144095" alt="+" /></a><a href="http://www.geekstogo...38;qpid=144095" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!-- END TABLE --><!-- TABLE FOOTER --> <div class="barc"> <div style="float: right; padding: 5px 5px 0 0;"><a href="http://www.geekstogo...8&#38;view=old" style='text-decoration:none'>&laquo; Next Oldest</a> &middot; <a href="http://www.geekstogo...re_Removal_HiJa

C:\WINDOWS\Temporary Internet Files\Content.IE5\TC83X1S5\index[4].php (121 KB, 5/27/05 4:58:00 PM)
17 />O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE<br />O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE<br />O8 - Extra context menu item: &amp;Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm<br />O8 - Extra context menu item: Yahoo! &amp;Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: Yahoo! &amp;Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: &amp;Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html<br />O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html<br />O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html<br />O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html<br />O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html<br />O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O9 - Extra 'Tools' menuitem: Show &amp;Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br />O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra button: - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (no file)<br />O15 - Trusted Zone: www.master69.biz<br />O15 - Trusted Zone: www.sgrunt.biz<br />O15 - Trusted Zone: www.yeak.net<br />O15 - Trusted Zone: www.redfunny.com<br />O15 - Trusted Zone: www.skymasters.biz<br />O15 - Trusted Zone: www.archiviosex.net<br />O15 - Trusted Zone: <a href='http://ny.contentmatch.net' target='_blank'>http://ny.contentmatch.net</a> (HKLM)<br />O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - <a href='http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab' target='_blank'>http://a840.g.akamai...an53.cab</a><br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = x<br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,202.63.164.17<br /><br />Thanks,<br /><br />Jas <!--IBF.ATTACHMENT_142313--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=56776','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...MID=56776"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="http://www.geekstogo...&#38;st=0"><img src='style_images/1/p_edit.gif' border='0' alt='Edit Post' /></a><a href="#" onclick="multiquote_add(142313); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_142313" alt="+" /></a><a href="http://www.geekstogo...38;qpid=142313" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 142324--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry142324"></a><span class="normalname"><a href='http://www.geekstogo.co
23 mon Files\Symantec Shared\Script Blocking\SBServ.exe&quot; -reg<br />O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet<br />O4 - HKCU\..\Run: [Multi Desktop 3.00] C:\PROGRAM FILES\MULTI DESKTOP\MULTIDESK.EXE<br />O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe<br />O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE<br />O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE<br />O8 - Extra context menu item: &amp;Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm<br />O8 - Extra context menu item: Yahoo! &amp;Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: Yahoo! &amp;Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm<br />O8 - Extra context menu item: &amp;Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html<br />O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html<br />O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html<br />O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html<br />O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html<br />O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O15 - Trusted Zone: www.redfunny.com<br />O15 - Trusted Zone: www.skymasters.biz<br />O15 - Trusted Zone: www.archiviosex.net<br />O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - <a href='http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab' target='_blank'>http://a840.g.akamai...an53.cab</a><br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = x<br />O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1,202.63.164.17<br /><br />Regards<br />Jas <!--IBF.ATTACHMENT_144095--></div> <!-- THE POST --> </td> </tr> <tr> <td class="formbuttonrow" nowrap="nowrap"> <div style='text-align:left'><img src='style_images/1/p_online.gif' border='0' alt='User is online!' /><a href="java script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&amp;CODE=showcard&amp;MID=56776','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="http://www.geekstogo...MID=56776"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="http://www.geekstogo...&#38;st=0"><img src='style_images/1/p_edit.gif' border='0' alt='Edit Post' /></a><a href="#" onclick="multiquote_add(144095); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_144095" alt="+" /></a><a href="http://www.geekstogo...DE=02&#38;f=37
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP