Stuck in the Mud&nbsp;[RESOLVED]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Stuck in the Mud [RESOLVED] and sinking

#1 hippiemind

Group: Member
Posts: 108
Joined: 04-December 03

Posted 28 January 2006 - 04:06 PM

One of your infamous and thought we had licked the problem.....but I guess not. Loophole was working with me under the topic........"Please throw an old hippie a rope" Got to where things seemed good. Now, however it is slower than ever. On one of the sites where I play poker my delay time has gone from .03 sec. up to 8.4 sec.

.....most sites are throwing me off due to my horrible connection...

I have run a defrag, and run cleanup...............the following is the resulting Hijack

Thanks in advance for any guidance you may be able to throw my way.......Paul

Logfile of HijackThis v1.99.1
Scan saved at 2:33:23 PM, on 1/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
C:\Program Files\Aws\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TBONBin\tbon.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\MY DOWNLOADS\kazaa.exe
C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe
C:\PROGRA~1\REGIST~1\REGCLEAN.EXE
C:\WINDOWS\SYSTEM32\sol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\MY DOWNLOADS\HijackThis.exe

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\MY DOWNLOADS\iTunesHelper.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\Aws\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\REGCLEAN.EXE
O4 - Global Startup: Action Manager 32.lnk = C:\WINDOWS\SYSTEM32\notepad.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://moneycentral....s/pmupdate2.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7A3374E-2D30-4C4A-811F-80E6356DEE77}: NameServer = 168.253.8.17 168.253.8.18
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

#2 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 28 January 2006 - 05:38 PM

Where is your antivirus?

#3 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 28 January 2006 - 05:40 PM

* Go to Add/Remove programs and uninstall these:

P2P Networking
AltnetPointsManager
RXToolBar
WeatherBug
Kazaa

* Go here and download Ad-Aware SE.

Install the program and launch it.
First in the main window look in the bottom right corner and click on Check for updates now
Click Connect and download the latest reference files.
From main window click Start then under Select a scan Mode tick Perform full system scan.
Next deselect Search for negligible risk entries.
Now to scan just click the Next button.
When the scan is finished mark everything for removal and get rid of it.
Right-click the window and choose select all from the drop down menu and click Next
Restart your computer.

* Go here and download Microsoft Antispyware Beta.

Install the program and launch it.
First in the top menu click File then Check for updates to download the definitons updates.
After updating look in the right side of the main window under "Run Quick Scan Now" and click Spyware scan options.
Put a tick by Run a full system scan and then put a check by all three options below that
Click Run Scan now.
When the scan is finished, let it fix anything that it finds
Have it quarantine the items that have that option rather than delete just in case.
Restart your computer.

* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan

#4 hippiemind

Group: Member
Posts: 108
Joined: 04-December 03

Posted 29 January 2006 - 03:56 AM

OK..........after 2 1/2 hours all done. REPORTS BELOW

One thing I noticed during this process......on my lower toolbar there is an icon of two monitors. Seems to me they used to blink on and off in a green color. Now there is a red "x" on them. When I put my cursor on them, the message reads."local area connection, A network cable is unplugged" I checked my plugs, and all seems to be in order. Don't know if this means anything or not.

Thanks again for the help and I await your observations and reccomendations forthcomming.

Paul

Incident Status Location

Adware:adware/portalscan Not disinfected C:\WINDOWS\SYSTEM32\winupdt.008
Adware:adware/searchtheweb Not disinfected C:\WINDOWS\SYSTEM32\CACHE\mswinstall.exe
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Paul Bayha\Desktop\Registry Cleaner.lnk
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\banner.inf
Adware:adware/enhancemsearch Not disinfected C:\WINDOWS\searchen.dat
Potentially unwanted tool:application/myway Not disinfected C:\PROGRAM FILES\MySearch
Potentially unwanted tool:application/need2find Not disinfected C:\PROGRAM FILES\Need2Find
Adware:adware/searchforit Not disinfected C:\PROGRAM FILES\sf
Spyware:spyware/apropos Not disinfected C:\PROGRAM FILES\AutoUpdate
Adware:adware/cydoor Not disinfected C:\WINDOWS\cdmxtras
Adware:adware/comet Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\Starware
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@serving-sys[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@offeroptimizer[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@tribalfusion[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@microsofteup.112.2o7[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@go[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@perf.overture[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@as1.falkag[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@btg.btgrab[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@cliks[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@ad.yieldmanager[2].txt
Spyware:Cookie/Golden Palace Online Casino Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@www.goldenpalace[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@server.iad.liveperson[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@com[2].txt
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\banner.inf
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL
Adware:Adware/InstaFinder Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FDFB5188-E5A4-4EE3-95FF-223360\5694B14B-AD91-4A33-991B-7FD14D
Potentially unwanted tool:Application/Zango Not disinfected C:\MY DOWNLOADS\backups\backup-20050713-124225-807.inf
Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Paul Bayha\Local Settings\Temp\__unin__.exe
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@serving-sys[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@offeroptimizer[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@tribalfusion[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@microsofteup.112.2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@perf.overture[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@as1.falkag[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@btg.btgrab[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@cliks[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@ad.yieldmanager[2].txt
Spyware:Cookie/Golden Palace Online Casino Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@www.goldenpalace[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@server.iad.liveperson[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@com[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Paul Bayha\Cookies\paul bayha@go[1].txt
Adware:Adware/SAHAgent Not disinfected C:\!KillBox\bunSetup.cab
Adware:Adware/SAHAgent Not disinfected C:\!KillBox\bunSetup.cab[lsp_.dll]
Adware:Adware/SAHAgent Not disinfected C:\!KillBox\bunSetup.cab[xmltok_.dll]
Adware:Adware/SAHAgent Not disinfected C:\!KillBox\bunSetup.cab[SAHAgent_.exe]
Adware:Adware/SAHAgent Not disinfected C:\!KillBox\bunSetup.cab[SAHUninstall_.exe]
Adware:Adware/SAHAgent Not disinfected C:\!KillBox\bunSetup.cab[SahHtml_.exe]
Adware:Adware/SAHAgent Not disinfected C:\!KillBox\bunSetup.cab[WEBInstaller.dll]
Adware:Adware/SAHAgent Not disinfected C:\!KillBox\bunSetup.cab[setup.inf]

Logfile of HijackThis v1.99.1
Scan saved at 2:21:53 AM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\REGIST~1\REGCLEAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\MY DOWNLOADS\HijackThis.exe

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\MY DOWNLOADS\iTunesHelper.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\REGCLEAN.EXE
O4 - Global Startup: Action Manager 32.lnk = C:\WINDOWS\SYSTEM32\notepad.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://moneycentral....s/pmupdate2.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7A3374E-2D30-4C4A-811F-80E6356DEE77}: NameServer = 168.253.8.17 168.253.8.18
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

#5 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 29 January 2006 - 12:02 PM

*Download Cleanup from here

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Click the Options... button on the right.
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Cleanup! All Users
Click OK
DO NOT RUN IT YET

* Click Here and download Killbox and save it to your desktop.

* Click here for info on how to boot to safe mode if you don't already know how.

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.

** Before you proceed with the removal directions below you need to turn off MS Anti-Spyware's realtime protection as it will interfere with the changes we are trying to make.

Open MS Anti-Spyware and click on Options > Settings.
Click on "Realtime Protection" in the left pane.
Remove the check by these:
- Enable the Microsoft Security Agents on startup (recommended)
- Enable real-time spyware threat protection (recommended)
Click "Save"
Now right click the MS Anti-spyware icon in your system tray and choose "Shutdown Microsoft Anti-Spyware"
Leave it disabled until we are finished here.

* Go to Add/Remove programs and uninstall Registry Cleaner and WebRebates if they are there.

* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)

O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\REGCLEAN.EXE

O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Double-click on Killbox.exe to run it.

Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

C:\Program Files\RXToolBar

C:\PROGRA~1\REGIST~1

C:\Program Files\WebRebates4

C:\WINDOWS\SYSTEM32\winupdt.008

C:\WINDOWS\SYSTEM32\CACHE\mswinstall.exe

C:\Documents and Settings\Paul Bayha\Desktop\Registry Cleaner.lnk

C:\WINDOWS\INF\banner.inf

C:\WINDOWS\searchen.dat

C:\PROGRAM FILES\MySearch

C:\PROGRAM FILES\Need2Find

C:\PROGRAM FILES\sf

C:\PROGRAM FILES\AutoUpdate

C:\WINDOWS\cdmxtras

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\Starware
Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.
Exit the Killbox.

* Run Cleanup:

Click on the "Cleanup" button and let it run.
Once its done, close the program.

* Restart back into Windows normally now.

* Run Kaspersky online virus scan here.

When given the option, choose the "Extended database" for the scan.

When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan

#6 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 29 January 2006 - 12:02 PM

IMPORTANT!: I see that you do not have an antivirus running or a firewall. If I may so this without being rude, with the net as it is these days it is quite foolish to be without an antivirus and a firewall. By all means get both ASAP!. See this thread for some good free ones.

#7 hippiemind

Group: Member
Posts: 108
Joined: 04-December 03

Posted 29 January 2006 - 03:20 PM

Howdy.......

You mentioned firewall and anti-virus. I was under the impression the service pack 2 which came with my XP included those items. Which do you recommend as the best for me with minimal finances?

Thanks Again..................Paul

OK here are the Kas and Hijack reports

KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 29, 2006 13:52:55
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 29/01/2006
Kaspersky Anti-Virus database records: 173790
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 21725
Number of viruses found: 29
Number of infected objects: 55
Number of suspicious objects: 0
Duration of the scan process: 1170 sec

Infected Object Name - Virus Name
C:\WINDOWS\sahagent-fellymedia1002.exe/data0002 Infected: not-a-virus:AdWare.Win32.Sahat.h
C:\WINDOWS\sahagent-fellymedia1002.exe Infected: not-a-virus:AdWare.Win32.Sahat.h
C:\Program Files\Microsoft AntiSpyware\Quarantine\FDFB5188-E5A4-4EE3-95FF-223360\5694B14B-AD91-4A33-991B-7FD14D/stream Infected: not-a-virus:AdWare.Win32.404Search.h
C:\Program Files\Microsoft AntiSpyware\Quarantine\FDFB5188-E5A4-4EE3-95FF-223360\5694B14B-AD91-4A33-991B-7FD14D Infected: not-a-virus:AdWare.Win32.404Search.h
C:\Program Files\Microsoft AntiSpyware\Quarantine\FDFB5188-E5A4-4EE3-95FF-223360\4661DF43-931B-402C-9BEA-232A39 Infected: not-a-virus:AdWare.Win32.404Search.l
C:\Program Files\Microsoft AntiSpyware\Quarantine\56EABBF6-0162-4374-99E9-E5E272\E5F3ACEE-A43D-4854-9811-E0E58B/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.e
C:\Program Files\Microsoft AntiSpyware\Quarantine\56EABBF6-0162-4374-99E9-E5E272\E5F3ACEE-A43D-4854-9811-E0E58B Infected: not-a-virus:AdWare.Win32.BookedSpace.e
C:\Program Files\Microsoft AntiSpyware\Quarantine\0C628631-D1D9-46B4-8C14-22A973\A32AD532-8B05-489A-9CB6-8B5946 Infected: not-a-virus:AdWare.Win32.Bestofer.b
C:\Program Files\Microsoft AntiSpyware\Quarantine\0C628631-D1D9-46B4-8C14-22A973\6E1E2783-A138-4CED-A2C4-ECC1F4 Infected: not-a-virus:AdWare.Win32.Bestofer.b
C:\MY DOWNLOADS\backups\backup-20051231-115605-954.dll Infected: not-a-virus:AdWare.Win32.ClearSearch.y
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP23\A0003432.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP23\A0003547.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003565.exe Infected: not-a-virus:AdWare.Win32.Altnet.h
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003567.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003569.exe Infected: not-a-virus:AdWare.Win32.Altnet.l
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003573.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003575.dll Infected: not-a-virus:AdWare.Win32.Altnet.j
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003576.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003577.exe Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003578.DLL Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003579.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003581.exe Infected: not-a-virus:AdWare.Win32.Altnet.g
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003603.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003604.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.o
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003608.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP24\A0003612.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003618.exe/stream Infected: not-a-virus:AdWare.Win32.404Search.h
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003618.exe Infected: not-a-virus:AdWare.Win32.404Search.h
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003620.dll Infected: not-a-virus:AdWare.Win32.404Search.l
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003626.exe/data0002 Infected: not-a-virus:AdWare.Win32.WeirWeb.a
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003626.exe Infected: not-a-virus:AdWare.Win32.WeirWeb.a
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003628.exe/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.e
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003628.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.e
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003633.exe/data0003 Infected: Trojan-Downloader.Win32.VB.eu
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003633.exe Infected: Trojan-Downloader.Win32.VB.eu
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003634.dll Infected: Trojan-Clicker.Win32.Delf.r
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003636.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003637.dll Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003638.dll Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003639.dll Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003640.dll Infected: not-a-virus:AdWare.Win32.Altnet.b
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003641.dll Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003642.EXE Infected: not-a-virus:AdWare.Win32.Bestofer.b
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003643.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP25\A0003646.dll Infected: not-a-virus:AdWare.Win32.MySearch.e
C:\System Volume Information\_restore{EC569737-B95F-4272-9602-952EE13F1A83}\RP26\A0003694.DLL Infected: not-a-virus:AdWare.Win32.MyWay.j
C:\!KillBox\tdtb.exe/systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.d
C:\!KillBox\tdtb.exe Infected: not-a-virus:AdWare.Win32.ImiBar.d
C:\!KillBox\bunSetup.cab/lsp_.dll Infected: not-a-virus:AdWare.Win32.Sahat.f
C:\!KillBox\bunSetup.cab/SAHAgent_.exe Infected: not-a-virus:AdWare.Win32.ShopAtHome.b
C:\!KillBox\bunSetup.cab/SAHUninstall_.exe Infected: not-a-virus:AdWare.Win32.Sahat.p
C:\!KillBox\bunSetup.cab/SahHtml_.exe Infected: not-a-virus:AdWare.Win32.Sahat.i
C:\!KillBox\bunSetup.cab/WEBInstaller.dll Infected: not-a-virus:AdWare.Win32.Sahat.r
C:\!KillBox\bunSetup.cab Infected: not-a-virus:AdWare.Win32.Sahat.r
C:\!KillBox\MySearch\bar\1.bin\NPMYSRCH.DLL Infected: not-a-virus:AdWare.Win32.MyWay.j

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 1:55:21 PM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\MY DOWNLOADS\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\MY DOWNLOADS\iTunesHelper.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Action Manager 32.lnk = C:\WINDOWS\SYSTEM32\notepad.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://moneycentral....s/pmupdate2.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7A3374E-2D30-4C4A-811F-80E6356DEE77}: NameServer = 168.253.8.17 168.253.8.18
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe

#8 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 29 January 2006 - 04:01 PM

If you can afford it, I recommend Nod32:

http://www.eset.com/home/home.htm

Otherwise, try AVG free edition:

http://free.grisoft....2/lng/us/tpl/v5

* Double-click on Killbox.exe to run it.

Put a tick by Delete on Reboot.
In the "Full Path of File to Delete" box, copy and paste the following line:

C:\WINDOWS\sahagent-fellymedia1002.exe
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot.

* After it reboots, go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

When the scan is finished, anything that it cannot clean have it delete it.

Post a new HiJackThis log and report back what the Housecall scan found.

#9 hippiemind

Group: Member
Posts: 108
Joined: 04-December 03

Posted 30 January 2006 - 01:16 AM

Howdy.................Housecall found about 25 items and then deleted them befor I could get to read them.

am going to try some of the poker sites to see what my delay time is. Will let you know.

Here is the latest Hijack

Logfile of HijackThis v1.99.1
Scan saved at 11:54:10 PM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\SYSTEM32\sol.exe
C:\MY DOWNLOADS\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\MY DOWNLOADS\iTunesHelper.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Action Manager 32.lnk = C:\WINDOWS\SYSTEM32\notepad.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://moneycentral....s/pmupdate2.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7A3374E-2D30-4C4A-811F-80E6356DEE77}: NameServer = 168.253.8.17 168.253.8.18
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe

#10 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 30 January 2006 - 08:38 AM

The log is clean. How is everything now?

#11 hippiemind

Group: Member
Posts: 108
Joined: 04-December 03

Posted 31 January 2006 - 03:28 PM

all seems well.............Thank you so very much for your well formed addiction. You people are amazing. There is no way I could afford to have this done, so this is very special. You are in my prayers.

Paul

#12 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 31 January 2006 - 04:45 PM

You're Welcome!

Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

#13 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 07 February 2006 - 07:53 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Stuck in the Mud [RESOLVED] - Geeks to Go Forums