Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Getting rid of search180/bargain/powerscan [RESOLVED]

Started by richardparker , Jul 26 2005 01:25 AM

  • This topic is locked This topic is locked

#1
richardparker
Posted 26 July 2005 - 01:25 AM

richardparker

    Member

  • Member
  • PipPip
  • 23 posts
Basically i have had all these things on the computer for a while and keep running ad-aware, spybot, ccleaner, hijack this along with a few others but they keep coming back...ive deleated a few files which I thought were involved and sometimes it might stay away for a day or so but then it comes back with avengence...i have attached log files from adaware and hijack this below...like i said this is within a day as I ran and supposedly got rid of everything yesterday...
help much appreciated...thanks


Ad-Aware SE Build 1.06r1
Logfile Created on:26 July 2005 08:06:48
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R56 21.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):34 total references
BargainBuddy(TAC index:8):80 total references
DyFuCA(TAC index:3):91 total references
Hijacker.TopConverting(TAC index:5):1 total references
istbar(TAC index:7):29 total references
MicroGaming(TAC index:4):1 total references
MRU List(TAC index:0):2 total references
Other(TAC index:5):13 total references
Possible Browser Hijack attempt(TAC index:3):7 total references
Powerscan(TAC index:5):9 total references
SideFind(TAC index:5):36 total references
Surfaccuracy(TAC index:5):2 total references
Tracking Cookie(TAC index:3):6 total references
YourSiteBar(TAC index:6):13 total references
Zango(TAC index:6):11 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


26-07-2005 08:06:48 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1078145449-1708537768-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 712
ThreadCreationTime : 25-07-2005 16:24:03
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 796
ThreadCreationTime : 25-07-2005 16:24:04
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 820
ThreadCreationTime : 25-07-2005 16:24:05
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 25-07-2005 16:24:05
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 880
ThreadCreationTime : 25-07-2005 16:24:05
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 25-07-2005 16:24:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1232
ThreadCreationTime : 25-07-2005 16:24:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1304
ThreadCreationTime : 25-07-2005 16:24:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1552
ThreadCreationTime : 25-07-2005 16:24:09
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1608
ThreadCreationTime : 25-07-2005 16:24:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [wlancfg5.exe]
FilePath : C:\Program Files\NETGEAR MA521 Adapter\
ProcessID : 1828
ThreadCreationTime : 25-07-2005 16:24:11
BasePriority : Normal
FileVersion : 1, 2, 0, 4
ProductVersion : 1, 2, 0, 4
ProductName : ClientCU Application
InternalName : ClientCU
LegalCopyright : Copyright © 2003

#:12 [partypoker.exe]
FilePath : C:\Program Files\PartyPoker\
ProcessID : 536
ThreadCreationTime : 26-07-2005 05:58:32
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : PartyPoker.com client
CompanyName : iGlobalMedia.com
FileDescription : PartyPokerClient Application
InternalName : PartyPoker client program
LegalCopyright : Copyright © 2001
OriginalFilename : PartyPoker.exe

#:13 [poker.exe]
FilePath : C:\Program Files\Betfair Poker\
ProcessID : 3800
ThreadCreationTime : 26-07-2005 06:06:15
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Poker Module
CompanyName : WagerLogic
FileDescription : Poker Module
InternalName : Poker
LegalCopyright : Copyright © WagerLogic 1997-2002
OriginalFilename : Poker.EXE

#:14 [istsvc.exe]
FilePath : C:\Program Files\ISTsvc\
ProcessID : 4072
ThreadCreationTime : 26-07-2005 06:30:01
BasePriority : Normal


#:15 [rmhidmx.exe]
FilePath : C:\WINDOWS\
ProcessID : 1640
ThreadCreationTime : 26-07-2005 06:30:01
BasePriority : Normal


istbar Object Recognized!
Type : Process
Data : rmhidmx.exe
TAC Rating : 7
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\


Warning! istbar Object found in memory(C:\WINDOWS\rmhidmx.exe)

"C:\WINDOWS\rmhidmx.exe"Process terminated successfully
"C:\WINDOWS\rmhidmx.exe"Process terminated successfully

#:16 [sacc.exe]
FilePath : C:\Program Files\SurfAccuracy\
ProcessID : 1764
ThreadCreationTime : 26-07-2005 06:30:25
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SAcc Application
InternalName : SAcc
LegalCopyright : Copyright © 2004
OriginalFilename : SAcc.EXE

#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1048
ThreadCreationTime : 26-07-2005 06:43:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2868
ThreadCreationTime : 26-07-2005 07:06:25
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21b4acc4-8874-4aec-aeac-f567a249b4d4}

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21b4acc4-8874-4aec-aeac-f567a249b4d4}
Value : AppID

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b178417-3cda-444f-94ff-312c0a3a78a8}

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ncmyb.sabho

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ncmyb.sabho.1

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{68bf4626-d66b-4383-a6af-62e57e9b6cd4}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ysb.ysbobj.1

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ysb.ysbobj

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0985c112-2562-46f2-8da6-92648ba4630f}

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper.1

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder.1

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da}

YourSiteBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}

YourSiteBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}

YourSiteBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller.1

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.requiredcomponent

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.requiredcomponent.1

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0ac49246-419b-4ee0-8917-8818daad6a4e}

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\ist
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\ist
Value : config

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\ist
Value : Recover

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\avenue media

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{21b4acc4-8874-4aec-aeac-f567a249b4d4}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : Binary

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ConfigUpdateQueryUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ADDataUpdateQueryUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SoftwareUpdateQueryUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerName

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerPath

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SliderLegalText

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerPort

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UpdateQueryDuration

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UpdateQueryFailedDuration

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : BuildNumber

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : AdvDelaySec

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TrackingFileFlag

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : RestartADPDuration

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TimeOutInterval

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : FirstHit

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : PartnerName

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : PartnerID

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SystemInstallTime

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TempUniqueKey

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UniqueKey

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : IdleMinutesThreshold

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MinMinutesBetweenTwoADs

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MaxDomainCap

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MinCountOfUrlsBetweenTwoADs

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MaxDailyCapPerUSer

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ConfigVersion

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ADDataVersion

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : LastQueryTime

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : LastADPRestart

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : UninstallString

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : Publisher

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : URLInfoAbout

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayVersion

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayIcon

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoModify

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoRepair

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : last_conn_l

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : we

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : cdata

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : TimeOffset

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : geourl_current_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : geourl_last_full_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : actionurl_current_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : actionurl_last_full_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : keyword_current_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : keyword_last_full_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : recent_shown

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : key_int_high

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\sais
Value : key_int_low

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : duid

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : partner_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : product_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : umt

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gma

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gvi

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gpi

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : boom

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : boom_ver

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dyfuca

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-1078145449-1708537768-1003\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : DisplayName

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : UninstallString

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_name

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : ui

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_initial_delay

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_limit

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_count

DyFuCA Object Recognized!
Type : RegValue
Data
  • 0

Advertisements

#2
richardparker
Posted 26 July 2005 - 01:28 AM

richardparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
think it has cut some off the bottom so here is the hijack this log again...

Logfile of HijackThis v1.99.1
Scan saved at 08:24:31, on 26/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR MA521 Adapter\wlancfg5.exe
C:\Program Files\PartyPoker\PartyPoker.exe
C:\Program Files\Betfair Poker\Poker.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [gbABCG] C:\WINDOWS\rmhidmx.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [qxsv] C:\WINDOWS\qxsv.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR MA521 Adapter\wlancfg5.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...b_ringtones.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/d...onale_ver15.CAB
O23 - Service: hexadecimal (HexadecimaRepresentation) - Unknown owner - C:\WINDOWS\Edit.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#3
Guest_usetobe_*
Posted 26 July 2005 - 04:47 AM

Guest_usetobe_*
  • Guest
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#4
richardparker
Posted 26 July 2005 - 06:15 AM

richardparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
thanks for that...have done that and the following is still happening:
when i open the computer it opens int explorer at the below page
http://217.170.4.137..._bin/index.html
and also
http://network.aptim...html&country=GB


it has also installed powerscan on my pc
then other web pages will come up and
a 'windows' message saying 'windows cannot find m.bat'
(sorry dont understand that other than that its a batch file...should it be there?

anyway...to the problem in hand...i think it is the edit.exe file that I cannot get rid of that may be causing the problem though i cant find it...!?!?!?!? maybe not?

hijack this below

Logfile of HijackThis v1.99.1
Scan saved at 13:04:07, on 26/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O23 - Service: hexadecimal (HexadecimaRepresentation) - Unknown owner - C:\WINDOWS\Edit.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Look forward to hearing from you...thanks again

PS in interim I have run all the following but still no joy:
cleanup
ad-wareSE
cwshredder
spybot
ewido
trend housecall
trojan hunter
...and windows update
  • 0

#5
Guest_usetobe_*
Posted 26 July 2005 - 06:19 AM

Guest_usetobe_*
  • Guest
Surely that isn't the full HJT scan.
Please rescan PC in normal mode and post the log back
  • 0

#6
richardparker
Posted 26 July 2005 - 07:23 AM

richardparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
that was it after i had fixed the stuff that could be fixed...this is it now...

Scan saved at 14:21:39, on 26/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vomtvxw.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\lprfat.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\switpa.exe
C:\Program Files\Aprps\CxtPls.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [Z7G85FERB] C:\WINDOWS\vomtvxw.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\TEMP\cxtpls_loader.exe" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [332U3pO] lprfat.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [bvùõš/‚²ÆßfÏNb­»1C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\vomtvxw.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...b_ringtones.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/d...onale_ver15.CAB
O23 - Service: hexadecimal (HexadecimaRepresentation) - Unknown owner - C:\WINDOWS\Edit.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#7
Guest_usetobe_*
Posted 26 July 2005 - 01:17 PM

Guest_usetobe_*
  • Guest
Do you have any antivirus software, it doesn't appear to be running. If you don't have any let me know and i can point you in the right direction for a good free one, then we can get on with the fix.
  • 0

#8
richardparker
Posted 27 July 2005 - 02:39 AM

richardparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
thanks, no i dont have virus programme running-should i?? does it slow computer down a lot?? I installed the symmatic programme on a trial recently to check for virus but trial ran out so uninstalled...
if u think it is good idea then yes would be good to get reccomendation of virus checker...thanks again.
  • 0

#9
Guest_usetobe_*
Posted 27 July 2005 - 03:09 AM

Guest_usetobe_*
  • Guest
An anti virus program is absolutely ESSENTIAL!!!

you will not notice any significant difference in pc performance, and you will be protected from the sort of infection you

Please click on the link below and download and install AVG antivirus. Carry out a full scan then rescan with HJT and post a new log back.

AVG

Ensure you DO NOT click on Trial version.
  • 0

#10
richardparker
Posted 27 July 2005 - 05:03 AM

richardparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:02:27, on 27/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\NETGEAR MA521 Adapter\wlancfg5.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Betfair Poker\Poker.exe
C:\Program Files\Betfair Poker\UA.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR MA521 Adapter\wlancfg5.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: hexadecimal (HexadecimaRepresentation) - Unknown owner - C:\WINDOWS\Edit.exe (file missing)
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

thanks
  • 0

Advertisements

#11
Guest_usetobe_*
Posted 27 July 2005 - 05:07 AM

Guest_usetobe_*
  • Guest
Each HJT log seems to have les and less on it....are you removing things yourself?
  • 0

#12
richardparker
Posted 27 July 2005 - 05:52 AM

richardparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
i have in the past - ie from the 1st one i sent but not recently...though have run diffs programs to assist including the virus checker as u suggested...i have run hjk this again and log is below - i have not deleated anything

Logfile of HijackThis v1.99.1
Scan saved at 12:51:07, on 27/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\NETGEAR MA521 Adapter\wlancfg5.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Betfair Poker\Poker.exe
C:\Program Files\Betfair Poker\UA.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR MA521 Adapter\wlancfg5.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: hexadecimal (HexadecimaRepresentation) - Unknown owner - C:\WINDOWS\Edit.exe (file missing)
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#13
Guest_usetobe_*
Posted 27 July 2005 - 06:15 AM

Guest_usetobe_*
  • Guest
OK here we go.

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Download, install, and update Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Please download Cleanup from here:
Cleanup. Do not run it yet.

Set up PC to show hidden files.(Click link if you do not know how)
Show hidden files

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find .hexadecimal (HexadecimaRepresentation)
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

After Cleanup! is finished:
  • Run Ewido.
    Click on full system scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report[list]
[*]Click Save report
[*]Save the report to your desktop
[*]Exit Ewido

Now scan with HJT and check the following entries if they still exist:

O23 - Service: hexadecimal (HexadecimaRepresentation) - Unknown owner - C:\WINDOWS\Edit.exe (file missing)

Ensure no windows open except HJT and click fix checked

Using windows explorer locate and delete the following file if found

C:\WINDOWS\Edit.exe

Now reboot pc normally.

Run this online virus scan: ActiveScan - Save the results from the scan!

Rescan with HJT and post the log back, with the ewido and panda logs.
  • 0

#14
richardparker
Posted 28 July 2005 - 12:45 AM

richardparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
thanks for that...pls find below the logs as requested though cannot find edit.exe any more (which i think is a good thing)

HjT

Logfile of HijackThis v1.99.1
Scan saved at 07:41:16, on 28/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\NETGEAR MA521 Adapter\wlancfg5.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR MA521 Adapter\wlancfg5.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 20:51:30, 27/07/2005
+ Report-Checksum: 72BA9059

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\3wte1dTROZLJ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\3wto1dTROZLJ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\WINDOWS\ra.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup


::Report End



Incident Status Location

Adware:adware/imgiant No disinfected C:\WINDOWS\INF\adrmimg.inf
Adware:adware/atlas No disinfected C:\WINDOWS\switpc.dat
Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe
Spyware:spyware/lowzones No disinfected C:\WINDOWS\update-sp3.html
Spyware:spyware/adclicker No disinfected C:\WINDOWS\usta33.ini
Adware:adware/apropos No disinfected C:\PROGRAM FILES\Aprps
Adware:adware/surfaccuracy No disinfected C:\PROGRAM FILES\SurfAccuracy
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\Going Places
Spyware:spyware/media-motor No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX
Adware:adware/elitebar No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/V3.DLL
Adware:adware/delfinmedia No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\VIDCTRL
Spyware:spyware/bargainbuddy No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BARGAINBUDDY
Spyware:spyware/dyfuca No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER
Spyware:spyware/istbar No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ISTSVC
Adware:adware/mediatickets No disinfected HKEY_CLASSES_ROOT\Interface\{4781DAA6-4DE5-47A1-B02A-945F0D017A9E}
Adware:Adware/MediaTickets No disinfected C:\26h1w9k.exe[update-sp3.html]
Adware:Adware/MediaTickets No disinfected C:\26h1w9k.exe[update-sp5.html]
Virus:Trj/Lowzones.IK No disinfected C:\26h1w9k.exe[ra.reg]
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Virus:Trj/Downloader.DSJ Disinfected C:\WINDOWS\a776a8.js
  • 0

#15
Guest_usetobe_*
Posted 28 July 2005 - 03:24 PM

Guest_usetobe_*
  • Guest
Copy and paste the following filepaths into notepad ans save it to desktop.

C:\WINDOWS\INF\adrmimg.inf
C:\WINDOWS\switpc.dat
C:\WINDOWS\unstall.exe
C:\WINDOWS\update-sp3.html
C:\WINDOWS\usta33.ini
C:\PROGRAM FILES\Aprps
C:\PROGRAM FILES\SurfAccuracy
C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\Going Places
C:\26h1w9k.exe[update-sp3.html]
C:\26h1w9k.exe[update-sp5.html]
C:\26h1w9k.exe[ra.reg]
C:\Program Files\Aprps\ProxyStub.dll

* Please download the http://www.bleepingc...es/killbox.php]Killbox by Option^Explicit[/url]. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX] 

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/V3.DLL] 

[-HKEY_LOCAL_MACHINE\SOFTWARE\VIDCTRL] 

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BARGAINBUDDY] 

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER] 

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ISTSVC] 

[-HKEY_CLASSES_ROOT\Interface\{4781DAA6-4DE5-47A1-B02A-945F0D017A9E}]

Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.

Reboot your computer into safe mode

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Rescan with HJT and post the log back
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP