Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PLS HELP WITH COOLWEBSEARCH! [RESOLVED]


  • This topic is locked This topic is locked

#16
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

1) Please download the Killbox here.
Unzip it to the desktop but do NOT run it yet.

2) copy the part in bold below into notepad. Save it as regfix.reg (set filetype to "All Files")


REGEDIT4

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*00f5*0013'*0 *0aa*00b4*00c6*00d08]


Doubleclick the file you made and confirm you want to merge it with the registry.

3) Copy everything inside the quote box below and paste it into Notepad. Save it as killfiles.txt on your desktop.

C:\WINDOWS\SYSTEM32\sdkby32.exe
C:\WINDOWS\SYSTEM32\winec32.dll
C:\WINDOWS\sdkav32.dll


4) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

5) Still in Safe Mode, please run Killbox.

6) Select "Delete on Reboot".

6) Open the text file you made earlier (Killfiles.txt), and copy the file names to the clipboard by highlighting them and pressing Control-C:

7) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

8) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..



Let the system reboot

Rescan with Adaware but this time do not search for negligable objects. Post the new Adaware results here for me please
  • 0

Advertisements


#17
jadegrech

jadegrech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
WELL I DID IT ALL AS YOU SUGGESTED,BUT I THINK THE PROBLEMS ARE STILL THERE :)

HERE ARE COPIES OF AD-AWARE AND PANDA SCANS:

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*00f5*0013'*00aa*00b4*00c6*00d08

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : wbemess.log
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\wbem\logs\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2

10:58:27 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:03.492
Objects scanned:129454
Objects identified:2
Objects ignored:0
New critical objects:2



Incident Status Location

Adware:adware/navipromo No disinfected C:\WINDOWS\SYSTEM32\sdkcc32.exe
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\winhy32.dll
Adware:adware/beginto No disinfected C:\WINDOWS\SYSTEM32\cache32_dsktptr
Adware:adware/searchaid No disinfected Windows Registry



:tazz:
  • 0

#18
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

can you please try the fix again, only this time,

1-Go Offline

2 - Disable Spybot S&D, Teatimer (if Running), Spysweeper, MacaFee Antispyware and Adaware.

3 - run the fix

4 - ensure that all the disabled apps are renabled following the reboot

5 - rescan with panda and post the results here for me please
  • 0

#19
jadegrech

jadegrech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
IM SORRY,BUT NEED TO ASK.BY "OFFLINE" DO YOU MEAN I NEED TO WORK IN SAFE MODE OR I NEED TO DISCONNECT INTERNET?
  • 0

#20
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

Sorry, my apologies for not being clear, by "Offline", I mean disconnect from the internet.

If you have any other questions, please do not hesitate to ask.
  • 0

#21
jadegrech

jadegrech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I THINK I MIGHT HAVE A PROBLEM DISCONNECTING FROM INTERNET,CAUSE I HAVE CABLE AND I WAS TOLD THAT I CANNOT DISCONNECT IT,OTHERWISE I LL HAVE TO DO ALL FROM THE SCRATCH...CONNECTING,PAYMENTS AND SO ON...IS IT REALLY NESSESARY TO DISCONNECT OR WE MIGHT HAVE SOME OTHER SOLUTION?
  • 0

#22
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

no probs, just make sure that you are not actually online. Leave the physical connections alone.
  • 0

#23
jadegrech

jadegrech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
HI THERE!

SORRY FOR DELAYED REPLY,BUT I WASNT ABLE TO CONNECT TO YOUR SITE FOR SOME TIME :)

I TRIED AS U SAID BUT PANDA SCAN SHOWS THE SAME PROBLEM AGAIN.ALSO I THINK THAT THERE IS MORE STUFF INSTALLED ON MY COMP,CAUSE JUST TODAY,RIGHT NOW I OPENED INTERNET EXPLORER AND THERE WAS SOME UNKNOWN HOME PAGE DISPLAYED.

ALSO I DID SYMANTEC SCAN AND IT FOUND THESE PROBLEMS WHICH I COULDNT REMOVE:

C:\WINDOWS\n_atcgnh.log is infected with Adware.CWSIEFeats
C:\WINDOWS\n_bpvnvi.dat is infected with Adware.CWSIEFeats
C:\WINDOWS\n_cbuuca.txt is infected with Adware.CWSIEFeats
C:\WINDOWS\n_ihwoyf.txt is infected with Adware.CWSIEFeats
C:\WINDOWS\n_iigjdx.log is infected with Adware.CWSIEFeats
C:\WINDOWS\n_jujgsw.txt is infected with Adware.CWSIEFeats
C:\WINDOWS\n_lfddjz.log is infected with Adware.CWSIEFeats
C:\WINDOWS\n_ndqhkx.dat is infected with Adware.CWSIEFeats
C:\WINDOWS\n_ntnygs.txt is infected with Adware.CWSIEFeats
C:\WINDOWS\n_pmlzhq.dat is infected with Adware.CWSIEFeats
C:\WINDOWS\n_rlizqb.txt is infected with Adware.CWSIEFeats
C:\WINDOWS\n_srrdrg.log is infected with Adware.CWSIEFeats
C:\WINDOWS\n_uhqqoq.dat is infected with Adware.CWSIEFeats
C:\WINDOWS\n_xljzsm.txt is infected with Adware.CWSIEFeats
C:\WINDOWS\n_xqfmgx.dat is infected with Adware.CWSIEFeats
C:\WINDOWS\Installer\56e1fe.msi is infected with Adware.HyperBar



HERE IS ALSO A NEW COPY OF HIJACK THIS:

Logfile of HijackThis v1.99.1
Scan saved at 9:43:17 PM, on 11/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PCI Audio Applications\Bin\WDM\Full\Mixer.exe
C:\Program Files\5.1M MPEG4 DV\DockWatch.exe
C:\Program Files\ScannerU\KYESCAN.EXE
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DockWatch.lnk = C:\Program Files\5.1M MPEG4 DV\DockWatch.exe
O4 - Global Startup: KYESCAN.lnk = C:\Program Files\ScannerU\KYESCAN.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PRDIE - {14CD7C31-983E-4EC6-8461-96C898524853} - C:\Program Files\Privacy Defender\prd.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbu...m/tbinstall.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.c...ers/play365.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...618/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...bio5_3_16_0.cab
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I ALSO HAVE A QUESTION.ON MY COMPUTER I HAVE IN PROGRAM FILES A FOLDER CALLED ICQLITE.I DONT KNOW WHAT IS IT FOR AND IT HAS BEEN HERE FOR AGES.IN VIRUS ENCYCLOPIDIA OF TREND MICRO THEY STATED IT AS A WORM_HITON.A AND THAT IT DROPS THESE COPIES OF ITSELF IN WINDOWS:

SVCHOST.EXE
MSSVC.DLL

AND MCAFEE SAYS ITS W32/Mydoom.ab@MM .
ALTHOUGH WHEN I RUN THE USUAL TREND MICRO OR MCAFEE SCAN IT NEVER FINDS ANYTHING :tazz:
  • 0

#24
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

while i am looking through your last post, could you please get me an uninstall list as follows

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

You asked about Icqlite, this is an instant messenger app. If you dont use it or need it, then remove it through Add/Remove programmes in Control Panel. Can I ask if you have downlaoded or installed anything prior to running the symantec scan?

I must also add that it makes it very difficult for me to identify exactly what is going on if you step outside the instructions in my posts. I fully understand your desire to get clean, but throwing online scans at the system does not always generate usefull data and often only obscures the real root cause of a problem.
  • 0

#25
jadegrech

jadegrech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
HI UK biker!

FIRST OF ALL I MUST APOLOGIZE FOR GOING ALL BANANAS TO TRY AND SORT OUT THE PROBLEMS THIS WAY AND TNX FOR YOUR PATIENCE WITH ME :)

HERE IS THE COPY OF UNINSTALL LIST:

5.1M MPEG4 DV
5.1M MPEG4 DV Camera Driver
ABBYY FineReader 4.0 Sprint
Ad-Aware SE Personal
Adobe Acrobat 4.0, 5.0
a-squared Free 1.6
Baby Album
CCleaner (remove only)
DVD Genie (remove only)
DVD Region Killer
EasyCleaner
ewido security suite
Genius ColorPage-Vivid4 USB
HijackThis 1.99.1
Kaspersky On-line Scanner
Lernout & Hauspie TruVoice American English TTS Engine
McAfee AntiSpyware
McAfee SecurityCenter
McAfee VirusScan
McAfee VirusScan Enterprise
Microsoft DirectX Transform optional components
Microsoft Office XP Professional with FrontPage
mIRC
MSN Music Assistant
Nero Suite
Panda ActiveScan
PCFriendly
PCI Audio Applications
PhotoMix 5.2
PowerDVD
Privacy Defender 7.0.2 (remove only)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Shockwave 7.0.3 Player
Spybot - Search & Destroy 1.4
Trend Micro Anti-Spyware
Ulead COOL 360 1.0
Ulead Photo Explorer 7.0 SE
Ulead VideoStudio 6 SE Basic
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
VideoMach 3.4.1
WinAVIVideoConverter
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
ZoneAlarm

I ALSO REMEMBER OPENING SOMETHING PRIOR RUNNING SYMENTEC SCAN.I GUESS IT WAS IN ICQlite FOLDER AND THATS WHERE FOR A MOMENT I HAD DIFFERENT HOME PAGE APPEARED,WHICH THANK GOD DIDNT APPEAR ANYMORE.IT WAS SAYING SOMETHING THAT MY COMP IS AT HIGH RISK AND THAT THEY DETECTED ALL THESE [bleep],GAY OR BOOBS STUFF ON IT :tazz:
  • 0

Advertisements


#26
jadegrech

jadegrech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I JUST NEED TO ADD SOMETHING WHAT I JUST NOTICED NOW WHILE JOINING FORUM.I DONT KNOW IF IT IS OF ANY SIGNIFICANCE,BUT IT CAUGHT MY EYE.

WHILE IT WAS OPENING MY PAGE FOR A MOMENT AT THE VERY BOTTOM WHERE IT SAYS OPENING PAGE I SAW BESIDES THE TITLE OF FORUM A WORD 'CHITIKA' FLASHING JUST FOR FEW SECONDS.
AND WHENEVER I RUN EWIDO SCAN IT DETECTS THIS:

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\CHIJK1MR\mm[1].js -> Spyware.Chitika : Cleaned with backup

SO I DONT KNOW IF THERE IS ANY CONECTION...
  • 0

#27
jadegrech

jadegrech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OOO,I ALSO REMEMBERED..TWO DAYS AGO WE DISCOVERED THAT FROM THE SITE CALLED 'EMUSIC',WHERE ABOUT TWO MONTHS AGO WE ORDERED SOME DOWNLOADS,BUT NEVER GOT THEM,THEY ACTUALLY TOOK SOME MONEY FROM ACCOUNT WITHOUT OUR KNOWLEDGE.

WHEN I TRIED TO GET SOME INFOS ABOUT IT ON INTERNET THAY SAID THAT THE SAME SITE IS ACTUALLY SPYWARE.I ALSO DONT KNOW IF THIS CAN HELP IN RESOLVING OF ANY OF PROBLEMS :tazz:
  • 0

#28
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there

lets get rid of Chikita which is adware.

Boot into Safe Mode.

Navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options.
On the General tab under "navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new HJT log here for me please
  • 0

#29
jadegrech

jadegrech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
HI AGAIN!

HERE IS THE NEW COPY OF HJT:

Logfile of HijackThis v1.99.1
Scan saved at 10:02:52 PM, on 11/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PCI Audio Applications\Bin\WDM\Full\Mixer.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\5.1M MPEG4 DV\DockWatch.exe
C:\Program Files\ScannerU\KYESCAN.EXE
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\user\Desktop\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DockWatch.lnk = C:\Program Files\5.1M MPEG4 DV\DockWatch.exe
O4 - Global Startup: KYESCAN.lnk = C:\Program Files\ScannerU\KYESCAN.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PRDIE - {14CD7C31-983E-4EC6-8461-96C898524853} - C:\Program Files\Privacy Defender\prd.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbu...m/tbinstall.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.c...ers/play365.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...618/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...bio5_3_16_0.cab
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#30
jadegrech

jadegrech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
BY THE WAY WHEN I RAN EWIDO SCAN IT DIDNT SHOW ANYMORE CHITIKA ADWARE,BUT IT FOUND THIS:

C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup

AND TREND MICRO SCAN ALSO FOUND FOLLOWING:
Internet Cookies
Internet Cookies: Found 'ads.pointroll.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'advertising.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'atdmt.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'dist.belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'doubleclick.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'fastclick.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'servedby.advertising.com' in 'Internet Explorer Cache'


WHILE IM OPENING MY YAHOO! E-MAIL SOME OF THOSE NAMES APPEAR AT THE BOTTOM WHERE IT SAYS OPENING PAGE,JUST LIKE CHITIKA DID BEFORE WHILE OPENING MY PAGE AT THIS FORUM.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP