Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smithfraud (I think?) [RESOLVED]

Started by Summer_24 , Jul 16 2005 04:05 PM

  • This topic is locked This topic is locked

#136
Trevuren
Posted 28 July 2005 - 06:51 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A. Please UNINSTALL SpyCatcher from your Add/Remove Programs Console. It's reliability is in doubt. Tryst me. I will provide you with effective alternatives when we are finished.

B. For the mesenger popups, please do the following:

1. Click Start, and then click Control Panel (or point to Settings, and then click Control Panel).
2. Double-click Administrative Tools.
3. Double-click Services.
4. Double-click Messenger.
5. In the Startup type list, click Disabled.
6. Click Stop, and then click OK.

B. Now I want you to Run HJT, Scan and place a checkmark beside the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

With all windows closed, click Fix Checked and EXIT HJT.

C. REBOOT your system

D. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren
  • 0

Advertisements

#137
Summer_24
Posted 28 July 2005 - 08:18 PM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Here is this info, not sure if you wanted to see it...but I am now going to run the MWav log for you and will post back with it in a bit.

CleanUp! started on 07/28/05 20:59:01.
...
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[1].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[2] - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[2].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[3] - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[3].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[4] - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[4].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[5] - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[5].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[6].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\optn=1[7].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\people_300x250_15k[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\poll[1].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\popup[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\printshowtimes_button[1].jpg - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\profile[1].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\puccini_above_nav[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\p[1].asx - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\p[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\rapiTabUI_1_1[1].js - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\rapi_common_js_composite_1_26[1].js - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\Res-05Q2-F4-LL_v2_120x600[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\Res-05Q2-F4-LL_v2_120x600[2].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\rich=0[1].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\searching[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\search[2] - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\search_gobutton[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\search_hdr_search[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\search_hdr_vids[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\search_launch[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\segdrop[1].js - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\ServerCallback[1].js - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\shopgirl_135_001[1].jpg - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\smileysoff[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\Spotlight_468x60_8k_ST_cta2[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\station[1].css - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\sub_trailer[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\symbolsoff[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\system[1].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\s[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\tab_options_selected[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\tab_Radio_off[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\tab_songinfo_selected[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\Target_Ill_PAJ_300x250_22k[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\the_cranberries_1_th[1].jpg - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\tip_rightend[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\topnav_charts[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\topnav_dvd[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\topnav_dvd[2].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\topnav_games[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\topnav_home[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\topnav_news[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\topnav_photos[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\txt_album[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\txt_song[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\t[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\vol_0[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\vol_10[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\vol_7[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\vol_8[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\vol_9[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\vscroll_300x300[1].swf - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\xangalogosmall[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\xanga[1] - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\yreg_lite_v5[1].css - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\z1951132[1].jpg - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\z2213036[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\z2519729[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\z5366497[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\z6736277[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\z7641986[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\zapfact[1].gif - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\zp_home[1].css - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\zp_mve_boxoffice_over[1].jpg - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\zp_mve_contests_over[1].jpg - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\zp_mve_showtimes_in[1].jpg - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\_;ord=1122492365219173[1].htm - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\_;ord=1122492449419697[1] - deleted
D:\Documents and Settings\Sherry\locals~1\tempor~1\Content.IE5\WTQNKTAR\_;ord=1122492449419697[1].htm - deleted
D:\Documents and Settings\Sherry\Local Settings\History\History.IE5\index.dat - deleted
D:\Documents and Settings\Sherry\Local Settings\History\History.IE5\MSHist012005072820050729\index.dat - deleted
D:\Documents and Settings\Sherry\Local Settings\History\History.IE5\MSHist012005072820050729\ - deleted
D:\Documents and Settings\Sherry\Local Settings\Temp\msohtml1\01\ - deleted
D:\Documents and Settings\Sherry\Local Settings\Temp\msohtml1\ - deleted
D:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
D:\Documents and Settings\LocalService.NT AUTHORITY\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
D:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
D:\Documents and Settings\Administrator\Cookies\index.dat - deleted
D:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\index.dat - deleted
D:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat - deleted
D:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012005071820050725\index.dat - deleted
D:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012005071820050725\ - deleted
D:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012005072720050728\index.dat - deleted
D:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012005072720050728\ - deleted
D:\WINDOWS\Prefetch\AD-AWARE.EXE-1853B83A.pf - deleted
D:\WINDOWS\Prefetch\AIM.EXE-18826231.pf - deleted
D:\WINDOWS\Prefetch\ASPNET_REGIIS.EXE-0512C5C9.pf - deleted
D:\WINDOWS\Prefetch\AUPDATE.EXE-223E3682.pf - deleted
D:\WINDOWS\Prefetch\CCAPP.EXE-10E11A7C.pf - deleted
D:\WINDOWS\Prefetch\CCPWDSVC.EXE-2B02364B.pf - deleted
D:\WINDOWS\Prefetch\CCSETMGR.EXE-022FAA6A.pf - deleted
D:\WINDOWS\Prefetch\CDSTART.EXE-1812A523.pf - deleted
D:\WINDOWS\Prefetch\CFGWIZ.EXE-175899EE.pf - deleted
D:\WINDOWS\Prefetch\CLEANUP.EXE-0ACAE2A3.pf - deleted
D:\WINDOWS\Prefetch\CLEANUP40.EXE-2DE36D62.pf - deleted
D:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf - deleted
D:\WINDOWS\Prefetch\CNMSM38.EXE-27A39BA1.pf - deleted
D:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf - deleted
D:\WINDOWS\Prefetch\DELETESATELLITE.EXE-0BFE47CD.pf - deleted
D:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf - deleted
D:\WINDOWS\Prefetch\DLLHOST.EXE-178D6435.pf - deleted
D:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf - deleted
D:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf - deleted
D:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf - deleted
D:\WINDOWS\Prefetch\EWIDO-SETUP.EXE-39F1F25D.pf - deleted
D:\WINDOWS\Prefetch\EWIDOCTRL.EXE-26F6347E.pf - deleted
D:\WINDOWS\Prefetch\EWIDOGUARD.EXE-073C0136.pf - deleted
D:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf - deleted
D:\WINDOWS\Prefetch\HIJACKTHIS.EXE-0FDAF2E1.pf - deleted
D:\WINDOWS\Prefetch\IDSINST.EXE-14785333.pf - deleted
D:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf - deleted
D:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf - deleted
D:\WINDOWS\Prefetch\IRALRSHL.EXE-02110C3E.pf - deleted
D:\WINDOWS\Prefetch\IRALRSHL.EXE-05A9DFF1.pf - deleted
D:\WINDOWS\Prefetch\KAV.EXE-2BACB530.pf - deleted
D:\WINDOWS\Prefetch\KAV5.0.372_PERSONALEN.EXE-1A71FED0.pf - deleted
D:\WINDOWS\Prefetch\KAV5.0TRIAL_PERSONALEN.EXE-2D896764.pf - deleted
D:\WINDOWS\Prefetch\KAVSS.EXE-2BB88979.pf - deleted
D:\WINDOWS\Prefetch\KAVSVC.EXE-26118E15.pf - deleted
D:\WINDOWS\Prefetch\KAVUNINSTALL.EXE-0A64FACD.pf - deleted
D:\WINDOWS\Prefetch\Layout.ini - deleted
D:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf - deleted
D:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf - deleted
D:\WINDOWS\Prefetch\LSETUP.EXE-109EDA4D.pf - deleted
D:\WINDOWS\Prefetch\LSETUP.EXE-1E7FB588.pf - deleted
D:\WINDOWS\Prefetch\LSETUP.EXE-225472C4.pf - deleted
D:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf - deleted
D:\WINDOWS\Prefetch\LUINIT.EXE-00A82795.pf - deleted
D:\WINDOWS\Prefetch\LUSETUP.EXE-3613F620.pf - deleted
D:\WINDOWS\Prefetch\MOFCOMP.EXE-266B2314.pf - deleted
D:\WINDOWS\Prefetch\MSDTC.EXE-1D9D8668.pf - deleted
D:\WINDOWS\Prefetch\MSI4660.TMP-1778BA39.pf - deleted
D:\WINDOWS\Prefetch\MSI4663.TMP-0D1F8495.pf - deleted
D:\WINDOWS\Prefetch\MSI6D.TMP-1B66BE86.pf - deleted
D:\WINDOWS\Prefetch\MSI74.TMP-2F15E834.pf - deleted
D:\WINDOWS\Prefetch\MSI8C.TMP-0693144E.pf - deleted
D:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf - deleted
D:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf - deleted
D:\WINDOWS\Prefetch\MSNMUSIC.EXE-07A911F6.pf - deleted
D:\WINDOWS\Prefetch\MWAV.EXE-08492FF1.pf - deleted
D:\WINDOWS\Prefetch\MWAVL.EXE-0512A22A.pf - deleted
D:\WINDOWS\Prefetch\MWAVSCAN.COM-0714364B.pf - deleted
D:\WINDOWS\Prefetch\NAVAPSVC.EXE-373AFFC7.pf - deleted
D:\WINDOWS\Prefetch\NAVSETUP.EXE-22BAF8A7.pf - deleted
D:\WINDOWS\Prefetch\NAVW32.EXE-32139521.pf - deleted
D:\WINDOWS\Prefetch\NDETECT.EXE-2DABC14D.pf - deleted
D:\WINDOWS\Prefetch\NMAIN.EXE-3A3D97F1.pf - deleted
D:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf - deleted
D:\WINDOWS\Prefetch\NPFMNTOR.EXE-076B5999.pf - deleted
D:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
D:\WINDOWS\Prefetch\OSA.EXE-28494AD2.pf - deleted
D:\WINDOWS\Prefetch\PROTECTOR.EXE-2A3C3DDC.pf - deleted
D:\WINDOWS\Prefetch\READER_SL.EXE-2FCCA463.pf - deleted
D:\WINDOWS\Prefetch\REGEDIT.COM-0204AD01.pf - deleted
D:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf - deleted
D:\WINDOWS\Prefetch\REGSVCS.EXE-33F2D919.pf - deleted
D:\WINDOWS\Prefetch\REGTLIB.EXE-218F5E95.pf - deleted
D:\WINDOWS\Prefetch\RUNDLL32.EXE-48593C85.pf - deleted
D:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf - deleted
D:\WINDOWS\Prefetch\RUNDLL32.EXE-53B07FB0.pf - deleted
D:\WINDOWS\Prefetch\RUNDLL32.EXE-63C03B96.pf - deleted
D:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf - deleted
D:\WINDOWS\Prefetch\RUNDLL32.EXE-749FF1F1.pf - deleted
D:\WINDOWS\Prefetch\SAVSCAN.EXE-051DA123.pf - deleted
D:\WINDOWS\Prefetch\SBSERV.EXE-01EB0FE7.pf - deleted
D:\WINDOWS\Prefetch\SCHEDULER DAEMON.EXE-30EA18BC.pf - deleted
D:\WINDOWS\Prefetch\SCRNSAVE.SCR-22431769.pf - deleted
D:\WINDOWS\Prefetch\SECURITYSUITE.EXE-2EFD625D.pf - deleted
D:\WINDOWS\Prefetch\SETUP_WM.EXE-02751BCA.pf - deleted
D:\WINDOWS\Prefetch\SEVINST.EXE-084F24D4.pf - deleted
D:\WINDOWS\Prefetch\SEVINST.EXE-15F17D5C.pf - deleted
D:\WINDOWS\Prefetch\SEVINST.EXE-278366F6.pf - deleted
D:\WINDOWS\Prefetch\SEVINST.EXE-35F71423.pf - deleted
D:\WINDOWS\Prefetch\SNDMON.EXE-1C89C7E1.pf - deleted
D:\WINDOWS\Prefetch\SPOOLSV.EXE-3A613CE3.pf - deleted
D:\WINDOWS\Prefetch\SPYCATCHER.EXE-0529AB82.pf - deleted
D:\WINDOWS\Prefetch\SS3DFO.SCR-185D0794.pf - deleted
D:\WINDOWS\Prefetch\SSBEZIER.SCR-1373A4A2.pf - deleted
D:\WINDOWS\Prefetch\SSFLWBOX.SCR-00C6F4BF.pf - deleted
D:\WINDOWS\Prefetch\SSMARQUE.SCR-35153EB5.pf - deleted
D:\WINDOWS\Prefetch\SSMYST.SCR-1C65A016.pf - deleted
D:\WINDOWS\Prefetch\SSPIPES.SCR-111D20AE.pf - deleted
D:\WINDOWS\Prefetch\SSSTARS.SCR-3464C062.pf - deleted
D:\WINDOWS\Prefetch\SSTEXT3D.SCR-0586736D.pf - deleted
D:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf - deleted
D:\WINDOWS\Prefetch\SYMANT~1.EXE-23A50F08.pf - deleted
D:\WINDOWS\Prefetch\SYMLCSVC.EXE-01121225.pf - deleted
D:\WINDOWS\Prefetch\SYMLCSVC.EXE-2CB155BD.pf - deleted
D:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf - deleted
D:\WINDOWS\Prefetch\THGUARD.EXE-0CB357A2.pf - deleted
D:\WINDOWS\Prefetch\UNLODCTR.EXE-282BB609.pf - deleted
D:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf - deleted
D:\WINDOWS\Prefetch\USRPRMPT.EXE-3B41CCA8.pf - deleted
D:\WINDOWS\Prefetch\VCCLNUP0.EXE-069410FD.pf - deleted
D:\WINDOWS\Prefetch\VCSETUP.EXE-06411B4C.pf - deleted
D:\WINDOWS\Prefetch\VCSETUP.EXE-12270EB3.pf - deleted
D:\WINDOWS\Prefetch\WDFMGR.EXE-22A3D9C5.pf - deleted
D:\WINDOWS\Prefetch\WINHLP32.EXE-16D564B3.pf - deleted
D:\WINDOWS\Prefetch\WINWORD.EXE-0614BEA2.pf - deleted
D:\WINDOWS\Prefetch\WMIADAP.EXE-32F99497.pf - deleted
D:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf - deleted
D:\WINDOWS\Prefetch\WMPENC.EXE-11E5A64D.pf - deleted
D:\WINDOWS\Prefetch\WMSETSDK.EXE-272D3FD6.pf - deleted
D:\WINDOWS\Prefetch\WSCRIPT.EXE-0C5C5251.pf - deleted
D:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf - deleted
D:\WINDOWS\Prefetch\YMSGR_TRAY.EXE-1ED50356.pf - deleted
D:\WINDOWS\Prefetch\YPAGER.EXE-02DBD849.pf - deleted
D:\WINDOWS\Prefetch\YUPDATER.EXE-3127A058.pf - deleted
D:\WINDOWS\Prefetch\{C6F5B6CF-609C-428E-876F-CA83-0E235E12.pf - deleted
D:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\index.dat - deleted
D:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
D:\Documents and Settings\Sherry\Application Data\Aim\usinorny\stoneddarepopo\urlcache\aim7.tmp - deleted
D:\Documents and Settings\Summer\Application Data\Aim\bakhczwn\crazy2002chick\urlcache\aim24.tmp - deleted
D:\Documents and Settings\Summer\Application Data\Aim\bakhczwn\sunshinewalkin24\urlcache\aim22.tmp - deleted
D:\Documents and Settings\Summer\Application Data\Aim\bakhczwn\uwannamykiss\urlcache\aim21.tmp - deleted
D:\Documents and Settings\Summer\Application Data\Microsoft\Office\Recent\index.dat - deleted
D:\Documents and Settings\Summer\Application Data\Microsoft\Templates\~$Normal.dot - deleted
D:\Documents and Settings\Summer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
D:\Documents and Settings\Summer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
D:\Documents and Settings\Summer\Local Settings\History\History.IE5\MSHist012005072820050729\index.dat - deleted
D:\Documents and Settings\Summer\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
D:\Documents and Settings\Summer\My Documents\~WRD0003.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil1.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil10.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil11.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil12.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil13.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil14.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil15.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil16.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil17.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil18.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil19.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil1A.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil1B.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil1C.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil1D.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil1E.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil1F.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil2.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil20.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil21.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil22.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil23.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil24.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil25.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil26.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil27.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil28.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil29.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil2A.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil2B.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil2C.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil2D.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil2E.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil2F.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil3.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil30.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil31.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil32.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil33.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil34.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil35.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil36.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil37.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil38.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil39.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil3A.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil3B.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil3C.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil3D.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil3E.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil3F.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil4.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil40.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil41.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil42.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil43.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil44.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil45.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil46.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil47.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil48.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil49.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil4A.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil4B.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil4C.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil4D.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil4E.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil4F.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil5.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil50.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil51.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil52.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil53.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil54.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil55.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil56.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil57.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil58.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil59.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil5A.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil5B.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil5C.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil5D.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil5E.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil5F.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil6.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil60.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil61.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil62.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil63.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil64.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil65.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil66.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil67.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil68.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil69.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil6A.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil6B.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil6C.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil6D.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil6E.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil6F.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil7.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil70.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil71.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil72.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil73.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil74.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil75.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil76.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil77.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil78.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil79.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil7A.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil8.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\fil9.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\filA.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\filB.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\filC.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\filD.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\filE.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\filF.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\reg1.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\reg2.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\reg3.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\reg4.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\reg5.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\reg6.tmp - deleted
D:\Program Files\ewido\security suite\Quarantine\reg7.tmp - deleted
D:\WINDOWS\inf\mplayer2.bak - deleted
D:\WINDOWS\Resources\Themes\Luna\luna.msstyles - deleted
D:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
D:\WINDOWS\system32\CatRoot2\edb.chk - deleted
D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - deleted
D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - deleted
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
Emptied Recycle Bin on drive D:
'Run MRU' list - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 242.2 MB of disk space from 2869 files.
CleanUp! finished on 07/28/05 21:15:39.

Edited by Summer_24, 28 July 2005 - 08:19 PM.

  • 0

#138
Summer_24
Posted 28 July 2005 - 10:01 PM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Here's my HJT log, I am still running the MWav scan, and will post back with that later. Thanks,
Summer


Logfile of HijackThis v1.99.1
Scan saved at 10:59:15 PM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AIM\aim.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\Hijackthis\HijackThis.exe
D:\WINDOWS\System32\imapi.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Protector.lnk = D:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = D:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121549626671
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
  • 0

#139
Summer_24
Posted 29 July 2005 - 03:00 AM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Here is the MWav scan you asked for!

File D:\Documents and Settings\Summer\Desktop\l2mfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
Object "coolwebsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "isearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "roings Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "D:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{03B1C4D9-BC71-8916-38AD-9DEA5D213614}" refers to invalid object "D:\WINDOWS\System32\rch.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BC9BC01-54D4-4CCE-2B7D-955164314CD4}" refers to invalid object "D:\WINDOWS\System32\trf32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{203B1C4D9-BC71-8916-38AD-9DEA5D213614}" refers to invalid object "D:\WINDOWS\System32\bre.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC54B24C-5A97-4C19-9181-8B8A05B2E931}" refers to invalid object "D:\WINDOWS\System32\nsj6C.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BD9584EF-C28C-4F6D-8D49-0CEE3C0E442F}" refers to invalid object "D:\WINDOWS\System32\nsj6C.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BF231BE2-D7C9-406A-B047-58C3993C1E11}" refers to invalid object "vr_sys.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C7888681-1A83-4C14-B9A5-95F91240B44F}" refers to invalid object "D:\WINDOWS\System32\nsj6C.dll". Action Taken: No Action Taken.
Entry "HKCR\btnetw.ohb" refers to invalid object "{9ADE0443-2AB2-4B23-A3F8-AC520773DE12}". Action Taken: No Action Taken.
Entry "HKCR\btnetw.ohb.1" refers to invalid object "{9ADE0443-2AB2-4B23-A3F8-AC520773DE12}". Action Taken: No Action Taken.
Entry "HKCR\LowSol.RichEditor" refers to invalid object "{F79A2C4B-8776-4ED7-8B2F-4786A4A3500A}". Action Taken: No Action Taken.
Entry "HKCR\LowSol.RichEditor.1" refers to invalid object "{F79A2C4B-8776-4ED7-8B2F-4786A4A3500A}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MiniBugTransporter.MiniBugTransporterX" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken.
Entry "HKCR\MiniBugTransporter.MiniBugTransporterX.1" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WFAFO1CF\silent_install[1].exe tagged as "not-a-virus:AdWare.ToolBar.EliteBar.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mshpeb.dll tagged as "not-a-virus:AdWare.WebSearch.c". Action Taken: No Action Taken.
File C:\WINDOWS\system32\msnapl.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe tagged as "not-a-virus:AdWare.WebRebates.g". Action Taken: No Action Taken.
File C:\WINDOWS\system32\msacm324.exe.tcf tagged as "not-a-virus:AdWare.IEDriver.a". Action Taken: No Action Taken.
File C:\WINDOWS\Temp\setup.exe tagged as "not-a-virus:AdWare.IEDriver.a". Action Taken: No Action Taken.
File C:\WINDOWS\eZinstall.exe tagged as "not-a-virus:AdWare.EZula.ak". Action Taken: No Action Taken.
File C:\WINDOWS\2020install.exe tagged as "not-a-virus:AdWare.ToolBar.IeSearchBar.b". Action Taken: No Action Taken.
File C:\Documents and Settings\summer\Local Settings\Temp\bar.exe tagged as "not-a-virus:AdWare.ToolBar.IeSearchBar". Action Taken: No Action Taken.
File C:\Documents and Settings\summer\Local Settings\Temp\ss_cdt_setup.exe tagged as "not-a-virus:AdWare.Sidesearch.e". Action Taken: No Action Taken.
File C:\Documents and Settings\sarah\Local Settings\Temp\uninstall.exe tagged as "not-a-virus:AdWare.ToolBar.EliteBar.d". Action Taken: No Action Taken.
File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Common Files\GMT\GUninstaller.exe tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
File C:\Program Files\CxtPls\WinGenerics.dll.tcf tagged as "not-a-virus:AdWare.Apropos.f". Action Taken: No Action Taken.
File C:\Program Files\STC\sahagent-icmedia1002.exe.tcf tagged as "not-a-virus:AdWare.Sahat.a". Action Taken: No Action Taken.
File C:\Program Files\STC\bs5-vmk1.exe tagged as "not-a-virus:AdWare.BookedSpace.b". Action Taken: No Action Taken.
File C:\Program Files\PrecisionTime\PTUninstaller.exe tagged as "not-a-virus:AdWare.Gator.6040". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP199\A0107770.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP199\A0107774.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP199\A0109939.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP199\A0110212.dll.tcf tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP205\A0117941.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP205\A0120036.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP205\A0120031.dll.tcf tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP191\A0104879.EXE.tcf tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP198\A0107743.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP200\A0110377.exe tagged as "not-a-virus:AdWare.SaveNow.s". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP200\A0110378.dll tagged as "not-a-virus:AdWare.SaveNow.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP203\A0114773.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP206\A0124101.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP208\A0125125.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP214\A0126417.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP215\A0131580.dll tagged as "not-a-virus:AdWare.ToolBar.404Search.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP215\A0132589.dll tagged as "not-a-virus:AdWare.TotalVelocity.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP215\A0132590.dll tagged as "not-a-virus:AdWare.TotalVelocity.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP216\A0139651.exe.tcf tagged as "not-a-virus:AdWare.IEDriver.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP217\A0139694.dll tagged as "not-a-virus:AdWare.TotalVelocity.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP217\A0139695.dll tagged as "not-a-virus:AdWare.TotalVelocity.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP218\A0141215.exe.tcf tagged as "not-a-virus:AdWare.WebRebates.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP218\A0141216.exe.tcf tagged as "not-a-virus:AdWare.HelpExpress". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{235B0007-D5EC-4511-9B60-18534F99342D}\RP51\A0005383.exe.tcf tagged as "not-a-virus:AdWare.Apropos.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{235B0007-D5EC-4511-9B60-18534F99342D}\RP51\A0005386.dll.tcf tagged as "not-a-virus:AdWare.Apropos.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{235B0007-D5EC-4511-9B60-18534F99342D}\RP51\A0005406.dll.tcf tagged as "not-a-virus:AdWare.Apropos.e". Action Taken: No Action Taken.
File C:\l2mfix.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File D:\Documents and Settings\Summer\Desktop\l2mfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File D:\Program Files\Norton AntiVirus\Quarantine\1AD93AD7.exe tagged as "not-a-virus:AdWare.WebSearch.an". Action Taken: No Action Taken.
File D:\Program Files\Norton AntiVirus\Quarantine\25253461.exe tagged as "not-a-virus:AdWare.WebSearch.an". Action Taken: No Action Taken.
File D:\Program Files\Norton AntiVirus\Quarantine\6CCB1D7D.exe tagged as "not-a-virus:AdWare.WebSearch.an". Action Taken: No Action Taken.
File D:\Program Files\Norton AntiVirus\Quarantine\7306189A.exe tagged as "not-a-virus:AdWare.WebSearch.an". Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WFAFO1CF\silent_install[1].exe tagged as "not-a-virus:AdWare.ToolBar.EliteBar.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mshpeb.dll tagged as "not-a-virus:AdWare.WebSearch.c". Action Taken: No Action Taken.
File C:\WINDOWS\system32\msnapl.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe tagged as "not-a-virus:AdWare.WebRebates.g". Action Taken: No Action Taken.
File C:\WINDOWS\system32\msacm324.exe.tcf tagged as "not-a-virus:AdWare.IEDriver.a". Action Taken: No Action Taken.
File C:\WINDOWS\Temp\setup.exe tagged as "not-a-virus:AdWare.IEDriver.a". Action Taken: No Action Taken.
File C:\WINDOWS\eZinstall.exe tagged as "not-a-virus:AdWare.EZula.ak". Action Taken: No Action Taken.
File C:\WINDOWS\2020install.exe tagged as "not-a-virus:AdWare.ToolBar.IeSearchBar.b". Action Taken: No Action Taken.
File C:\Documents and Settings\summer\Local Settings\Temp\bar.exe tagged as "not-a-virus:AdWare.ToolBar.IeSearchBar". Action Taken: No Action Taken.
File C:\Documents and Settings\summer\Local Settings\Temp\ss_cdt_setup.exe tagged as "not-a-virus:AdWare.Sidesearch.e". Action Taken: No Action Taken.
File C:\Documents and Settings\sarah\Local Settings\Temp\uninstall.exe tagged as "not-a-virus:AdWare.ToolBar.EliteBar.d". Action Taken: No Action Taken.
File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Common Files\GMT\GUninstaller.exe tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
File C:\Program Files\CxtPls\WinGenerics.dll.tcf tagged as "not-a-virus:AdWare.Apropos.f". Action Taken: No Action Taken.
File C:\Program Files\STC\sahagent-icmedia1002.exe.tcf tagged as "not-a-virus:AdWare.Sahat.a". Action Taken: No Action Taken.
File C:\Program Files\STC\bs5-vmk1.exe tagged as "not-a-virus:AdWare.BookedSpace.b". Action Taken: No Action Taken.
File C:\Program Files\PrecisionTime\PTUninstaller.exe tagged as "not-a-virus:AdWare.Gator.6040". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP199\A0107770.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP199\A0107774.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP199\A0109939.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP199\A0110212.dll.tcf tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP205\A0117941.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP205\A0120036.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP205\A0120031.dll.tcf tagged as "not-a-virus:AdWare.F1Organizer.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP191\A0104879.EXE.tcf tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP198\A0107743.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP200\A0110377.exe tagged as "not-a-virus:AdWare.SaveNow.s". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP200\A0110378.dll tagged as "not-a-virus:AdWare.SaveNow.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP203\A0114773.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP206\A0124101.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP208\A0125125.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP214\A0126417.dll tagged as "not-a-virus:AdWare.ClientMan". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP215\A0131580.dll tagged as "not-a-virus:AdWare.ToolBar.404Search.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP215\A0132589.dll tagged as "not-a-virus:AdWare.TotalVelocity.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP215\A0132590.dll tagged as "not-a-virus:AdWare.TotalVelocity.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP216\A0139651.exe.tcf tagged as "not-a-virus:AdWare.IEDriver.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP217\A0139694.dll tagged as "not-a-virus:AdWare.TotalVelocity.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP217\A0139695.dll tagged as "not-a-virus:AdWare.TotalVelocity.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP218\A0141215.exe.tcf tagged as "not-a-virus:AdWare.WebRebates.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{66783AE0-D228-45B1-B07B-87ECDBEA3460}\RP218\A0141216.exe.tcf tagged as "not-a-virus:AdWare.HelpExpress". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{235B0007-D5EC-4511-9B60-18534F99342D}\RP51\A0005383.exe.tcf tagged as "not-a-virus:AdWare.Apropos.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{235B0007-D5EC-4511-9B60-18534F99342D}\RP51\A0005386.dll.tcf tagged as "not-a-virus:AdWare.Apropos.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{235B0007-D5EC-4511-9B60-18534F99342D}\RP51\A0005406.dll.tcf tagged as "not-a-virus:AdWare.Apropos.e". Action Taken: No Action Taken.
File C:\l2mfix.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
  • 0

#140
Trevuren
Posted 29 July 2005 - 11:32 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Good work Summer,

1. I now want you to DELETE the following files/ folders with all their content:

D:\Documents and Settings\Summer\Desktop\l2mfix<===Folder
D:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
D:\WINDOWS\System32\rch.dll
D:\WINDOWS\System32\trf32.dll
D:\WINDOWS\System32\bre.dll
D:\WINDOWS\System32\nsj6C.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WFAFO1CF<===Folder
C:\WINDOWS\system32\mshpeb.dll
C:\WINDOWS\system32\msnapl.dll
C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe
C:\WINDOWS\system32\msacm324.exe
C:\WINDOWS\eZinstall.exe
C:\WINDOWS\2020install.exe
C:\WINDOWS\Temp<===Not the folder but the content
C:\Documents and Settings\sarah\Local Settings\Temp<==Not the folder but the content.
C:\Program Files\CxtPls<===Folder
C:\Program Files\STC<===Folder

2. Once these have been DELETED, Please REBOOT your system into Safe Mode

3. Run EWIDO in Safe MODE as well as Ad-Aware.

4. REBOOT back into Normal Mode

5. Tell me if the procedures I gave you have fixed the messenger popups.

6. Tell me if there are any other strange things happening to your system.

7. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren
  • 0

#141
Summer_24
Posted 30 July 2005 - 01:01 PM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I was able to find and delete everything except for:
D:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
D:\WINDOWS\System32\rch.dll
D:\WINDOWS\System32\trf32.dll
D:\WINDOWS\System32\bre.dll
D:\WINDOWS\System32\nsj6C.dll


I did find folders that had rch32.dll and bre32.dll though, should I delete those or leave them? What should I do next? Would you just like me to leave them be and carry on with going into safe mode?

I just found the Downloaded Program Files folder but the only things listed in it are Shockwave Flash Object
LSSupCTl Class
HouseCall Control
CKAVWebScan Object
ActiveScan Installer Class
ActiveData Info Class
WUWebControl Class

Edited by Summer_24, 30 July 2005 - 01:18 PM.

  • 0

#142
Trevuren
Posted 30 July 2005 - 01:19 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Pleae DELETE both of the following files as ther trojan downloaders:

rch32.dll and bre32.dll

2. Then please continue


Regards,


Trevuren
  • 0

#143
Summer_24
Posted 30 July 2005 - 01:29 PM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Alright, both of those are deleted and I will run the EWIDO and Ad-Aware scan now and post back later.
  • 0

#144
Trevuren
Posted 30 July 2005 - 01:31 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Go get'em Summer :tazz:


Trevuren
  • 0

#145
Summer_24
Posted 30 July 2005 - 02:58 PM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
I havent noticed any of the popups I had been having trouble with a few days ago. I think we took care of the problem!! Here's the new HJT log....

Logfile of HijackThis v1.99.1
Scan saved at 3:57:45 PM, on 7/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AIM\aim.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Protector.lnk = D:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = D:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121549626671
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

Edited by Summer_24, 30 July 2005 - 02:59 PM.

  • 0

Advertisements

#146
Trevuren
Posted 30 July 2005 - 03:06 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
1. Right-click "My Computer", and then left click "Properties".
2. Left click on "System Restore Tab"
3. Check box beside "Turn Off System Restore"
4. Left click on "Apply"

TO ENABLE SYSTEM RESTORE
1.Remove check mark from "Turn Off System Restore"
2.Click on "Apply"

2. Cleanup the leftovers. Download CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.


3. Finally, Re-hide your System Files and Folders to prevent any future accidents.


Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren
  • 0

#147
Summer_24
Posted 30 July 2005 - 03:10 PM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Thanks for all those preventative tools, I will definitely download and install them! Do you have any suggestions for me as far as antivirus programs go? I am not having much luck reinstalling my nortons.
Also, what should I do with all the items I downloaded to my desktop to help fix and clean up all the infections on my computer? Should I just leave them, theres a lot of them?
And one more little picky thing...I still have that icon downloaded to my desktop that has a picture of a girls face on it and reads "Free XXX" underneath it, when I try to right click and delete it, it says you can only delete it from the add/remove programs...but I dont see anything with "Free XXX" in the add/remove programs box.
Thanks for the advice.

Edited by Summer_24, 30 July 2005 - 03:16 PM.

  • 0

#148
Trevuren
Posted 30 July 2005 - 03:34 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I am not permitted to endorse one product over another but I can tell you that I use Kasperky.


Trevuren
  • 0

#149
Summer_24
Posted 30 July 2005 - 10:56 PM

Summer_24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Ok, thats cool...should I leave all of those icons on my desktop or is it ok to delete them?
  • 0

#150
Trevuren
Posted 30 July 2005 - 11:59 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
DELETE any icon that you don't want.

I am closing the thread as our business idsdone. It was lengthy but we both learned a lot.


Trevuren
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP