Options
Spyware Strike
I had the same problem that started about 3 days ago. I don't even know exactly how i took care of the problem, but it hasn't come back since.
I only used 2 tools though Ad-Ware Se and Norton Corporate. For both programs I selected the constant monitoring just for this one problem. Ran scans, deleted the SpyStrike registry, ran more scans, turned off all unrecognized applications and anything else unneeded in the background, ran one last set of scans, and well it hasn't popped back up in about 7 hours and 2 restarts.
Edit
Spoke too soon
/Edit
I only used 2 tools though Ad-Ware Se and Norton Corporate. For both programs I selected the constant monitoring just for this one problem. Ran scans, deleted the SpyStrike registry, ran more scans, turned off all unrecognized applications and anything else unneeded in the background, ran one last set of scans, and well it hasn't popped back up in about 7 hours and 2 restarts.
Edit
Spoke too soon
/Edit
0
Comments
I split your post so you can have your own thread and I've named it Spyware Strike.
There is a tool to fix your problem so no need to edit the registry
==
Do the following:
Create a new folder in your C: and name it HJT
Download the latest version from HERE
Save and unzip HJT to your new folder
Open HJT and click the Do a system scan and save a logfile button
Post the entire contents from Notepad here
here is the log, and i thank you for doing this for me. Short-Media Rocks.
Logfile of HijackThis v1.99.1
Scan saved at 5:10:50 PM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\hijackthis_199\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\vtstq.dll
O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - C:\Program Files\Crystalys media\cm.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bullseye-network.com/download/bargain_buddy/cab/installer_MARKETING48.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114638868533
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Can you do the following
Please download VundoFix.exe to your desktop.
Vundo.txt (rescaned clean on startup.)
Listing files found while scanning....
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qtstv.tmp
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.tmp
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\vtstq.dll
Attempting to delete C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qtstv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtstv.tmp
C:\WINDOWS\system32\qtstv.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedb.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V4.0
Listing files found while scanning....
Logfile of HijackThis v1.99.1
Scan saved at 5:54:48 PM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - C:\Program Files\Crystalys media\cm.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bullseye-network.com/download/bargain_buddy/cab/installer_MARKETING48.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114638868533
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Go to Add/Remove programs in Control Panel and look for the following
Crystalys media
If found, please uninstall.
===
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Download smitRem.exe and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
Place a shortcut to Panda ActiveScan on your desktop.
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!
Next, please reboot your computer in SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items and click 'Fix Checked':===================================================
O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - C:\Program Files\Crystalys media\cm.dll
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bullseye-network.com...ARKETING48.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
===================================================
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido: (Do not use the computer while Ewido is scanning as it may interrupt the scan)
- Click on scanner
- Click Complete System Scan and the scan will begin.
- NOTE: During some scans with ewido it is finding cases of false positives.
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
Close EwidoNext go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.
Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.
Logfile of HijackThis v1.99.1
Scan saved at 8:36:24 PM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114638868533
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Wed 01/18/2006
The current time is: 18:58:07.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
Video iCodec
SpywareStrike
Security Toolbar
~~~ Shortcuts ~~~
quick launch SpywareStrike 2.5.lnk
SpywareStrike 2.5.lnk
SpywareStrike folder
Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url
~~~ Favorites ~~~
Antivirus Test Online.url
~~~ system32 folder ~~~
1024 dir
msvol.tlb
ncompat.tlb
mscornet.exe
hp***.tmp
logfiles
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 764 'explorer.exe'
Killing PID 764 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
SpywareStrike
~~~ Shortcuts ~~~
SpywareStrike folder
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
ewido anti-malware - Scan report
+ Created on: 8:09:23 PM, 1/18/2006
+ Report-Checksum: AE8A0888
+ Scan result:
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\WinSoftware -> Adware.WinFixer : Cleaned with backup
HKLM\SOFTWARE\WinSoftware\WinAntiSpyware 2005 -> Adware.WinFixer : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@ad.yieldmanager[1].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@burstnet[2].txt[/email] -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@www.burstbeacon[2].txt[/email] -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@www.myaffiliateprogram[2].txt[/email] -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\wildman matt\Shared\Reason-3.0-Full.zip/Reason3CRK.exe/Reason3CRK.exe -> Backdoor.Agobot : Error during cleaning
C:\HJT\hijackthis_199\backups\backup-20060118-185723-405.dll -> Dialer.Generic : Cleaned with backup
C:\RECYCLER\NPROTECT\01280865.EXE -> Downloader.Small.ayl : Cleaned with backup
::Report End
C:\Documents and Settings\wildman matt\Shared\Reason-3.0-Full.zip/Reason3CRK.exe/Reason3CRK.exe
The file will be scanned by various Anti-Virus scanners. The results are listed under Scanner Results. Please post them here.
You have been the biggest help, like you wouldn’t believe. I'm alright with computers but viruses and stuff I don’t do too well with. And whenever I asked anyone else like OfficeMax or a store, I'm sure they just wanted to make a sale, they would tell me to buy some 90$ program or something.
I have another computer on my Network that has been having similar problems just not with Spyware Strike. Do you think if i ran HJT and put up a list you could recommend something?
Thank you so much.
I will give you instructions shortly on what to do as soon as I get them
Lets take the easy route first!
Please download this tool
Save it to a folder on your desktop and then open the file to let it scan
Let me know how it goes
If you want to do the long route then let me know and i'l repost what to do
This is the Hi Jack This log for my other computer, it looks alot worse off.
Logfile of HijackThis v1.99.1
Scan saved at 7:12:40 PM, on 1/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\HJT\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {01611BF8-63B9-475C-8027-F8F95F33D7E4} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04099115-f332-43ad-93d8-10429d347105} - C:\WINDOWS\system32\dvjgmduw.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {078414A6-38EB-40E5-902A-61867B2FD334} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {08F3AD76-9C98-4035-8EEA-8F6A193A22CB} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0AC6F683-1B3F-4CD3-9DBF-FF37C3463EED} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0AEBCBD5-3647-4601-AF6F-BCF25CB664E1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0AF7B079-794F-4CAC-B7D4-0E3E3119A8D9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0B537519-5547-46FE-B62C-732A5E4696CD} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0E187DA0-DECE-4D63-AEED-BCC43930C2B7} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0E5DB48C-C0D9-46DC-B6A5-5E0C6AE33835} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {100F0042-A5B0-45B2-9AC4-AE16A0B91289} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {10EB9832-78C3-455E-89F6-2E22D2C3C325} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {23B3DE21-6CB5-4565-A1BE-7081B10E82D9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {26FCECD9-AE9E-40DD-934A-F57D4E0DEC9C} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {2E7A0073-7462-4413-8E6D-125D94E306C9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {3320D417-BE90-4262-A8C0-B888E6672B9B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {3AAAC309-433D-4DB2-8BBC-505AA94CBAD1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {3ee0b2ea-53d6-403c-abae-625553b22ef6} - C:\WINDOWS\system32\dvjgmduw.dll
O2 - BHO: (no name) - {3F1416D1-BB0D-4686-B175-D2D896A72986} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {441D743D-E1F1-4FE9-9013-04A8F820E390} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {46AD303B-66C9-41F0-8B9C-7CD9053C1E43} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {4A5FF79A-F51D-483F-9079-C29B75016D87} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {4B4671C8-940E-460C-8F94-630F0A03F4CC} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {4C62F510-6EC4-46D9-9947-FC09E2D06284} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {5027DB6F-2ED6-4792-8819-AA10BC2CD676} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {52C18D5E-78FE-4D66-82C4-2C05F8EDB432} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {559155D8-A9DB-4F71-8E6A-B4209984F7FF} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {59AC233B-9E08-4D2B-8DE6-02A1E52EF971} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5CB9B752-3393-4C24-B9A6-F6DFAFB8ADB3} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {605EF9A9-C760-4DEC-AA8A-675E7D40BA0E} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {63D7B820-0D00-4B44-9C28-7E21F9C1C61D} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {643C5D7D-B44F-48D6-900B-0F8FE5A1FB8B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {69AB15F6-25A1-449B-A97F-BEBDD5E973A9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {6AFDC274-A617-425D-9BED-418041AA5FE4} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {6C9892EB-E3EB-4233-A977-736225B0D1F3} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {6F4672A8-F4DA-458E-B4B1-C34AB2330B8B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {71505434-5F2A-417B-84AE-2C3F4A858016} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {727BE4C2-E12C-40D2-9A03-3C9F69BBFE51} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {7B04D987-345B-499E-8184-E36DEC3135AA} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {807D3AC4-7E9F-4313-9344-6F48549F31F9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {81314D3C-E575-4F3B-89E1-725F138638C6} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {8748401F-92AA-4E55-BF9C-5DDBBCF60742} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {8B1EF3D9-7D2C-4D4E-9BC7-05AA430A7C97} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {935BFFC1-5901-4DC1-85AD-8B33071F5C26} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {941111A3-FC9C-4300-9471-9065A2BD0E52} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {979EABFE-31A3-4A44-B5DD-C66EBE14345D} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {9ABC0D51-DB47-4C3C-98DD-4084ABE849FE} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {9B1DBA2F-29A9-43C0-959F-0375F361F263} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {9D28838D-4833-4678-A306-6BFDEF6D6E6C} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {A173DE5B-650D-48FE-825F-A6CE511531C1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {A2B30204-DE27-4ACD-B761-74F1B8322942} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {A336A7B8-0F0B-4873-A9E5-7CA498E6AA46} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {AB93C9BC-3F54-47DE-832B-A0C69975653B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {B0A1B3A1-743D-4483-84D0-1B0C1EE21369} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {BAB3CC8C-2FCF-45FF-B891-D6479E27B06F} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {BAE5A034-BD23-4B08-8898-671D03F6017F} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {C2038299-F25E-47B3-9DDE-25CEE7B79EF4} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {C463D164-1419-4D3E-80AB-619C9D2A422C} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {C6933281-5044-4F85-8639-8C96F8F0DB2D} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {c8533473-c4a2-427d-a759-39a28681378b} - C:\WINDOWS\system32\dvjgmduw.dll
O2 - BHO: (no name) - {CD0F1596-EF2C-41F7-BA15-0142709479AB} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {D300EFF8-3521-4D6E-8BDA-3565111540CF} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {DA6B89EA-9506-429F-BE6E-E6C207E7D4BD} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {E05258CA-1946-FD34-0D5C-B042E7E44918} - C:\Documents and Settings\sandra\Application Data\Delete Love\View Hide.exe (file missing)
O2 - BHO: (no name) - {E769406E-1546-4FC2-82C6-860E254C9609} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EAFAA5E4-3C64-4FDA-B133-0F26F78BD3D6} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EDF3CF91-BA5F-41D7-B9DE-E3A75AA91BE1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EE707E49-9E5B-4D98-B69B-0E983ACE35A5} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EF8610F0-89AF-426C-8580-44B32118294E} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O2 - BHO: (no name) - {F8EDFD57-08C7-49BF-B7A4-56CE988F2E95} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FC768992-8482-48B4-BBEA-748A8135BA67} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FD2065FF-AD7D-4F83-8CEC-317C39ADBD95} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {FF249839-4EF5-44F1-8C84-6A8F67232D12} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FFD3E436-E3E0-4B96-836E-7C968994698A} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_14.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: mljjh - mljjh.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
Before we do that, we need to remove that backdoor on your first computer with an Anti-Virus sofware before deleting it manually.
F-bot should have opened a ms-dos window and it should have start ed scanning your system.
Can you do this please
Download the trial version of F-Secure Anti-Virus 2006 on all the computers on the network. Fill out the info to get a download link.
Disable your current Anti-Virus by closing it down temporarly.
Run F-Secure Anti-Virus
Scan with Ewido
Post any logs you get here
ewido anti-malware - Scan report
+ Created on: 7:58:15 AM, 1/22/2006
+ Report-Checksum: 74BDB1AF
+ Scan result:
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@2o7[1].txt[/email] -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@ad.yieldmanager[1].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@ads.addynamix[1].txt[/email] -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@advertising[1].txt[/email] -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@atdmt[2].txt[/email] -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@casalemedia[1].txt[/email] -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@doubleclick[1].txt[/email] -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@edge.ru4[2].txt[/email] -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@questionmarket[1].txt[/email] -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@revenue[1].txt[/email] -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@tradedoubler[1].txt[/email] -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@trafficmp[1].txt[/email] -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@valueclick[1].txt[/email] -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@www.burstbeacon[1].txt[/email] -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\wildman matt\Shared\Reason-3.0-Full.zip/Reason3CRK.exe/Reason3CRK.exe -> Backdoor.Agobot : Error during cleaning
::Report End
ewido anti-malware - Scan report
+ Created on: 10:52:50 AM, 1/22/2006
+ Report-Checksum: 9ADA3428
+ Scan result:
No infected objects found.
::Report End
View hidden files and folders – explained here
Go into Safe Mode - explained here
==
Find and Delete the following:
C:\Documents and Settings\wildman matt\Shared\Reason-3.0-Full.zip << Delete this whole zip folder
==
Run another scan with Ewido and save a log.
==
Reboot into Normal Mode and post a HJT log along with the Ewido log.
Hopefully, we can start cleaning your other log
Incident Status Location
Spyware:Cookie/Adrevolver
Not disinfected
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@adrevolver[2].txt[/email]
Spyware:Cookie/Adrevolver
Not disinfected
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@adrevolver[3].txt[/email]
Spyware:Cookie/Ask
Not disinfected
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@ask[1].txt[/email]
Spyware:Cookie/Belnk
Not disinfected
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@ath.belnk[2].txt[/email]
Spyware:Cookie/Banner
Not disinfected
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@banner[1].txt[/email]
Spyware:Cookie/Belnk
Not disinfected
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@belnk[1].txt[/email]
Spyware:Cookie/Belnk
Not disinfected
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@dist.belnk[1].txt[/email]
Spyware:Cookie/RealMedia
Not disinfected
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@realmedia[1].txt[/email]
Spyware:Cookie/Searchportal
Not disinfected
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@searchportal.information[1].txt[/email]
Spyware:Cookie/Zedo
Not disinfected
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@zedo[2].txt[/email]
Potentially unwanted tool:Application/Processor
Not disinfected
C:\Documents and Settings\wildman matt\Desktop\smitrem\Process.exe
Potentially unwanted tool:Application/RealSpy
Not disinfected
C:\WINDOWS\system32\actskn45.ocx
ewido anti-malware - Scan report
+ Created on: 3:47:48 PM, 1/22/2006
+ Report-Checksum: AB089F5A
+ Scan result:
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@ad.yieldmanager[2].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@atdmt[2].txt[/email] -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@casalemedia[1].txt[/email] -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@citi.bridgetrack[1].txt[/email] -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@doubleclick[1].txt[/email] -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@fastclick[2].txt[/email] -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@mediaplex[1].txt[/email] -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@trafficmp[2].txt[/email] -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\wildman matt\Cookies\wildman [email]matt@tribalfusion[1].txt[/email] -> Spyware.Cookie.Tribalfusion : Cleaned with backup
::Report End
If this PC is better then could you post a new HJT log from your other PC please.
Scan saved at 9:27:27 PM, on 1/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\HJT\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {01611BF8-63B9-475C-8027-F8F95F33D7E4} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04099115-f332-43ad-93d8-10429d347105} - C:\WINDOWS\system32\dvjgmduw.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {078414A6-38EB-40E5-902A-61867B2FD334} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {08F3AD76-9C98-4035-8EEA-8F6A193A22CB} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0AC6F683-1B3F-4CD3-9DBF-FF37C3463EED} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0AEBCBD5-3647-4601-AF6F-BCF25CB664E1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0AF7B079-794F-4CAC-B7D4-0E3E3119A8D9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0B537519-5547-46FE-B62C-732A5E4696CD} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0E187DA0-DECE-4D63-AEED-BCC43930C2B7} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0E5DB48C-C0D9-46DC-B6A5-5E0C6AE33835} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {100F0042-A5B0-45B2-9AC4-AE16A0B91289} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {10EB9832-78C3-455E-89F6-2E22D2C3C325} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {23B3DE21-6CB5-4565-A1BE-7081B10E82D9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {26FCECD9-AE9E-40DD-934A-F57D4E0DEC9C} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {2E7A0073-7462-4413-8E6D-125D94E306C9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {3320D417-BE90-4262-A8C0-B888E6672B9B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {3AAAC309-433D-4DB2-8BBC-505AA94CBAD1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {3ee0b2ea-53d6-403c-abae-625553b22ef6} - C:\WINDOWS\system32\dvjgmduw.dll
O2 - BHO: (no name) - {3F1416D1-BB0D-4686-B175-D2D896A72986} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {441D743D-E1F1-4FE9-9013-04A8F820E390} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {46AD303B-66C9-41F0-8B9C-7CD9053C1E43} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {4A5FF79A-F51D-483F-9079-C29B75016D87} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {4B4671C8-940E-460C-8F94-630F0A03F4CC} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {4C62F510-6EC4-46D9-9947-FC09E2D06284} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {5027DB6F-2ED6-4792-8819-AA10BC2CD676} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {52C18D5E-78FE-4D66-82C4-2C05F8EDB432} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {559155D8-A9DB-4F71-8E6A-B4209984F7FF} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {59AC233B-9E08-4D2B-8DE6-02A1E52EF971} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5CB9B752-3393-4C24-B9A6-F6DFAFB8ADB3} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {605EF9A9-C760-4DEC-AA8A-675E7D40BA0E} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {63D7B820-0D00-4B44-9C28-7E21F9C1C61D} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {643C5D7D-B44F-48D6-900B-0F8FE5A1FB8B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {69AB15F6-25A1-449B-A97F-BEBDD5E973A9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {6AFDC274-A617-425D-9BED-418041AA5FE4} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {6C9892EB-E3EB-4233-A977-736225B0D1F3} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {6F4672A8-F4DA-458E-B4B1-C34AB2330B8B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {71505434-5F2A-417B-84AE-2C3F4A858016} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {727BE4C2-E12C-40D2-9A03-3C9F69BBFE51} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {7B04D987-345B-499E-8184-E36DEC3135AA} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {807D3AC4-7E9F-4313-9344-6F48549F31F9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {81314D3C-E575-4F3B-89E1-725F138638C6} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {8748401F-92AA-4E55-BF9C-5DDBBCF60742} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {8B1EF3D9-7D2C-4D4E-9BC7-05AA430A7C97} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {935BFFC1-5901-4DC1-85AD-8B33071F5C26} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {941111A3-FC9C-4300-9471-9065A2BD0E52} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {979EABFE-31A3-4A44-B5DD-C66EBE14345D} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {9ABC0D51-DB47-4C3C-98DD-4084ABE849FE} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {9B1DBA2F-29A9-43C0-959F-0375F361F263} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {9D28838D-4833-4678-A306-6BFDEF6D6E6C} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {A173DE5B-650D-48FE-825F-A6CE511531C1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {A2B30204-DE27-4ACD-B761-74F1B8322942} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {A336A7B8-0F0B-4873-A9E5-7CA498E6AA46} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {AB93C9BC-3F54-47DE-832B-A0C69975653B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {B0A1B3A1-743D-4483-84D0-1B0C1EE21369} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {BAB3CC8C-2FCF-45FF-B891-D6479E27B06F} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {BAE5A034-BD23-4B08-8898-671D03F6017F} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {C2038299-F25E-47B3-9DDE-25CEE7B79EF4} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {C463D164-1419-4D3E-80AB-619C9D2A422C} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {C6933281-5044-4F85-8639-8C96F8F0DB2D} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {c8533473-c4a2-427d-a759-39a28681378b} - C:\WINDOWS\system32\dvjgmduw.dll
O2 - BHO: (no name) - {CD0F1596-EF2C-41F7-BA15-0142709479AB} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {D300EFF8-3521-4D6E-8BDA-3565111540CF} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {DA6B89EA-9506-429F-BE6E-E6C207E7D4BD} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {E05258CA-1946-FD34-0D5C-B042E7E44918} - C:\Documents and Settings\sandra\Application Data\Delete Love\View Hide.exe (file missing)
O2 - BHO: (no name) - {E769406E-1546-4FC2-82C6-860E254C9609} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EAFAA5E4-3C64-4FDA-B133-0F26F78BD3D6} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EDF3CF91-BA5F-41D7-B9DE-E3A75AA91BE1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EE707E49-9E5B-4D98-B69B-0E983ACE35A5} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EF8610F0-89AF-426C-8580-44B32118294E} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O2 - BHO: (no name) - {F8EDFD57-08C7-49BF-B7A4-56CE988F2E95} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FC768992-8482-48B4-BBEA-748A8135BA67} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FD2065FF-AD7D-4F83-8CEC-317C39ADBD95} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {FF249839-4EF5-44F1-8C84-6A8F67232D12} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FFD3E436-E3E0-4B96-836E-7C968994698A} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_14.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: mljjh - mljjh.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
You have the nasty NewDotNet infection
Please go to Add/Remove Programs in Control Panel and uninstall NewdotNet. If you don't have that option or if you have difficulties then go to PROCEDURE 4 on this site
While in Add/Remove Programs, can you also uninstall
My Web Search (Smiley Central or FWP product as applicable)
My Way Speedbar (Smiley Central or other FWP as applicable)
My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
Search Assistant - My Way
Reboot and post a new HJT log
Scan saved at 4:09:27 PM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\HJT\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {01611BF8-63B9-475C-8027-F8F95F33D7E4} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04099115-f332-43ad-93d8-10429d347105} - C:\WINDOWS\system32\dvjgmduw.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {078414A6-38EB-40E5-902A-61867B2FD334} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {08F3AD76-9C98-4035-8EEA-8F6A193A22CB} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0AC6F683-1B3F-4CD3-9DBF-FF37C3463EED} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0AEBCBD5-3647-4601-AF6F-BCF25CB664E1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0AF7B079-794F-4CAC-B7D4-0E3E3119A8D9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0B537519-5547-46FE-B62C-732A5E4696CD} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0E187DA0-DECE-4D63-AEED-BCC43930C2B7} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {0E5DB48C-C0D9-46DC-B6A5-5E0C6AE33835} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {100F0042-A5B0-45B2-9AC4-AE16A0B91289} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {10EB9832-78C3-455E-89F6-2E22D2C3C325} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {23B3DE21-6CB5-4565-A1BE-7081B10E82D9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {26FCECD9-AE9E-40DD-934A-F57D4E0DEC9C} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {2E7A0073-7462-4413-8E6D-125D94E306C9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {3320D417-BE90-4262-A8C0-B888E6672B9B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {3AAAC309-433D-4DB2-8BBC-505AA94CBAD1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {3ee0b2ea-53d6-403c-abae-625553b22ef6} - C:\WINDOWS\system32\dvjgmduw.dll
O2 - BHO: (no name) - {3F1416D1-BB0D-4686-B175-D2D896A72986} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {441D743D-E1F1-4FE9-9013-04A8F820E390} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {46AD303B-66C9-41F0-8B9C-7CD9053C1E43} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {4A5FF79A-F51D-483F-9079-C29B75016D87} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {4B4671C8-940E-460C-8F94-630F0A03F4CC} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {4C62F510-6EC4-46D9-9947-FC09E2D06284} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {5027DB6F-2ED6-4792-8819-AA10BC2CD676} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {52C18D5E-78FE-4D66-82C4-2C05F8EDB432} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {559155D8-A9DB-4F71-8E6A-B4209984F7FF} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {59AC233B-9E08-4D2B-8DE6-02A1E52EF971} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5CB9B752-3393-4C24-B9A6-F6DFAFB8ADB3} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {605EF9A9-C760-4DEC-AA8A-675E7D40BA0E} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {63D7B820-0D00-4B44-9C28-7E21F9C1C61D} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {643C5D7D-B44F-48D6-900B-0F8FE5A1FB8B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {69AB15F6-25A1-449B-A97F-BEBDD5E973A9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {6AFDC274-A617-425D-9BED-418041AA5FE4} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {6C9892EB-E3EB-4233-A977-736225B0D1F3} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {6F4672A8-F4DA-458E-B4B1-C34AB2330B8B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {71505434-5F2A-417B-84AE-2C3F4A858016} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {727BE4C2-E12C-40D2-9A03-3C9F69BBFE51} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {7B04D987-345B-499E-8184-E36DEC3135AA} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {807D3AC4-7E9F-4313-9344-6F48549F31F9} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {81314D3C-E575-4F3B-89E1-725F138638C6} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {8748401F-92AA-4E55-BF9C-5DDBBCF60742} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {8B1EF3D9-7D2C-4D4E-9BC7-05AA430A7C97} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {935BFFC1-5901-4DC1-85AD-8B33071F5C26} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {941111A3-FC9C-4300-9471-9065A2BD0E52} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {979EABFE-31A3-4A44-B5DD-C66EBE14345D} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {9ABC0D51-DB47-4C3C-98DD-4084ABE849FE} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {9B1DBA2F-29A9-43C0-959F-0375F361F263} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {9D28838D-4833-4678-A306-6BFDEF6D6E6C} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {A173DE5B-650D-48FE-825F-A6CE511531C1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {A2B30204-DE27-4ACD-B761-74F1B8322942} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {A336A7B8-0F0B-4873-A9E5-7CA498E6AA46} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {AB93C9BC-3F54-47DE-832B-A0C69975653B} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {B0A1B3A1-743D-4483-84D0-1B0C1EE21369} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {BAB3CC8C-2FCF-45FF-B891-D6479E27B06F} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {BAE5A034-BD23-4B08-8898-671D03F6017F} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {C2038299-F25E-47B3-9DDE-25CEE7B79EF4} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {C463D164-1419-4D3E-80AB-619C9D2A422C} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {C6933281-5044-4F85-8639-8C96F8F0DB2D} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {c8533473-c4a2-427d-a759-39a28681378b} - C:\WINDOWS\system32\dvjgmduw.dll
O2 - BHO: (no name) - {CD0F1596-EF2C-41F7-BA15-0142709479AB} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {D300EFF8-3521-4D6E-8BDA-3565111540CF} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {DA6B89EA-9506-429F-BE6E-E6C207E7D4BD} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {E05258CA-1946-FD34-0D5C-B042E7E44918} - C:\Documents and Settings\sandra\Application Data\Delete Love\View Hide.exe (file missing)
O2 - BHO: (no name) - {E769406E-1546-4FC2-82C6-860E254C9609} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EAFAA5E4-3C64-4FDA-B133-0F26F78BD3D6} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EDF3CF91-BA5F-41D7-B9DE-E3A75AA91BE1} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EE707E49-9E5B-4D98-B69B-0E983ACE35A5} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {EF8610F0-89AF-426C-8580-44B32118294E} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O2 - BHO: (no name) - {F8EDFD57-08C7-49BF-B7A4-56CE988F2E95} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FC768992-8482-48B4-BBEA-748A8135BA67} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FD2065FF-AD7D-4F83-8CEC-317C39ADBD95} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {FF249839-4EF5-44F1-8C84-6A8F67232D12} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: (no name) - {FFD3E436-E3E0-4B96-836E-7C968994698A} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_14.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: mljjh - mljjh.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
Scan saved at 4:18:47 PM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_14.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
==
Please see PROCEDURE 4 on this site and follow the instructions. Reboot and then follow the instructions below.
==========
Go to Add/Remove programs in Control Panel and look for the following
Date Manager << Contains Gain adware
GMT << Gator spyware component, see here
Gain
If found, please uninstall.
==========
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
- Close ALL open windows
Click Fix Checked
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe - Contains Gain adware
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe - Gator spyware component, see here
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
==========
View hidden files and folders – explained here
==========
Find and Delete the following:
C:\Program Files\Date Manager << this folder
C:\Program Files\Common Files\GMT\GMT.exe << this file
C:\WINDOWS\svcproc.exe << this file
===========
Reboot and post a new HJT log
(some of the files you told me to delete wern't even there *yes i did the hidden files thing as well but they still wern't there*)
Could that be a problem?
Logfile of HijackThis v1.99.1
Scan saved at 6:05:47 PM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
Could you post a new HJT log please?
No problem if you couldn't find the files. They may not be there