Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MSN Explorer


  • Please log in to reply

#1
happy1ncali

happy1ncali

    New Member

  • Member
  • Pip
  • 7 posts
Hello! I'm new to this service and have already found it of much help. Please see if you can help with this issue since MSN and Verizon can't seem to help.

I have DSL w/ Verizon and I am using MSN Explorer and most webpages load just fine but a few only load half pages, or 1/4 of a page. I have to hit the "reload" or "Go" button 1-15 times to get an entire page loaded. It's really annoying. The main pages I have problems with are Ebay and Travel websites like Hotwire, priceline etc....

I also am unable to use IE at all, it loads, shows for a few seconds and then disapears.

I have seen from browsing your site that you usually like to have people post a log, so I'll try to do that too.

Here is the log, I got an error when I used it, It said Error #5 but It still scan, please let me know if I need to scan again.

Thanks in advance....

Logfile of HijackThis v1.98.2
Scan saved at 10:38:55 PM, on 9/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\SuperBar\sbhc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\RCPrograms\RCSync.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\ClearSearch\Loader.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\BTV\btv.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\Program Files\ClearSearch\csAOLldr.exe
C:\WINDOWS\System32\olbdld.exe
C:\WINDOWS\System32\ossproxy.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\COMMON~1\tsa\tsm.exe
C:\PROGRA~1\COMMON~1\tsa\ts.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\WCG\Desktop\modules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.smarter.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.smarter.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\gig.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SuperBar - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: BRedObj Class - {63CF97E8-4133-438a-A831-CC9C6D47D673} - c:\Program Files\Reg2\Reg2.dll
O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - (no file)
O2 - BHO: BRedObj Class - {7371F073-AC0F-4b80-BB2F-96A488CEFB32} - c:\Program Files\Xmod\xm320.dll
O2 - BHO: (no name) - {853EF100-44B3-49AD-8D8B-0D99225CFB7E} - C:\WINDOWS\System32\loadrperf.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: CSObj Class - {CD209A08-98B5-4669-AF9F-447AC5253356} - C:\WINDOWS\System32\CSapp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: SuperBar - {8F575865-8297-4139-8DEF-695B758840F0} - C:\Program Files\SuperBar\SuperBar.Dll
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrizeSurfer] C:\Program Files\RCPrograms\v2\prizesurfer.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\DOCUME~1\WCG\LOCALS~1\Temp\g181511.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [BTV] C:\Program Files\BTV\btv.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\breg.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [rzlvlfktg] C:\WINDOWS\System32\olbdld.exe
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\System32\ossproxy.exe -boot
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\tsm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Web Savings - file://C:\Program Files\websearch\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {22536211-E807-49CD-A24E-A903AF91FEB1} (nsBrowserConfig Class 2) - https://www.opinions...ngc_activex.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresear...ia/OTXMedia.dll
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\WCG\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn2.adsdk.co...r1132031209.EXE
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup151.cab
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
You have a lot of malware on your system. Have you run Ad-aware?

Download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
  • Automatically save log-file
  • Automatically quarantine objects prior to removal
  • Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
  • Scan Within Archives
  • Scan Active Processes
  • Scan Registry
  • Deep Scan Registry
  • Scan my IE favorites for banned URL’s
  • Scan my Hosts file
  • Under Click here to select drives + folders, choose:
  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.

Post a fresh log so we can remove anything that's left. <_<
  • 0

#3
happy1ncali

happy1ncali

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I downloaded an used ad-aware and after I used it, I was unable to connect to the internet. I deleted all that was found, ton's of files, like you said to do, and after restart, I couldn't connect to the internet at all. I restored my system to an earlier date and that corrected the problem. I am posting the log from the ad-aware scan. Maybe you can help.

Thanks

ArchiveData(auto-quarantine- 03-09-2004 21-20-33.bckp)
======================================================

WEBHANCER
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[0]=LSP : webHancer MSAFD Tcpip [TCP/IP] (c:\windows\webhdll.dll)
obj[1]=LSP : webHancer MSAFD Tcpip [TCP/IP] (c:\windows\webhdll.dll)
obj[2]=LSP : webHancer MSAFD Tcpip [UDP/IP] (c:\windows\webhdll.dll)
obj[3]=LSP : webHancer MSAFD Tcpip [UDP/IP] (c:\windows\webhdll.dll)
obj[4]=LSP : webHancer (c:\windows\webhdll.dll)
obj[5]=LSP : webHancer (c:\windows\webhdll.dll)
obj[18]=Folder : c:\program files\webHancer
obj[52]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[55]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[157]=RegKey : CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}
obj[158]=RegKey : Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}
obj[159]=RegKey : Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
obj[160]=RegKey : Software\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent
obj[161]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whSurvey
obj[162]=RegKey : Software\webHancer
obj[163]=RegKey : TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}
obj[164]=RegKey : WhIeHelperObj.WhIeHelperObj
obj[165]=RegKey : WhIeHelperObj.WhIeHelperObj.1
obj[200]=File : c:\windows\webhdll.dll
obj[273]=File : c:\documents and settings\justin steele\local settings\temp\whcc-grokster.exe
obj[353]=File : c:\program files\webhancer\programs\wbhshare.dll
obj[354]=File : c:\program files\webhancer\programs\whagent.ini
obj[355]=File : c:\program files\webhancer\programs\whiehlpr.dll
obj[356]=File : c:\program files\webhancer\programs\whieshm.dll
obj[366]=File : c:\windows\lastgood\webhdll.dll
obj[367]=File : c:\windows\lastgood\whagent.inf
obj[368]=File : c:\windows\lastgood\whinstaller.exe
obj[386]=File : c:\windows\webhdll.dll
obj[387]=File : c:\windows\whagent.inf
obj[388]=File : c:\windows\whinstaller.exe
obj[389]=File : c:\windows\whinstaller.ini
obj[392]=File : c:\program files\webhancer\programs\sporder.dll
obj[393]=File : c:\program files\webhancer\programs\whsurvey.ini

EUNIVERSE
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[14]=Folder : C:\Program Files\Common Files\KeenValue
obj[194]=RegKey : SOFTWARE\{F08555AF-9CC3-11D2-AA8E-000000000000}
obj[348]=File : c:\program files\common files\keenvalue\mapping.xml
obj[349]=File : c:\program files\common files\keenvalue\mapping.zip
obj[474]=File : c:\program files\common files\keenvalue\kv099.dat
obj[475]=File : c:\program files\common files\keenvalue\mapping.zip

SPYWARENUKER
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[15]=Folder : C:\Program Files\Trek Blue\Spyware Nuker
obj[16]=Folder : C:\Program Files\Trek Blue
obj[147]=RegKey : Software\VB and VBA Program Settings\SPYWARE NUKER
obj[465]=File : c:\program files\trek blue\spyware nuker

GIGATECH SUPERBAR
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[17]=Folder : C:\SuperBar Files
obj[19]=Folder : c:\program files\SuperBar
obj[20]=Folder : c:\\SuperBar Files
obj[46]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[53]=RegValue : SOFTWARE\Microsoft\Internet Explorer\Toolbar
obj[91]=RegKey : CLSID\{136A9D1D-1F4B-43D4-8359-6F2382449255}
obj[92]=RegKey : CLSID\{49C3014F-03ED-4634-9FB2-2881F2C7A057}
obj[93]=RegKey : CLSID\{4F9D4163-23F0-42E1-AFDA-4C1A6F8607E7}
obj[94]=RegKey : CLSID\{CF1E49B3-24A6-4B17-94BE-C25102E3BF04}
obj[95]=RegKey : CLSID\{D7F2FD62-6C1B-4B52-85B1-F65A414BF050}
obj[96]=RegKey : CLSID\{E5DFB380-3988-4C07-8AFB-8A47769D9DB5}
obj[97]=RegKey : Interface\{9D1B86C7-1B93-4586-9009-EA3BD0AD63A5}
obj[98]=RegKey : Interface\{B8AFA251-4EFB-4703-87D4-DA7D2435BA5E}
obj[99]=RegKey : Interface\{DF7D760C-B7E2-4735-BB77-F5A1A9745E16}
obj[100]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{136A9D1D-1F4B-43D4-8359-6F2382449255}
obj[101]=RegKey : SOFTWARE\superbar
obj[102]=RegKey : SOFTWARE\superbar
obj[103]=RegKey : SuperBar.Component
obj[104]=RegKey : SuperBarBHO.Component
obj[105]=RegKey : SuperBarBL.Component
obj[106]=RegKey : SuperBarCWS.Component
obj[107]=RegKey : SuperBarExts.SaveDataInterface
obj[108]=RegKey : SuperBarExts.UserProfileInterface
obj[109]=RegKey : SuperBarSE.Component
obj[110]=RegKey : TypeLib\{60F8FB2A-9915-4202-967D-1FA694A8BCF5}
obj[168]=RegKey : CLSID\{8F575865-8297-4139-8DEF-695B758840F0}
obj[196]=File : c:\program files\superbar\superbar.dll
obj[352]=File : c:\program files\superbar\superbarexts.dll
obj[394]=File : c:\program files\superbar\settings.cfg
obj[395]=File : c:\superbar files\updates

RCPROGRAMS
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[21]=Folder : c:\program files\RCPrograms
obj[22]=Folder : c:\program files\rcprograms\v2
obj[49]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[50]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[143]=RegKey : Affiliator2.Application
obj[144]=RegKey : CLSID\{3538C791-1E71-43E8-A547-8ECDEE52CF8D}
obj[145]=RegKey : SOFTWARE\RCPrograms
obj[396]=File : c:\program files\rcprograms\v2

PROMULGATE
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[23]=Folder : c:\documents and settings\all users\application data\Dpi
obj[48]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[57]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[172]=RegKey : SOFTWARE\Dpi
obj[397]=File : c:\docume~1\wcg\locals~1\temp\~mysetup.exe
obj[398]=File : c:\documents and settings\all users\application data\dpi\dirdpi.inf
obj[399]=File : c:\documents and settings\all users\application data\dpi\dpi.inf
obj[400]=File : c:\documents and settings\all users\application data\dpi\dpih.inf

CLEARSEARCH
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[24]=Folder : c:\program files\ClearSearch
obj[25]=Folder : c:\docume~1\wcg\locals~1\temp\ClrSch
obj[42]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[69]=RegKey : CLSID\{00000000-0000-0000-0000-000000000221}
obj[70]=RegKey : csie.csiecore
obj[71]=RegKey : csie.csiecore.1
obj[72]=RegKey : SOFTWARE\CLRSCH
obj[73]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000221}
obj[74]=RegKey : TYPELIB\{60494593-5408-447d-bd5e-a16640d6af99}
obj[343]=File : c:\program files\clearsearch\bi.dll
obj[344]=File : c:\program files\clearsearch\clrschieplugin.dll
obj[345]=File : c:\program files\clearsearch\csbiinst.dll
obj[346]=File : c:\program files\clearsearch\ss.dll
obj[371]=File : c:\windows\system32\clrschp012.exe
obj[401]=File : c:\program files\clearsearch\a_clearsearch.dll
obj[402]=File : c:\program files\clearsearch\control.dat
obj[403]=File : c:\program files\clearsearch\csaolinst.dll
obj[404]=File : c:\program files\clearsearch\csaolldr.exe
obj[405]=File : c:\program files\clearsearch\csbi.dll
obj[406]=File : c:\program files\clearsearch\csie.dll
obj[407]=File : c:\program files\clearsearch\csieinst.dll
obj[408]=File : c:\program files\clearsearch\csie_checks.dat
obj[409]=File : c:\program files\clearsearch\csie_dictionary.dat
obj[410]=File : c:\program files\clearsearch\csie_edomains.dat
obj[411]=File : c:\program files\clearsearch\csie_idomainsd.dat
obj[412]=File : c:\program files\clearsearch\csie_mpu_patterns.dat
obj[413]=File : c:\program files\clearsearch\csie_mpu_rules.dat
obj[414]=File : c:\program files\clearsearch\csie_patterns.dat
obj[415]=File : c:\program files\clearsearch\csie_ron_campaigns.dat
obj[416]=File : c:\program files\clearsearch\csie_ron_rules.dat
obj[417]=File : c:\program files\clearsearch\csie_rules.dat
obj[418]=File : c:\program files\clearsearch\csie_sbday
obj[419]=File : c:\program files\clearsearch\csie_sbhour
obj[420]=File : c:\program files\clearsearch\csie_srchrule.dat
obj[421]=File : c:\program files\clearsearch\csie_ss_edomains.dat
obj[422]=File : c:\program files\clearsearch\csie_ss_idomainsd.dat
obj[423]=File : c:\program files\clearsearch\csie_ss_rules.dat
obj[424]=File : c:\program files\clearsearch\csie_tsb_campaigns.dat
obj[425]=File : c:\program files\clearsearch\csie_tsb_edomains.dat
obj[426]=File : c:\program files\clearsearch\csie_tsb_patterns.dat
obj[427]=File : c:\program files\clearsearch\csie_tsb_rules.dat
obj[428]=File : c:\program files\clearsearch\csie_usb_campaigns.dat
obj[429]=File : c:\program files\clearsearch\csie_usb_patterns.dat
obj[430]=File : c:\program files\clearsearch\csie_usb_rules.dat
obj[431]=File : c:\program files\clearsearch\csie_usb_sbday.dat
obj[432]=File : c:\program files\clearsearch\csie_usb_sbhour.dat
obj[433]=File : c:\program files\clearsearch\cssb.dll
obj[434]=File : c:\program files\clearsearch\csss.dll
obj[435]=File : c:\program files\clearsearch\csssinst.dll
obj[436]=File : c:\program files\clearsearch\cstminst.dll
obj[437]=File : c:\program files\clearsearch\cstvinst.dll
obj[438]=File : c:\program files\clearsearch\cszt.dll
obj[439]=File : c:\program files\clearsearch\fnuninstaller.exe
obj[440]=File : c:\docume~1\wcg\locals~1\temp\clrsch\fnuninstaller.exe
obj[441]=File : c:\docume~1\wcg\locals~1\temp\clrsch\fnuninstaller.ex_

BROADCASTPC
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[26]=Folder : c:\program files\TV Media
obj[59]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[67]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RVP
obj[68]=RegKey : CLSID\{707e6f76-9ffb-4920-a976-ea101271bc25}
obj[173]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TV Media
obj[264]=File : c:\documents and settings\justin steele\local settings\temp\bpc_gu.exe
obj[269]=File : c:\documents and settings\justin steele\local settings\temp\glk7b.tmp
obj[337]=File : c:\documents and settings\wcg\local settings\temp\i5.tmp
obj[340]=File : c:\documents and settings\wcg\local settings\temp\tvmupdater.exe
obj[341]=File : c:\program files\btv\breg_inst.exe
obj[342]=File : c:\program files\btv\btvclean.exe
obj[347]=File : c:\program files\common files\java\breg.cfg
obj[442]=File : c:\program files\tv media\tvm.exe
obj[443]=File : c:\program files\tv media\tvmbho.dll
obj[444]=File : c:\program files\tv media\tvmcore.dll

DSSAGENT
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[27]=Folder : c:\program files\lycos\Sidesearch
obj[75]=RegKey : SOFTWARE\Broderbund Software\DSS
obj[363]=File : c:\windows\bbstore\dss\dssagent.exe
obj[447]=File : c:\program files\lycos\sidesearch\temp

EBATES MONEYMAKER
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[28]=Folder : c:\program files\WebSavingsfromEbates
obj[76]=RegKey : Software\Microsoft\Internet Explorer\MenuExt\Web Savings
obj[448]=File : c:\program files\websavingsfromebates\applicationdata
obj[449]=File : c:\program files\websavingsfromebates\applications
obj[450]=File : c:\program files\websavingsfromebates\system
obj[451]=File : c:\program files\websavingsfromebates\websavings_readme.txt
obj[452]=File : c:\program files\websavingsfromebates\websearch_dr.exe

FLASHTRACK
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[29]=Folder : c:\program files\Reg2
obj[30]=Folder : c:\program files\Xmod
obj[31]=Folder : c:\docume~1\wcg\locals~1\temp\64.exe
obj[80]=RegKey : BRedObj.BRedObj
obj[81]=RegKey : BRedObj.BRedObj.1
obj[82]=RegKey : CLSID\{63cf97e8-4133-438a-a831-cc9c6d47d673}
obj[83]=RegKey : CLSID\{7371f073-ac0f-4b80-bb2f-96a488cefb32}
obj[84]=RegKey : Interface\{06542764-7BB2-412B-80D6-D103D1474C93}
obj[85]=RegKey : Interface\{6E83AE1C-F69C-4AED-AF98-D23C24C6FA4B}
obj[86]=RegKey : Interface\{BAEF4039-3C02-4C9E-A2F4-87B513AB0E87}
obj[87]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{665ACD90-4541-4836-9FE4-062386BB8F05}
obj[88]=RegKey : TypeLib\{7955EA20-E0D6-4A77-88B6-120674D979EA}
obj[89]=RegKey : TypeLib\{DB9F4C00-65E8-4FA1-917B-E4844DDF5909}
obj[90]=RegKey : TypeLib\{E6C71E83-E02B-4BC4-958D-A9194916EC19}
obj[179]=RegKey : software\classes\typelib\{7955ea20-e0d6-4a77-88b6-120674d979ea}
obj[180]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63CF97E8-4133-438a-A831-CC9C6D47D673}
obj[181]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7371F073-AC0F-4b80-BB2F-96A488CEFB32}
obj[182]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reg2
obj[183]=RegKey : SOFTWARE\Netfilter
obj[184]=RegKey : SOFTWARE\Persistent Bytes
obj[333]=File : c:\documents and settings\wcg\local settings\temp\64.exe\64.exe
obj[351]=File : c:\program files\reg2\reg2.dll
obj[360]=File : c:\program files\xmod\persbytes.exe
obj[361]=File : c:\program files\xmod\xclean.exe
obj[362]=File : c:\program files\xmod\xm320.dll
obj[453]=File : c:\windows\downloaded program files\popcaploader.dll
obj[454]=File : c:\program files\reg2\reg2.cfg
obj[455]=File : c:\docume~1\wcg\locals~1\temp\64.exe\64.exe

TURBODOWNLOAD
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[32]=Folder : c:\windows\system32\IEDriver
obj[51]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[149]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC3BBF86-E4EC-4412-9676-8355468B3B05}
obj[268]=File : c:\documents and settings\justin steele\local settings\temp\g181511.exe
obj[336]=File : c:\documents and settings\wcg\local settings\temp\g181511.exe
obj[370]=File : c:\windows\system32\iedriver\iexplore.exe
obj[377]=File : c:\windows\system32\td.exe
obj[466]=File : c:\windows\system32\iedriver\3.exe
obj[467]=File : c:\windows\system32\iedriver\iedriver.bin
obj[468]=File : c:\windows\system32\iedriver\iedriver.exe
obj[469]=File : c:\windows\system32\iedriver\ieupdate.exe
obj[470]=File : c:\windows\system32\iedriver\vi.tty
obj[471]=File : c:\windows\system32\iedriver\vii.tty

TOPMOXIE
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[33]=Folder : c:\program files\GroksterSupport
obj[34]=Folder : c:\program files\websearch
obj[350]=File : c:\program files\grokstersupport\grokstersupport.exe
obj[357]=File : c:\program files\websavingsfromebates\websavingsfromebates1.exe
obj[358]=File : c:\program files\websearch\websearch.exe
obj[359]=File : c:\program files\websearch\websearch1.exe
obj[476]=File : c:\program files\websearch\applicationdata
obj[477]=File : c:\program files\websearch\applications
obj[478]=File : c:\program files\websearch\system

POSSIBLE BROWSER HIJACK ATTEMPT
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[35]=RegData : Software\Microsoft\Internet Explorer\Main
obj[36]=RegData : Software\Microsoft\Internet Explorer\Main
obj[37]=RegData : Software\Microsoft\Internet Explorer\SearchURL
obj[38]=RegData : Software\Microsoft\Internet Explorer\Main
obj[39]=RegData : Software\Microsoft\Internet Explorer\Main
obj[40]=RegData : Software\Microsoft\Internet Explorer\Search
obj[41]=RegData : Software\Microsoft\Internet Explorer\Search
obj[391]=File : c:\documents and settings\wcg\favorites\sports betting\sports interaction.url

FAVORITEMAN
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[43]=RegValue : Software\Microsoft\Windows
obj[44]=RegValue : Software\Microsoft\Windows
obj[45]=RegValue : Software\Microsoft\Windows
obj[77]=RegKey : CLSID\{00000EF1-34E3-4633-87C6-1AA7A44296DA}
obj[78]=RegKey : TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
obj[79]=RegKey : TypeLib\{EF100607-F409-426A-9E7C-CB211F2A9030}
obj[170]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-34E3-4633-87C6-1AA7A44296DA}
obj[373]=File : c:\windows\system32\mbr32.dll

OTHER
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[47]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run

ADROAR
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[54]=RegValue : SOFTWARE\Microsoft\Internet Explorer\Toolbar
obj[61]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[62]=RegKey : adroar.band
obj[63]=RegKey : adroar.band.1
obj[64]=RegKey : CLSID\{bdf6ce3d-f5c5-4462-9814-3c8eac330ca8}
obj[65]=RegKey : TYPELIB\{ace8d3ba-7742-44c4-920d-fd25bd1e8245}
obj[174]=RegKey : Interface\{91D91D21-8008-429D-821C-7266AAC84A9F}
obj[175]=RegKey : Software\AdRoarPlugin
obj[176]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}
obj[177]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CPR
obj[178]=RegKey : Software\XO
obj[378]=File : c:\windows\adroar.dll
obj[445]=File : c:\windows\arupdate.exe
obj[446]=File : c:\windows\cpruninst.exe

VX2
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[56]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[58]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[152]=RegKey : bidll.bidllobj.1
obj[153]=RegKey : CLSID\{000006b1-19b5-414a-849f-2a3c64ae6939}
obj[154]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000006b1-19b5-414a-849f-2a3c64ae6939}
obj[155]=RegKey : TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC}
obj[156]=RegKey : vx2.vx2obj
obj[190]=RegKey : Software\Dbi
obj[191]=RegKey : Software\Microsoft\Windows\CurrentVersion\Uninstall\Dbi
obj[198]=File : c:\windows\susp.exe
obj[199]=File : c:\windows\belt.exe
obj[258]=File : c:\documents and settings\justin steele\local settings\temp\belt.cab
obj[259]=File : c:\documents and settings\justin steele\local settings\temp\belt.exe
obj[260]=File : c:\documents and settings\justin steele\local settings\temp\bi.dll
obj[261]=File : c:\documents and settings\justin steele\local settings\temp\bi.ini
obj[262]=File : c:\documents and settings\justin steele\local settings\temp\biini.cab
obj[263]=File : c:\documents and settings\justin steele\local settings\temp\biprep.exe
obj[267]=File : c:\documents and settings\justin steele\local settings\temp\flashtlk.cab
obj[270]=File : c:\documents and settings\justin steele\local settings\temp\msview.ini
obj[271]=File : c:\documents and settings\justin steele\local settings\temp\susp.cab
obj[272]=File : c:\documents and settings\justin steele\local settings\temp\susp.exe
obj[364]=File : c:\windows\lastgood\bi.dll
obj[365]=File : c:\windows\lastgood\biprep.exe
obj[381]=File : c:\windows\bi.dll
obj[382]=File : c:\windows\bi.ini
obj[383]=File : c:\windows\biprep.exe
obj[390]=File : c:\windows\wupdsnff.exe
obj[472]=File : c:\docume~1\wcg\locals~1\temp\bi_reco.exe
obj[473]=File : c:\docume~1\wcg\locals~1\temp\dummy.htm

MARKETSCORE(NETSETTER)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[60]=RegValue : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[132]=RegKey : Interface\{F88527E2-A8A7-4227-8683-05CFA4EEC511}
obj[133]=RegKey : nsconfig.nsbrowserconfig
obj[134]=RegKey : nsconfig.nsbrowserconfig.2
obj[135]=RegKey : Software\Netsetter
obj[136]=RegKey : Software\Netsetter
obj[137]=RegKey : TYPELIB\{169c7855-c096-4d45-803b-6441552a7e92}
obj[169]=RegKey : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/System32/okshook.dll
obj[197]=File : c:\windows\system32\okshook.dll
obj[372]=File : c:\windows\system32\csloa.dll
obj[459]=File : c:\windows\system32\ossproxy.exe
obj[460]=File : c:\windows\downloaded program files\nsconfig.dll
obj[461]=File : c:\windows\downloaded program files\nsconfig.inf
obj[462]=File : c:\windows\nsreg.dat

ALEXA
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[66]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

IGETNET
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[111]=RegKey : CLSID\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}

IMISERVER IEPLUGIN
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[112]=RegKey : CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}
obj[113]=RegKey : CLSID\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
obj[114]=RegKey : CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}
obj[115]=RegKey : CLSID\{F3155057-4C2C-4078-8576-50486693FD49}
obj[116]=RegKey : IMIToolbar.BottomFrame
obj[117]=RegKey : IMIToolbar.BottomFrame.1
obj[118]=RegKey : IMIToolbar.LeftFrame
obj[119]=RegKey : IMIToolbar.LeftFrame.1
obj[120]=RegKey : IMIToolbar.PopupBrowser
obj[121]=RegKey : IMIToolbar.PopupBrowser.1
obj[122]=RegKey : imitoolbar.popupwindow
obj[123]=RegKey : imitoolbar.popupwindow.1
obj[124]=RegKey : Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}
obj[125]=RegKey : Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}
obj[126]=RegKey : Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}
obj[127]=RegKey : Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}
obj[128]=RegKey : wbho.band.1
obj[129]=RegKey : wbho.band
obj[130]=RegKey : CLSID\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
obj[131]=RegKey : TYPELIB\{57add57b-173e-418a-8f70-17e5c9f2bcc9}
obj[185]=RegKey : Software\intexp
obj[186]=RegKey : Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}
obj[187]=RegKey : Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}
obj[188]=RegKey : Remove
obj[189]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
obj[456]=File : c:\windows\wupdt.exe
obj[457]=File : c:\windows\lu.dat
obj[458]=File : c:\windows\redir.txt

MSVIEW
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[138]=RegKey : CLSID\{00000580-C637-11D5-831C-00105AD6ACF0}
obj[139]=RegKey : MSView.MSViewObj.1
obj[140]=RegKey : Software\MSView
obj[384]=File : c:\windows\msview.dll
obj[385]=File : c:\windows\msvprep.exe
obj[463]=File : c:\windows\inf\msview.inf

NETPAL
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[141]=RegKey : f1.organizer
obj[142]=RegKey : f1.organizer.1

SAHAGENT
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[146]=RegKey : SOFTWARE\VGroup
obj[464]=File : c:\windows\downloaded program files\setup.inf

STOPPOP
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[148]=RegKey : Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}

VIRTUALBOUNCER
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[150]=RegKey : Software\Microsoft\Code Store Database\Distribution Units\{D9EC0A76-03BF-11D4-A509-0090270F86E3}
obj[151]=RegKey : Software\VB and VBA Program Settings\VBouncer

WURLDMEDIA
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[166]=RegKey : tchk.tchkbho

ADSINCONTEXT
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[167]=RegKey : CLSID\{853EF100-44B3-49AD-8D8B-0D99225CFB7E}
obj[171]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{853EF100-44B3-49AD-8D8B-0D99225CFB7E}
obj[195]=File : c:\windows\system32\loadrperf.dll
obj[338]=File : c:\documents and settings\wcg\local settings\temp\iic34.exe
obj[339]=File : c:\documents and settings\wcg\local settings\temp\iicc.exe

180SOLUTIONS
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[192]=RegKey : Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
obj[193]=RegKey : Software\180solutions
obj[266]=File : c:\documents and settings\justin steele\local settings\temp\del50.tmp
obj[334]=File : c:\documents and settings\wcg\local settings\temp\del3.tmp
obj[335]=File : c:\documents and settings\wcg\local settings\temp\del8.tmp
obj[374]=File : c:\windows\system32\msbb.exe

TRACKING COOKIE
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[201]=File : c:\documents and settings\justin steele\cookies\justin steele@0[1].txt
obj[202]=File : c:\documents and settings\justin steele\cookies\justin steele@0[2].txt
obj[203]=File : c:\documents and settings\justin steele\cookies\justin steele@0[3].txt
obj[204]=File : c:\documents and settings\justin steele\cookies\justin steele@2o7[2].txt
obj[205]=File : c:\documents and settings\justin steele\cookies\justin steele@adrevolver[1].txt
obj[206]=File : c:\documents and settings\justin steele\cookies\justin [email protected][1].txt
obj[207]=File : c:\documents and settings\justin steele\cookies\justin [email protected][2].txt
obj[208]=File : c:\documents and settings\justin steele\cookies\justin steele@advertising[2].txt
obj[209]=File : c:\documents and settings\justin steele\cookies\justin steele@atdmt[2].txt
obj[210]=File : c:\documents and settings\justin steele\cookies\justin [email protected][2].txt
obj[211]=File : c:\documents and settings\justin steele\cookies\justin [email protected][2].txt
obj[212]=File : c:\documents and settings\justin steele\cookies\justin steele@bfast[1].txt
obj[213]=File : c:\documents and settings\justin steele\cookies\justin [email protected][2].txt
obj[214]=File : c:\documents and settings\justin steele\cookies\justin steele@bluestreak[2].txt
obj[215]=File : c:\documents and settings\justin steele\cookies\justin [email protected][2].txt
obj[216]=File : c:\documents and settings\justin steele\cookies\justin steele@casalemedia[2].txt
obj[217]=File : c:\documents and settings\justin steele\cookies\justin steele@casinolasvegas[2].txt
obj[218]=File : c:\documents and settings\justin steele\cookies\justin steele@centrport[2].txt
obj[219]=File : c:\documents and settings\justin steele\cookies\justin steele@cgi-bin[1].txt
obj[220]=File : c:\documents and settings\justin steele\cookies\justin steele@cgi-bin[3].txt
obj[221]=File : c:\documents and settings\justin steele\cookies\justin [email protected][1].txt
obj[222]=File : c:\documents and settings\justin steele\cookies\justin steele@clickagents[2].txt
obj[223]=File : c:\documents and settings\justin steele\cookies\justin steele@commission-junction[1].txt
obj[224]=File : c:\documents and settings\justin steele\cookies\justin [email protected][1].txt
obj[225]=File : c:\documents and settings\justin steele\cookies\justin steele@doubleclick[1].txt
obj[226]=File : c:\documents and settings\justin steele\cookies\justin [email protected][1].txt
obj[227]=File : c:\documents and settings\justin steele\cookies\justin [email protected][1].txt
obj[228]=File : c:\documents and settings\justin steele\cookies\justin [email protected][2].txt
obj[229]=File : c:\documents and settings\justin steele\cookies\justin [email protected][1].txt
obj[230]=File : c:\documents and settings\justin steele\cookies\justin [email protected][1].txt
obj[231]=File : c:\documents and settings\justin steele\cookies\justin [email protected][2].txt
obj[232]=File : c:\documents and settings\justin steele\cookies\justin [email protected][1].txt
obj[233]=File : c:\documents and settings\justin steele\cookies\justin [email protected][2].txt
obj[234]=File : c:\documents and settings\justin steele\cookies\justin steele@fastclick[2].txt
obj[235]=File : c:\documents and settings\justin steele\cookies\justin steele@findwhat[1].txt
obj[236]=File : c:\documents and settings\justin steele\cookies\justin steele@gator[1].txt
obj[237]=File : c:\documents and settings\justin steele\cookies\justin steele@goclick[1].txt
obj[238]=File : c:\documents and settings\justin steele\cookies\justin steele@hitbox[1].txt
obj[239]=File : c:\documents and settings\justin steele\cookies\justin steele@linksynergy[1].txt
obj[240]=File : c:\documents and settings\justin steele\cookies\justin steele@maxserving[1].txt
obj[241]=File : c:\documents and settings\justin steele\cookies\justin steele@mediaplex[2].txt
obj[242]=File : c:\documents and settings\justin steele\cookies\justin steele@mysearch[2].txt
obj[243]=File : c:\documents and settings\justin steele\cookies\justin steele@overture[1].txt
obj[244]=File : c:\documents and settings\justin steele\cookies\justin steele@peel[2].txt
obj[245]=File : c:\documents and settings\justin steele\cookies\justin steele@pointroll[2].txt
obj[246]=File : c:\documents and settings\justin steele\cookies\justin steele@pro-market[2].txt
obj[247]=File : c:\documents and settings\justin steele\cookies\justin steele@qksrv[1].txt
obj[248]=File : c:\documents and settings\justin steele\cookies\justin steele@questionmarket[2].txt
obj[249]=File : c:\documents and settings\justin steele\cookies\justin [email protected][2].txt
obj[250]=File : c:\documents and settings\justin steele\cookies\justin steele@realmedia[1].txt
obj[251]=File : c:\documents and settings\justin steele\cookies\justin [email protected][1].txt
obj[252]=File : c:\documents and settings\justin steele\cookies\justin [email protected][1].txt
obj[253]=File : c:\documents and settings\justin steele\cookies\justin steele@tmpad[2].txt
obj[254]=File : c:\documents and settings\justin steele\cookies\justin steele@trafficmp[1].txt
obj[255]=File : c:\documents and settings\justin steele\cookies\justin steele@valueclick[1].txt
obj[256]=File : c:\documents and settings\justin steele\cookies\justin [email protected][2].txt
obj[257]=File : c:\documents and settings\justin steele\cookies\justin steele@zedo[1].txt
obj[274]=File : c:\documents and settings\wcg\cookies\wcg@0[1].txt
obj[275]=File : c:\documents and settings\wcg\cookies\wcg@2o7[2].txt
obj[276]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[277]=File : c:\documents and settings\wcg\cookies\wcg@adrevolver[1].txt
obj[278]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[279]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[280]=File : c:\documents and settings\wcg\cookies\wcg@advertising[1].txt
obj[281]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[282]=File : c:\documents and settings\wcg\cookies\wcg@atdmt[2].txt
obj[283]=File : c:\documents and settings\wcg\cookies\wcg@bfast[1].txt
obj[284]=File : c:\documents and settings\wcg\cookies\wcg@bluestreak[1].txt
obj[285]=File : c:\documents and settings\wcg\cookies\wcg@bravenet[1].txt
obj[286]=File : c:\documents and settings\wcg\cookies\wcg@casalemedia[1].txt
obj[287]=File : c:\documents and settings\wcg\cookies\wcg@centrport[1].txt
obj[288]=File : c:\documents and settings\wcg\cookies\wcg@cgi-bin[1].txt
obj[289]=File : c:\documents and settings\wcg\cookies\wcg@cgi-bin[2].txt
obj[290]=File : c:\documents and settings\wcg\cookies\wcg@cgi-bin[3].txt
obj[291]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[292]=File : c:\documents and settings\wcg\cookies\wcg@clickagents[1].txt
obj[293]=File : c:\documents and settings\wcg\cookies\wcg@commission-junction[1].txt
obj[294]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[295]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[296]=File : c:\documents and settings\wcg\cookies\wcg@dbbsrv[1].txt
obj[297]=File : c:\documents and settings\wcg\cookies\wcg@doubleclick[1].txt
obj[298]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[299]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[300]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[301]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[302]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[303]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[304]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[305]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[306]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[307]=File : c:\documents and settings\wcg\cookies\wcg@excite[1].txt
obj[308]=File : c:\documents and settings\wcg\cookies\wcg@fastclick[1].txt
obj[309]=File : c:\documents and settings\wcg\cookies\wcg@gator[1].txt
obj[310]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[311]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[312]=File : c:\documents and settings\wcg\cookies\wcg@hitbox[1].txt
obj[313]=File : c:\documents and settings\wcg\cookies\wcg@linksynergy[1].txt
obj[314]=File : c:\documents and settings\wcg\cookies\wcg@maxserving[2].txt
obj[315]=File : c:\documents and settings\wcg\cookies\wcg@mediaplex[1].txt
obj[316]=File : c:\documents and settings\wcg\cookies\wcg@overture[2].txt
obj[317]=File : c:\documents and settings\wcg\cookies\wcg@qksrv[1].txt
obj[318]=File : c:\documents and settings\wcg\cookies\wcg@questionmarket[1].txt
obj[319]=File : c:\documents and settings\wcg\cookies\wcg@realmedia[2].txt
obj[320]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[321]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[322]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[323]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[324]=File : c:\documents and settings\wcg\cookies\wcg@tmpad[1].txt
obj[325]=File : c:\documents and settings\wcg\cookies\wcg@trafficmp[2].txt
obj[326]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[327]=File : c:\documents and settings\wcg\cookies\wcg@valueclick[2].txt
obj[328]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[329]=File : c:\documents and settings\wcg\cookies\[email protected][2].txt
obj[330]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[331]=File : c:\documents and settings\wcg\cookies\[email protected][1].txt
obj[332]=File : c:\documents and settings\wcg\cookies\wcg@zedo[1].txt

EACCELERATION
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[265]=File : c:\documents and settings\justin steele\local settings\temp\bullguard.exe

VERTICITY
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[369]=File : c:\windows\system32\iedriver\5.exe

BARGAINBUDDY
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[375]=File : c:\windows\system32\mset_bbi8010.exe
obj[376]=File : c:\windows\system32\mset_bbi80102.dll
obj[479]=File : c:\windows\system32\msbb.dll
obj[480]=File : c:\windows\system32\msbb1.dll

AVATAR RESOURCES
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[379]=File : c:\windows\astart.exe
obj[380]=File : c:\windows\ast_1to2.exe
obj[481]=File : c:\windows\last.tmp
  • 0

#4
admin

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
That's sure a lot of Malware. <_<

Let's try Spbot S&D instead:
Download here: http://www.geekstogo...=download&id=14
  • 0

#5
happy1ncali

happy1ncali

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, I ran Spybot and I am still able to connect to the internet, however, very slowly. Here is a new log. Thanks for helping....

Logfile of HijackThis v1.98.2
Scan saved at 11:35:21 AM, on 9/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\BITWARE\NT\bwprnmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
C:\WINDOWS\System32\olbdld.exe
C:\Program Files\BTV\btv.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\DOCUME~1\WCG\LOCALS~1\Temp\g181511.exe
C:\Program Files\RCPrograms\v2\prizesurfer.exe
C:\Program Files\RCPrograms\RCSync.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\COMMON~1\tsa\tsm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\COMMON~1\tsa\ts.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\WCG\Desktop\modules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.smarter.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.smarter.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BRedObj Class - {63CF97E8-4133-438a-A831-CC9C6D47D673} - c:\Program Files\Reg2\Reg2.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O2 - BHO: CSObj Class - {CD209A08-98B5-4669-AF9F-447AC5253356} - C:\WINDOWS\System32\CSapp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\breg.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
O4 - HKLM\..\Run: [rzlvlfktg] C:\WINDOWS\System32\olbdld.exe
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\System32\ossproxy.exe -boot
O4 - HKLM\..\Run: [BTV] C:\Program Files\BTV\btv.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\DOCUME~1\WCG\LOCALS~1\Temp\g181511.exe
O4 - HKLM\..\Run: [PrizeSurfer] C:\Program Files\RCPrograms\v2\prizesurfer.exe
O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\tsm.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Web Savings - file://C:\Program Files\websearch\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresear...ia/OTXMedia.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\WCG\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup151.cab
  • 0

#6
happy1ncali

happy1ncali

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
What happened? It's been a long time since I posted, Should I still expect a reply?

Thanks <_<
H
  • 0

#7
admin

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Thanks for the gentle reminder. It has been a long time. <_<

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.smarter.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.smarter.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: BRedObj Class - {63CF97E8-4133-438a-A831-CC9C6D47D673} - c:\Program Files\Reg2\Reg2.dll
O2 - BHO: CSObj Class - {CD209A08-98B5-4669-AF9F-447AC5253356} - C:\WINDOWS\System32\CSapp.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\breg.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [rzlvlfktg] C:\WINDOWS\System32\olbdld.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\DOCUME~1\WCG\LOCALS~1\Temp\g181511.exe
O4 - HKLM\..\Run: [PrizeSurfer] C:\Program Files\RCPrograms\v2\prizesurfer.exe
O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe
O8 - Extra context menu item: Web Savings - file://C:\Program Files\websearch\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresear...ia/OTXMedia.dll
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\WCG\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup151.cab

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\Program Files\MySearch <- this folder
c:\Program Files\Reg2 <- this folder
C:\WINDOWS\System32\CSapp.dll
C:\WINDOWS\system32\pcs <- this folder
C:\Program Files\Common Files\Java\breg.exe
C:\WINDOWS\System32\olbdld.exe
C:\Program Files\RCPrograms <- this folder
C:\WINDOWS\web <- this folder

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin

Click OK and Disk Cleanup will delete those files for you.

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :D
  • 0

#8
happy1ncali

happy1ncali

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks alot, so far, so good. Everything is running correctly.

Thanks A WHOLE WHOLE WHOLE LOT!!!!
H:)

Logfile of HijackThis v1.98.2
Scan saved at 11:09:35 AM, on 9/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\BTV\btv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\WCG\Desktop\modules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\System32\ossproxy.exe -boot
O4 - HKLM\..\Run: [BTV] "C:\Program Files\BTV\btv.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup151.cab
  • 0

#9
admin

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
You've got a new one. <_<

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\Program Files\TV Media

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic. :D
  • 0

#10
happy1ncali

happy1ncali

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, here you go. Is there any way to keep these off my computer? Is there anything else I need to get rid of??

Thanks <_<

Logfile of HijackThis v1.98.2
Scan saved at 4:58:32 PM, on 9/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\BITWARE\NT\bwprnmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\BTV\btv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\WCG\Desktop\modules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\System32\ossproxy.exe -boot
O4 - HKLM\..\Run: [BTV] "C:\Program Files\BTV\btv.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup151.cab
  • 0

#11
admin

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Congratulations! Your system is CLEAN <_<

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.geekstogo...tion=show&id=12

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend Firefox.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. :D
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP