Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New Poly Win32 [RESOLVED]


  • This topic is locked This topic is locked

#1
hacim

hacim

    Member

  • Member
  • PipPip
  • 20 posts
I ran ewido, adaware, and hijack this to try and fix my problem. I know absolutely nothing about computers, so i'm hoping you can help me step by step.

Ewido report:

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:04:49 AM, 8/23/2005
+ Report-Checksum: AC2DFAEE

+ Scan result:

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2458204500-60383573-2175944406-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2458204500-60383573-2175944406-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-2458204500-60383573-2175944406-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-2458204500-60383573-2175944406-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
[1376] C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
[4792] VM_04060000 -> Adware.BetterInternet : Error during cleaning
[4420] C:\WINDOWS\system32\nss211.dll -> Spyware.HotSearchBar : Error during cleaning
[3652] C:\WINDOWS\system32\akhitge.exe -> Trojan.Agent.cp : Cleaned with backup
[2828] C:\WINDOWS\system32\nss211.dll -> Spyware.HotSearchBar : Error during cleaning
[5948] C:\WINDOWS\system32\nss211.dll -> Spyware.HotSearchBar : Error during cleaning
[4176] C:\WINDOWS\system32\nss211.dll -> Spyware.HotSearchBar : Error during cleaning
[2224] C:\WINDOWS\system32\nss211.dll -> Spyware.HotSearchBar : Error during cleaning
[2592] C:\WINDOWS\system32\nss211.dll -> Spyware.HotSearchBar : Error during cleaning
[3180] C:\WINDOWS\system32\nss211.dll -> Spyware.HotSearchBar : Error during cleaning
[496] C:\WINDOWS\system32\nss211.dll -> Spyware.HotSearchBar : Error during cleaning
[5260] C:\WINDOWS\system32\nss211.dll -> Spyware.HotSearchBar : Error during cleaning
[4316] C:\WINDOWS\system32\nss211.dll -> Spyware.HotSearchBar : Error during cleaning
[4072] C:\WINDOWS\system32\nss211.dll -> Spyware.HotSearchBar : Error during cleaning
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wfkiajcpebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wfkichd5ggo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wfkieiczofo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wfkoepdpwkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wfkokodpcdq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wjk4chdpkbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wjk4qkd5gco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wjkoelcpwfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wjkoghcjihq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wjlicmcjmlp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wjmywidjcdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wjnyamcjiko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wjnyqjczcdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wjnyqkczgco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@e-2dj6wjnyqnczcbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Gayla Deskins\Cookies\gayla deskins@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Micah Deskins\Application Data\Mozilla\Firefox\Profiles\gbbkchps.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@affiliates.x10[2].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wfk4wiajecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wfkiajcpebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wfkieiczofo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wfkoakdpwhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wflicjc5abo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wfliskdpicq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjk4aiajsco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjk4ckczmho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjk4cndjsbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjkokicjgfq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjkoqocjgfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjkoumazggp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjkyclazogo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjkycoczmbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjl4qjd5cbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjl4ugazwgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjlialc5aap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjlicocjgbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjliegd5aao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjlioodjwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjlocnazmkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjlogkczkfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjloslcpsfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjmiemd5mbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjny-1lczal.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjnycjcjkfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjnyqjczcdq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjnyqkczgco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@e-2dj6wjnywnd5map.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Cookies\micah deskins@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Local Settings\Temporary Internet Files\Content.IE5\8LER41EF\thin-94-1-x-x[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Micah Deskins\Local Settings\Temporary Internet Files\Content.IE5\C1YROXMJ\abiuninst[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq112.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq113.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq114.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq115.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq118.tmp -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11A.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11C.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11D.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11F.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq142.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq143.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq144.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq159.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15A.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq168.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16A.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1ED.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1EE.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1EF.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F1.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F2.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F4.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22B.tmp -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq235.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC9.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCB.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCC.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF1.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF3.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\quarantine\dinst.exe.Vir -> TrojanDownloader.Intexp.d : Error during cleaning
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING14.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\installer_MARKETING14.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\extract.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__nss211.dll -> Spyware.HotSearchBar : Cleaned with backup


::Report End



Hijack This Report:

This v1.99.1
Scan saved at 12:13:10 AM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\tzfroq.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Micah Deskins\Local Settings\Temporary Internet Files\Content.IE5\773YU9KX\HijackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nss211.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://medsvc.cats.o...sCamControl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...514/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

THanks!
  • 0

Advertisements


#2
hacim

hacim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
anyone?

*Edited by an Administrator

Hello! Bumping your thread will not get you helped any quicker, as we look for threads with no replies. Also, we work from oldest to newest, and currently are working on logs that have been posted three to five days ago , sometimes even older. Please be patient with us. We are working as fast as we can without compromising the integrity of our work.

Edited by ~Kat~, 22 August 2005 - 11:52 PM.

  • 0

#3
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Welcome to Geeks to Go!

I need you to move HiJackThis.exe to a permanent folder. It is currently running from a Temporary Folder. If need be, download the program again and put it in it's own folder. You do not want it running from temporary internet files.

Also, the next time you run HiJackThis, close Internet Explorer. You had way too many windows open when you scanned last.

Once HiJackThis is moved (downloaded) to a permanent folder post a new HiJackThis log.
  • 0

#4
hacim

hacim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I can't even find the hijackthis program to delete it? I tried a system search and it says it doesn't exist, yet when i try to download it again, it says its in the temp files?

I know nothing about computers, so could you tell me how to remove it or even find it in my temp files?

thanks!
  • 0

#5
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Do you know how to use Windows Explorer (instead of search)?

Right-click the start button and go to "Explore", go up to "View > Explorer Bar" and put a check next to the "Folders", then navigate to it:

C:\Documents and Settings\Micah Deskins\Local Settings\Temporary Internet Files\Content.IE5\773YU9KX\HijackThis[1].exe

If you can't find it this way, then open Internet Explorer. Go up to Tools > Internet Options, under the General tab (under Temporary Internet Files) Click "Delete Files" click OK. Let it delete all of your Temporary Internet Files, then try downloading it again to a permanent folder, do not download it to Temporary Internet Files again.

Edited by Michelle, 23 August 2005 - 10:26 AM.

  • 0

#6
hacim

hacim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I have tried what you said and the program refuses to be deleted! Everytime i think it's deleted, i try to download hijackthis again and i get a message stateing "hijackthis failed to uninstall an error occured?

What can i do?
  • 0

#7
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Let's do it this way, use the shortcut you were using to open HiJackThis.

Click "Open Misc Tools Section", then scroll down to "uninstall HiJackthis", click the "uninstall HiJackThis & exit" button, then reboot your computer and try downloading it again.
  • 0

#8
hacim

hacim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I have tried...........and it will not come off! What the... is the deal with this program. I have never had any problems before adding or removing programs.

I don't know what the ________ to do?
  • 0

#9
hacim

hacim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:03:05 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nss211.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://medsvc.cats.o...sCamControl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...514/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
  • 0

#10
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Thank you. I will look over your log and be back as soon as possible :tazz:
  • 0

Advertisements


#11
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Copy everything inside the code box below and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as remserv.bat on your Desktop.

@echo off
sc stop SvcProc
sc delete SvcProc
Double-click remserv.bat

Then, download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, if it does go ahead and reboot.

Then, please run this online virus scan:
ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log.
  • 0

#12
hacim

hacim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I have tried to run activescan 3 times and each and every time, it scans for 2-3 minutes then closes abruptly. I have disabled all of the protection on my computer and it still proceeds to abruptly stop.




Logfile of HijackThis v1.99.1
Scan saved at 9:45:54 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nss211.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://medsvc.cats.o...sCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...514/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  • 0

#13
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, let's try this program:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#14
hacim

hacim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
********
9:43 AM: |··· Start of Session, Thursday, August 25, 2005 ···|
9:43 AM: Spy Sweeper started
9:43 AM: Sweep initiated using definitions version 521
9:43 AM: Starting Memory Sweep
9:46 AM: Memory Sweep Complete, Elapsed Time: 00:02:55
9:46 AM: Starting Registry Sweep
9:46 AM: Found Adware: begin2search
9:46 AM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
9:46 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
9:46 AM: Found Adware: hotsearchbar toolbar
9:46 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
9:46 AM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
9:46 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
9:46 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
9:46 AM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
9:46 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
9:46 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
9:46 AM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
9:46 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
9:46 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
9:46 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
9:46 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
9:46 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
9:46 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
9:46 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
9:46 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
9:46 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
9:46 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
9:46 AM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
9:46 AM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
9:46 AM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
9:46 AM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
9:46 AM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
9:46 AM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
9:46 AM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
9:46 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
9:46 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
9:46 AM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
9:46 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
9:46 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
9:46 AM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
9:46 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
9:46 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
9:46 AM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
9:46 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
9:46 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
9:46 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
9:46 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
9:46 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
9:46 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
9:46 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
9:46 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
9:46 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
9:46 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
9:46 AM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
9:46 AM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
9:46 AM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
9:46 AM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
9:46 AM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
9:46 AM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
9:46 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
9:46 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
9:46 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (1 subtraces) (ID = 104211)
9:46 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (1 subtraces) (ID = 104211)
9:46 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
9:46 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
9:46 AM: Found Adware: ieplugin
9:46 AM: HKU\WRSS_Profile_S-1-5-21-2458204500-60383573-2175944406-1010\software\intexp\ (2 subtraces) (ID = 128173)
9:46 AM: Found Adware: 180search assistant/zango
9:46 AM: HKU\WRSS_Profile_S-1-5-21-2458204500-60383573-2175944406-1010\software\microsoft\windows\currentversion\run\ || 180clientstubinstall (ID = 135645)
9:46 AM: Found Adware: abetterinternet
9:46 AM: HKLM\software\microsoft\windows\currentversion\uninstall\abi-1\ (6 subtraces) (ID = 146117)
9:46 AM: HKU\S-1-5-21-2458204500-60383573-2175944406-1008\software\aurora\ (27 subtraces) (ID = 360174)
9:46 AM: Registry Sweep Complete, Elapsed Time:00:00:11
9:46 AM: Starting Cookie Sweep
9:46 AM: Found Spy Cookie: primaryads cookie
9:46 AM: micah deskins@1.primaryads[2].txt (ID = 3190)
9:46 AM: Found Spy Cookie: 2o7.net cookie
9:46 AM: micah deskins@2o7[2].txt (ID = 1957)
9:46 AM: Found Spy Cookie: tribalfusion cookie
9:46 AM: micah deskins@a.tribalfusion[1].txt (ID = 3590)
9:46 AM: Found Spy Cookie: yieldmanager cookie
9:46 AM: micah deskins@ad.yieldmanager[2].txt (ID = 3751)
9:46 AM: Found Spy Cookie: adknowledge cookie
9:46 AM: micah deskins@adknowledge[1].txt (ID = 2072)
9:46 AM: Found Spy Cookie: adrevolver cookie
9:46 AM: micah deskins@adrevolver[1].txt (ID = 2088)
9:46 AM: micah deskins@adrevolver[2].txt (ID = 2088)
9:46 AM: Found Spy Cookie: pointroll cookie
9:46 AM: micah deskins@ads.pointroll[2].txt (ID = 3148)
9:46 AM: Found Spy Cookie: ask cookie
9:46 AM: micah deskins@ask[1].txt (ID = 2245)
9:46 AM: Found Spy Cookie: belnk cookie
9:46 AM: micah deskins@ath.belnk[1].txt (ID = 2293)
9:46 AM: micah deskins@belnk[2].txt (ID = 2292)
9:46 AM: Found Spy Cookie: burstnet cookie
9:46 AM: micah deskins@burstnet[1].txt (ID = 2336)
9:46 AM: Found Spy Cookie: casalemedia cookie
9:46 AM: micah deskins@casalemedia[1].txt (ID = 2354)
9:46 AM: Found Spy Cookie: ccbill cookie
9:46 AM: micah deskins@ccbill[1].txt (ID = 2369)
9:46 AM: Found Spy Cookie: centrport net cookie
9:46 AM: micah deskins@centrport[2].txt (ID = 2374)
9:46 AM: Found Spy Cookie: com.com cookie
9:46 AM: micah deskins@com[2].txt (ID = 2445)
9:46 AM: micah deskins@dist.belnk[1].txt (ID = 2293)
9:46 AM: Found Spy Cookie: questionmarket cookie
9:46 AM: micah deskins@questionmarket[1].txt (ID = 3217)
9:46 AM: Found Spy Cookie: realmedia cookie
9:46 AM: micah deskins@realmedia[2].txt (ID = 3235)
9:46 AM: micah deskins@tribalfusion[2].txt (ID = 3589)
9:46 AM: Found Spy Cookie: burstbeacon cookie
9:46 AM: micah deskins@www.burstbeacon[1].txt (ID = 2335)
9:46 AM: Found Spy Cookie: web-stat cookie
9:46 AM: micah deskins@www.web-stat[1].txt (ID = 3649)
9:46 AM: Found Spy Cookie: adserver cookie
9:46 AM: micah deskins@z1.adserver[1].txt (ID = 2142)
9:46 AM: Found Spy Cookie: zedo cookie
9:46 AM: micah deskins@zedo[2].txt (ID = 3762)
9:46 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:46 AM: Starting File Sweep
9:47 AM: dinst.exe.vir (ID = 135267)
9:47 AM: abiuninst.htm (ID = 83087)
9:48 AM: File Sweep Complete, Elapsed Time: 00:01:48
9:48 AM: Full Sweep has completed. Elapsed time 00:05:01
9:48 AM: Traces Found: 581
9:50 AM: Removal process initiated
9:50 AM: Quarantining All Traces: begin2search
9:50 AM: Quarantining All Traces: hotsearchbar toolbar
9:50 AM: Quarantining All Traces: ieplugin
9:50 AM: Quarantining All Traces: 180search assistant/zango
9:50 AM: Quarantining All Traces: abetterinternet
9:50 AM: Quarantining All Traces: primaryads cookie
9:50 AM: Quarantining All Traces: 2o7.net cookie
9:50 AM: Quarantining All Traces: tribalfusion cookie
9:50 AM: Quarantining All Traces: yieldmanager cookie
9:50 AM: Quarantining All Traces: adknowledge cookie
9:50 AM: Quarantining All Traces: adrevolver cookie
9:50 AM: Quarantining All Traces: pointroll cookie
9:50 AM: Quarantining All Traces: ask cookie
9:50 AM: Quarantining All Traces: belnk cookie
9:50 AM: Quarantining All Traces: burstnet cookie
9:50 AM: Quarantining All Traces: casalemedia cookie
9:50 AM: Quarantining All Traces: ccbill cookie
9:50 AM: Quarantining All Traces: centrport net cookie
9:50 AM: Quarantining All Traces: com.com cookie
9:50 AM: Quarantining All Traces: questionmarket cookie
9:50 AM: Quarantining All Traces: realmedia cookie
9:50 AM: Quarantining All Traces: burstbeacon cookie
9:50 AM: Quarantining All Traces: web-stat cookie
9:50 AM: Quarantining All Traces: adserver cookie
9:50 AM: Quarantining All Traces: zedo cookie
9:51 AM: Removal process completed. Elapsed time 00:01:47
********
9:43 AM: |··· Start of Session, Thursday, August 25, 2005 ···|
9:43 AM: Spy Sweeper started
9:43 AM: |··· End of Session, Thursday, August 25, 2005 ···|
  • 0

#15
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Once in Safe Mode, doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • I need these results in the next post!
Reboot back to Normal Mode!

Post the contents WinPFind.txt and new HiJackThis log.

Edited by Michelle, 25 August 2005 - 09:50 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP