Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware is such fun..here is my log..pleaaase help [CLOSED]


  • This topic is locked This topic is locked

#1
deegoofy

deegoofy

    New Member

  • Member
  • Pip
  • 9 posts
Yup I downloaded a shareware program.
I had the elite toolbar, used a remover for that and haven't seen it since yesterday but who knows if its really gone.
The rest has been equally as fun too.
One in particular that I have never come across before, in my AOL mail only any mail that came through yesterday, it was creating keywords of certain words within the email and creating hyperlinks that went to a site.
The rest of the stuff is the same crap, icons for party poker and what not on my desktop, pop ups and all the normal mess.
I have run the suggested programs in safe mode ran housecalls online.
That is stating :TROJ_TL.A found and cleaned
TROJ dloader.OT can not access non cleanable
TROJ SMALL.AAL clean failed
TROJ Startpag.QY
Nothing seems to be removing everything as restarting and running a new scan shows they are still here.
I also have a log file from a trial SPYWARE Doctor that shows a whole slew of stuff but trial version does not remove anything, not really sure if buying it will remove this stuff either.
Here is my Hijack This log:(ran after second go through with lsited programs)
Logfile of HijackThis v1.99.1
Scan saved at 5:00:48 PM, on 6/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
F:\Program Files\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
F:\Program Files\Clie`\HOTSYNC.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\MUSICMATCH\mim.exe
C:\WINDOWS\wanmpsvc.exe
F:\Program Files\MUSICMATCH\MMDiag.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Spyware Apps\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - F:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - F:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [MimBoot] F:\PROGRA~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [Reminder] F:\program files\money\System\reminder.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - HKCU\..\Run: [uiri] C:\PROGRA~1\COMMON~1\uiri\uirim.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [b357RgesX] lfeiop.exe
O4 - Startup: SnagIt 7.lnk = F:\Program Files\SnagIt 7\SnagIt32.exe
O4 - Startup: HotSync Manager.lnk = F:\Program Files\Clie`\HOTSYNC.EXE
O4 - Global Startup: America Online Tray Icon.lnk = F:\My Documents\America Online 8.0a\aoltray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\MSPUB2~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://www.crcivr.co...tivexviewer.cab
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\bStmeter.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\security suite\ewidoguard.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


And here is my Spyware Doctor Log File: (run before the seccond run through of the listed programs)
Spyware Doctor Activity Report
Generated on 6/18/2005 12:19:23 PM Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 6/18/2005 12:21:28 PM
scan stop: 6/18/2005 12:51:32 PM
scanned items: 74900
found items: 381
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner



Infection Name Location Risk
TargetSavers uiric.dll) Elevated
AdDestroyer HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AdDestroyer Medium
AdDestroyer HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AdDestroyer## Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}## Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\NumMethods Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\NumMethods## Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32 Medium
AproposMedia HKCR\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32## Medium
AproposMedia HKLM\software\autoloader Medium
AproposMedia HKLM\software\autoloader## Medium
AproposMedia HKLM\software\autoloader\AproposClient Medium
AproposMedia HKLM\software\autoloader\AproposClient## Medium
AproposMedia HKLM\software\autoloader\AproposClient##LoadUrl Medium
AproposMedia HKLM\software\autoloader\AproposClient##TempFile Medium
AproposMedia HKLM\software\autoloader\AproposClient##Parameters Medium
AproposMedia HKLM\software\autoloader\AproposClient##Attempts Medium
AproposMedia HKLM\software\autoloader\AproposClient##Trust Medium
AproposMedia HKLM\software\autoloader\AproposClient##Total Medium
AproposMedia HKLM\software\autoloader\AproposClient##Downloaded Medium
AproposMedia HKLM\software\autoloader\qz5d1aPeMKIX Medium
AproposMedia HKLM\software\autoloader\qz5d1aPeMKIX## Medium
AproposMedia HKLM\software\autoloader\qz5r1aPeMKIX Medium
AproposMedia HKLM\software\autoloader\qz5r1aPeMKIX## Medium
Bargain Buddy HKLM\SOFTWARE\eXactUtil Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil## Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil##InstallOccurUrl Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil##AlreadyInstalledUrl Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil##ETServer Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil##NewPartnerName Elevated
Bargain Buddy HKLM\SOFTWARE\eXactUtil##System Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52## Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Version Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Referer Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Unique Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-Update Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-Update Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-Update Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-UTONE6 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASIPP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASIEPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASISSRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASISS2RE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASIRCPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASICLRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-EECH1 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-SPZ3 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPMTV Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPS Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPC Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPD Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPH Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPHL Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPW Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPSP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPR Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPG Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPF Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPFIN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPFAM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPFI Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPJ Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-TMPSHOP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ZNETGP2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Delay-ASI2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Campaigns Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASI2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASI2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-EECH1 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-EECH1 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASISSRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASISSRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPC Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPC Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASIPP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASIPP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASICLRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASICLRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASIEPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASIEPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPMTV Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPMTV Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASIRCPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASIRCPRE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ZNETGP2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ZNETGP2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-UTONE6 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-UTONE6 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPSHOP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPSHOP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPG Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPG Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPD Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPD Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPJ Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPJ Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPF Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPF Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPFIN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPFIN Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPFAM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPFAM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPFI Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPFI Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPH Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPH Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPHL Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPHL Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPM Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPW Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPW Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPSP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPSP Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPR Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPR Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-ASISS2RE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-ASISS2RE Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-SPZ3 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-SPZ3 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Receipt-TMPS Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Data-TMPS Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Last Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Page Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-UTONE6 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-UTONE6 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Override Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-EECH1 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-EECH1 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-SPZ3 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-SPZ3 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-ASI2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-ASI2 Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Stamp-TMPS Elevated
BookedSpace HKLM\Software\configuration manager\cfgmgr52##Count-TMPS Elevated
Common Components for GAIN HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll Medium
Common Components Unrelated HKLM\Software\Microsoft\Windows\CurrentVersion\Run##autoupdater Medium
Elitum EliteBar (Search Miracle) HKCU\Software\LQ Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ## Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##AT Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##TM Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##U Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##AD Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##I Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##AM Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##TR Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##country Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##city Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##state Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX2.8 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX2.9 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX3.0 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX3.1 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX3.2 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##RX3.3 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##FU3.4 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##FU3.5 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##FU3.6 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##LU3.7 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\LQ##AC Elevated
Elitum EliteBar (Search Miracle) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##checkrun Elevated
Flingstone Infamous Downloader HKLM\SOFTWARE\Microsoft\Windows##infamous High
IBIS Toolbar HKLM\software\microsoft\windows\currentversion\run##viewmgr Medium
Media Access HKLM\SOFTWARE\Media Access Medium
Media Access HKLM\SOFTWARE\Media Access## Medium
Media Access HKLM\SOFTWARE\Media Access##param Medium
Media Access HKLM\SOFTWARE\Media Access##track Medium
Media Access HKLM\SOFTWARE\Media Access##LastUpdate Medium
Media Access HKLM\SOFTWARE\Media Access##reqcount Medium
Media Access HKLM\SOFTWARE\Media Access##DownloadPath Medium
Media Access HKLM\SOFTWARE\Media Access##Language Medium
Media Access HKLM\SOFTWARE\Media Access##SoftwareTable Medium
Media Access HKLM\SOFTWARE\Media Access##Request Medium
Media Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##Media Access Medium
NaviSearch HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##NaviSearch Elevated
TargetSavers HKCU\Software\tsl2 Elevated
TargetSavers HKCU\Software\tsl2## Elevated
TargetSavers HKCU\Software\tsl2##Tsl2HWND Elevated
TargetSavers HKLM\SOFTWARE\TSA Elevated
TargetSavers HKLM\SOFTWARE\TSA## Elevated
TargetSavers HKLM\SOFTWARE\TSA##NewInstall Elevated
TargetSavers HKLM\SOFTWARE\TSA\update Elevated
TargetSavers HKLM\SOFTWARE\TSA\update## Elevated
TargetSavers HKLM\SOFTWARE\TSA\update##TSVersion Elevated
Virtual Bouncer HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Virtual Bouncer Medium
Virtual Bouncer HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Virtual Bouncer## Medium
WildTangent HKCR\WildTangent.ActiveLauncher Medium
WildTangent HKCR\WildTangent.ActiveLauncher## Medium
WildTangent HKCR\WildTangent.ActiveLauncher\CLSID Medium
WildTangent HKCR\WildTangent.ActiveLauncher\CLSID## Medium
WildTangent HKCR\WildTangent.ActiveLauncher\CurVer Medium
WildTangent HKCR\WildTangent.ActiveLauncher\CurVer## Medium
WildTangent HKCR\WildTangent.ActiveLauncher\Insertable Medium
WildTangent HKCR\WildTangent.ActiveLauncher\Insertable## Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1 Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1## Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1\CLSID Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1\CLSID## Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1\Insertable Medium
WildTangent HKCR\WildTangent.ActiveLauncher.1\Insertable## Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14} Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}## Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid## Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid32 Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid32## Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib## Medium
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib##Version Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF} Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}## Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid## Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid32 Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid32## Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib## Medium
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib##Version Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E} Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}## Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0 Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0## Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0 Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0## Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0\win32 Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0\win32## Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\FLAGS Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\FLAGS## Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\HELPDIR Medium
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\HELPDIR## Medium
WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls##wtControlPanel Medium
Tracking Cookie(s) deegoofy@atdmt[2].txt Medium
Tracking Cookie(s) deegoofy@linksynergy[1].txt Medium
Tracking Cookie(s) deegoofy@dcs73d8ey4twkfbrtpj35l5z1_3m1y[1].txt Medium
Tracking Cookie(s) deegoofy@atwola[1].txt Medium
Tracking Cookie(s) deegoofy@ads.pointroll[2].txt Medium
eXact Advertising deegoofy@trafficmp[1].txt Elevated
Common Components for GAIN deegoofy@belnk[2].txt Medium
Tracking Cookie(s) deegoofy@tribalfusion[2].txt Medium
Tracking Cookie(s) deegoofy@www.geekstogo[2].txt Medium
Advertising deegoofy@doubleclick[2].txt Low
Common Components for GAIN deegoofy@dist.belnk[1].txt Medium
Advertising deegoofy@casalemedia[1].txt Low
Common Components for GAIN deegoofy@ath.belnk[1].txt Medium
Tracking Cookie(s) deegoofy@2o7[1].txt Medium
Tracking Cookie(s) deegoofy@geekstogo[1].txt Medium
Advertising deegoofy@ads.addynamix[2].txt Low
Tracking Cookie(s) deegoofy@statse.webtrendslive[2].txt Medium
Advertising deegoofy@statcounter[2].txt Low
Known Bad Sites C:\Documents and Settings\Deegooofy\Favorites\online discounts\cashback by bargainbuddy america?s reward and charity network.url High
Rogue Anti-Spyware Products C:\Documents and Settings\Deegooofy\Favorites\website design\free resource for content and webmaster tools - counters, scripts, graphics, sounds, news, and more..url High
AproposMedia HKCR\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} Medium
AproposMedia HKCR\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\LocalServer32 Medium
AproposMedia HKCR\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\ProgID Medium
AproposMedia HKCR\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\VersionIndependentProgID Medium
AproposMedia HKLM\Software\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} Medium
AproposMedia HKLM\Software\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\LocalServer32 Medium
AproposMedia HKLM\Software\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\ProgID Medium
AproposMedia HKLM\Software\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\VersionIndependentProgID Medium
AproposMedia HKCR\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} Medium
AproposMedia HKCR\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\InProcServer32 Medium
AproposMedia HKLM\Software\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} Medium
AproposMedia HKLM\Software\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\InProcServer32 Medium
AdDestroyer C:\Documents and Settings\All Users.WINDOWS\Application Data\AdDestroyer Medium
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\cache Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\cache\348.dfn Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\cache\494.dfn Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\cache\482.dfn Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0104.dbd Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0504.ddx Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0904.ddx Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0412.ddx Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0106.ddx Elevated
DelfinProject C:\Documents and Settings\All Users.WINDOWS\Application Data\nsv\wmv0204.ddx Elevated
AproposMedia C:\Program Files\AutoUpdate Medium
AproposMedia C:\Program Files\AutoUpdate\libexpat.dll Medium
BullsEye Network C:\Program Files\BullsEye Network Elevated
BullsEye Network C:\Program Files\BullsEye Network\bin Elevated
BullsEye Network C:\Program Files\BullsEye Network\bin\bargains.exe Elevated
BullsEye Network C:\Program Files\BullsEye Network\Uninstall.exe Elevated
BullsEye Network C:\Program Files\BullsEye Network\ad.dat Elevated
BullsEye Network C:\Program Files\BullsEye Network\ub.dat Elevated
Media Access C:\Program Files\Media Access Medium
Media Access C:\Program Files\Media Access\MediaAccC.dll Medium
Media Access C:\Program Files\Media Access\MediaAccK.exe Medium
Media Access C:\Program Files\Media Access\Info.txt Medium
Media Access C:\Program Files\Media Access\MediaAccess.exe Medium
NaviSearch C:\Program Files\NaviSearch Elevated
NaviSearch C:\Program Files\NaviSearch\bin Elevated
NaviSearch C:\Program Files\NaviSearch\ad.dat Elevated
NaviSearch C:\Program Files\NaviSearch\Uninstall.exe Elevated
NaviSearch C:\Program Files\NaviSearch\ub.dat Elevated
Trojan.Abox C:\WINDOWS\ABox.exe Elevated
BookedSpace C:\WINDOWS\cfgmgr52.dll Elevated
BookedSpace C:\WINDOWS\cfgmgr52.ini Elevated
BookedSpace C:\WINDOWS\cfgmgr52 Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASI2.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\EECH1.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASISSRE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPC.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASIPP.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASICLRE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASIEPRE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPMTV.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASIRCPRE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ZNETGP2.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\UTONE6.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPSHOP.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPG.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPD.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPN.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPJ.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPF.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPFIN.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPFAM.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPFI.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPH.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPHL.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPM.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPW.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPSP.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPR.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\ASISS2RE.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\SPZ3.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\TMPS.bsx Elevated
BookedSpace C:\WINDOWS\cfgmgr52\bspace.html Elevated
Common Components for GAIN C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll Medium
Common Components for GAIN C:\WINDOWS\Downloaded Program Files\HDPlugin1019.inf Medium
Transponder.Twain-tech C:\WINDOWS\Downloaded Program Files\thin.inf High
Transponder.Alchemy C:\WINDOWS\inf\alchem.inf High
Pops Stop C:\WINDOWS\ISSM0064.DAT Elevated
Common Components for Searchmiracle items C:\WINDOWS\protector.exe Elevated
AproposMedia C:\WINDOWS\System32\auto_update_uninstall.exe Medium
AproposMedia C:\WINDOWS\System32\auto_update_uninstall.log Medium
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\bingo2.bmp High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\mail unreaded.bmp High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\star.bmp High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\weather.bmp High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\100.bin High
ILookup.Begin2Search C:\WINDOWS\System32\b2s_cache\but.bin High
eXact Advertising C:\WINDOWS\System32\bbchk.exe Elevated
ILookup.Begin2Search C:\WINDOWS\System32\dice21.ico High
eXact Advertising C:\WINDOWS\System32\exclean.exe Elevated
ILookup.Begin2Search C:\WINDOWS\System32\greenmovie2311.ico High
ILookup.Begin2Search C:\WINDOWS\System32\kill all spyware4.ico High
Bargain Buddy C:\WINDOWS\System32\msbe.dll Elevated
DelfinProject C:\WINDOWS\System32\nsvsvc Elevated
DelfinProject C:\WINDOWS\System32\nsvsvc\License.txt Elevated
ILookup.Begin2Search C:\WINDOWS\System32\poker11212.ico High
TargetSavers C:\WINDOWS\System32\tsuninst.exe Elevated
ILookup.Begin2Search C:\WINDOWS\System32\virushunter1231.ico High
PurityScan C:\WINDOWS\System32\wintask.exe Elevated
AproposMedia C:\WINDOWS\system32\cxtpls_loader.exe Medium
NaviSearch C:\WINDOWS\system32\nvms.dll Elevated
CashBack C:\WINDOWS\system32\mscb.dll Elevated
PurityScan C:\WINDOWS\system32\exp Elevated
PurityScan C:\WINDOWS\system32\exp.exe Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\protector.exe Elevated
DelfinProject C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06172005225845169610.asw Elevated
DelfinProject C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06172005225845169860.asw Elevated
DelfinProject C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06172005225845170001.asw Elevated
DelfinProject C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06172005225845170431.asw Elevated
DelfinProject C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06172005225845170842.asw Elevated
TargetSavers C:\Program Files\Common Files\uiri\uirid\class-barrel Elevated
TargetSavers C:\Program Files\Common Files\uiri\uirid\vocabulary Elevated
TargetSavers C:\Program Files\Common Files\uiri\uirid\uiric.dll Elevated
DelfinProject C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe Elevated
Elitum EliteBar (Search Miracle) C:\Program Files\sdf.exe Elevated
TargetSavers C:\Documents and Settings\Deegooofy\Local Settings\Temporary Internet Files\Content.IE5\KHYN0XMV\affupdate[1].ini Elevated

Any help is greated appreciated.
Thanks
Take Care
Dee

Edited by deegoofy, 18 June 2005 - 03:14 PM.

  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Welcome to Geeks 2 Go. Sorry about the delay in getting to your post, we have been very busy.

Do you still require help or are your problems resolved.

Please let me know and if you still require assistance, please post a fresh HJT log.

Regards,

Usetobe
  • 0

#3
deegoofy

deegoofy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey Usetobe,
Yes I can still use assistance, if you can help that would be great.
I seem to have been able to get rid of some of the problems, I followed the list above and still had a problem. I now have spyware doctor installed which seemed to have taken care of some of the bad files but not all of them. For the past two days the only items that are getting through visually are yieldmanger and media ads, out of the blue without being on a website. There were quite a few trojans and such that seem to have disappeared, as no programs are detecting them at the moment but they apparently left behind files. Spyware doctor does alot of cookie and pop up blocking but I would prefer to be rid of the whole mess.
Here is my latest HIJack This log I just ran.
Thanks in Advance.
Take Care
Dee

Logfile of HijackThis v1.99.1
Scan saved at 9:32:22 PM, on 6/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
F:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
F:\Program Files\Clie`\HOTSYNC.EXE
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Spyware Apps\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

F:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} -

F:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

F:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} -

F:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKCU\..\Run: [Spyware Doctor] "F:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SnagIt 7.lnk = F:\Program Files\SnagIt 7\SnagIt32.exe
O4 - Startup: HotSync Manager.lnk = F:\Program Files\Clie`\HOTSYNC.EXE
O4 - Global Startup: America Online Tray Icon.lnk = F:\My Documents\America Online

8.0a\aoltray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program

Files\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

F:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

F:\PROGRA~1\MICROS~3\MSPUB2~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

F:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

http://download.ebay.../US/install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj

Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...ousecall/xscan5

3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer

7) - http://www.crcivr.co...tivexviewer.cab
O20 - Winlogon Notify: Fonts - C:\WINDOWS\system32\bStmeter.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) -

Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -

C:\WINDOWS\wanmpsvc.exe

Edited by deegoofy, 23 June 2005 - 07:42 PM.

  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#5
deegoofy

deegoofy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Usetobe,
I went to Windows Updates and it showed no 1a Service Pack 4 available for my system , it did show several security updates(17) since my last visit, one being malicious software removal tool dated June 2005. But nothing as far as a service pack.
I downloaded what was available for me and here is my new HiJack This log file.
  • 0

#6
Guest_usetobe_*

Guest_usetobe_*
  • Guest
No HJT log posted, however Please carry out the below procedure.

*Please go http://www.howtotell.com ]here[/URL] (Microsoft website) using Internet Explorer ( not Firefox or any other browser as they won't work)
*Click on "Windows Validation Assistant"
*Click on the "Validate Now" button.
*Be patient while the ActiveX loads, do not click on any links.
*Read the instructions on this page while it's loading. You will be prompted to install - click YES.
*Enter your product key then click "continue"
*When it says "Validation Complete" please click "Continue to return to your previous activity"
*Copy what it says and paste it here.
  • 0

#7
deegoofy

deegoofy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Forgot to post the hijack tihs log file.
Here it is.
The link you gave me won't accept the product key I gave it.
What should I do now?
Thanks
Dee
Logfile of HijackThis v1.99.1
Scan saved at 10:42:04 AM, on 6/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
F:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
F:\Program Files\Clie`\HOTSYNC.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
F:\Program Files\Spyware Apps\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - F:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - F:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKCU\..\Run: [Spyware Doctor] "F:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SnagIt 7.lnk = F:\Program Files\SnagIt 7\SnagIt32.exe
O4 - Startup: HotSync Manager.lnk = F:\Program Files\Clie`\HOTSYNC.EXE
O4 - Global Startup: America Online Tray Icon.lnk = F:\My Documents\America Online 8.0a\aoltray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\MSPUB2~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119616893620
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://www.crcivr.co...tivexviewer.cab
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\bStmeter.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#8
Guest_usetobe_*

Guest_usetobe_*
  • Guest
While we understand that you may not have been aware, your copy of Windows may not be legitimate.

Unfortunately, we are unable to help you any further on this site, as we have a strict policy we adhere to in only helping people who have legitmate copies of Windows.

In the event that you hold a legitimate copy of windows, please take the matter up with the system vendors.

Thank you for understanding.
  • 0

#9
deegoofy

deegoofy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Usetobe,
It didn't say anything about being not legitimate.
My pc was purchased from a computer store.
Would there be any reason to believe it was unuseable?
And you can't help me with the removal?
Thanks Anyway
Dee
  • 0

#10
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Dee,

The link i gave you takes you to Microsoft product verification link

If it does not accept the product key, that is an indication that the key is invalid.

If you follow this link and can upgrade to SP2, carry out a new HJT scan and post the log back, which indicates a successful upgrade, then i can help you.

SP2
  • 0

#11
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP