Options
Problem : Ads 234 Removal....help!
:bawling: :bawling:
Hello ,
This problem really irritate me!!! Everytime I open up an IE window, Ads 234 hijacks the home page. Here is my hijack this log.
Logfile of HijackThis v1.99.0
Scan saved at 10:59:44 PM, on 12/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SV00LSV.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Save\Save.exe
C:\documents and settings\christy\local settings\temp\3vHNXS.exe
C:\documents and settings\christy\local settings\temp\2aH.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
C:\WINDOWS\system32\KAVFP.EXE
C:\Program Files\Common Files\KingSoft\KSG\client.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ClockSync\Sync.exe
C:\Documents and Settings\Christy\Application Data\acwu.exe
C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Kingsoft\FASTAI~1\KTEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lоgonui.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Christy\LOCALS~1\Temp\Rar$EX00.362\Hij ackThis.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\SV00LSV.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - c:\3???BT????èí?t\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: (no name) - {39F91327-E716-2AC1-D504-115505F17310} - C:\WINDOWS\system32\swkzjhaa.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: YMIN IEBand - {D4F7605B-084D-4353-A1E1-C1BC3161938C} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Christy\Local Settings\Temp\ZR2p5kkcq.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ?eé??ìò?(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [3vHNXS] C:\documents and settings\christy\local settings\temp\3vHNXS.exe
O4 - HKLM\..\Run: [2aH] C:\documents and settings\christy\local settings\temp\2aH.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [MiniMsgr] C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
O4 - HKLM\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKLM\..\Run: [KAVFP] KAVFP.EXE
O4 - HKLM\..\Run: [KsgUpdateRun] C:\Program Files\Common Files\KingSoft\KSG\client.exe
O4 - HKLM\..\RunServices: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Wvladqf] C:\WINDOWS\system32\l§àgonui.exe
O4 - HKCU\..\Run: [Twrc] C:\Documents and Settings\Christy\Application Data\acwu.exe
O4 - HKCU\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - Startup: ?eé?′ê°? 2005.lnk
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://c:\3???BT????èí?t\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: use FlashGet to download - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: use FlashGet to download all the link - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ???¢óê??í¨ - {D1B76CE4-CCCA-4B22-9ECB-09F85C140904} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1094695107296
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DE519BA-1510-42E4-8639-97CB076C2302}: NameServer = 12.127.16.83,12.127.17.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{7DE519BA-1510-42E4-8639-97CB076C2302}: NameServer = 12.127.16.83,12.127.17.83
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: CA License Client - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
###################
Spyware Doctor Activity Report
Generated on 12/21/2004 8:52:15 AM Spyware Doctor Homepage PCTools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 12/21/2004 8:52:23 AM
scan stop: 12/21/2004 9:00:12 AM
scanned items: 152854
found items: 290
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner
Infection Name Location Risk
Cydoor multiple Medium
eZula multiple Medium
Grokster multiple Medium
SaveNow multiple Medium
WhenU multiple Medium
ClockSync Sync.exe (C:\Program Files\ClockSync\Sync.exe) Medium
FlashGet flashget.exe (C:\Program Files\FlashGet\flashget.exe) Elevated
Cydoor flashget.exe (C:\WINDOWS\system32\CD_Clint.dll) Medium
ClickSpring HKCR\Interface\{20F13844-04BC-4987-9964-2502F0DA54D3} Medium
ClickSpring HKCR\Interface\{3E43040C-73C1-4898-A4F8-E2C9428B1167} Medium
ClickSpring HKCR\TypeLib\{EE6F3F6A-AD8E-48DA-9B1D-D5204B2D227D} Medium
ClickSpring HKLM\Software\ClickSpring Medium
ClickSpring HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF} Medium
ClockSync HKLM\software\microsoft\windows\currentversion\uninstall\clocksync Medium
ClockSync HKCU\software\microsoft\windows\currentversion\run##clocksync Medium
CnsMin HKCU\Software\3721 Medium
CnsMin HKLM\Software\3721 Medium
Cydoor HKCU\Software\Cydoor Medium
Cydoor HKLM\Software\Cydoor Medium
eZula HKCR\appid\{c0335198-6755-11d4-8a73-0050da2ee1be} Medium
eZula HKCR\appid\ezulabootexe.exe Medium
eZula HKCR\clsid\{C03351A4-6755-11D4-8A73-0050DA2EE1BE} Medium
eZula HKCR\ezulabootexe.installctrl Medium
eZula HKCR\ezulabootexe.installctrl.1 Medium
eZula HKCR\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be} Medium
eZula HKLM\software\classes\appid\{c0335198-6755-11d4-8a73-0050da2ee1be} Medium
eZula HKLM\software\classes\appid\ezulabootexe.exe Medium
eZula HKLM\software\classes\ezulabootexe.installctrl Medium
eZula HKLM\software\classes\ezulabootexe.installctrl.1 Medium
eZula HKLM\software\classes\ezulabootexe.installctrl\clsid Medium
eZula HKLM\software\classes\ezulabootexe.installctrl\curver Medium
eZula HKLM\software\classes\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be} Medium
eZula HKLM\software\classes\typelib\{c0335197-6755-11d4-8a73-0050da2ee1be} Medium
eZula HKCR\typelib\{c0335197-6755-11d4-8a73-0050da2ee1be} Medium
FlashGet HKCR\.jcd Elevated
FlashGet HKCR\clsid\{A5366673-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet HKCR\clsid\{E0E899AB-F487-11D5-8D29-0050BA6940E3} Elevated
FlashGet HKCR\clsid\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524} Elevated
FlashGet HKCR\clsid\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} Elevated
FlashGet HKCR\Fgiebar.FgInfoBand Elevated
FlashGet HKCR\Fgiebar.FgInfoBand.1 Elevated
FlashGet HKCR\FlashGet.Document Elevated
FlashGet HKCR\Interface\{A5366672-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet HKCR\Interface\{E0E899AA-F487-11D5-8D29-0050BA6940E3} Elevated
FlashGet HKCR\Interface\{FB5DA723-162B-11D3-8B9B-AA70B4B0B524} Elevated
FlashGet HKCR\Jccatch.IeCatch2 Elevated
FlashGet HKCR\Jccatch.IeCatch2.1 Elevated
FlashGet HKCR\JetCar.IeCatch Elevated
FlashGet HKCR\JetCar.IeCatch.1 Elevated
FlashGet HKCR\JetCar.Netscape Elevated
FlashGet HKCR\JetCar.Netscape.1 Elevated
FlashGet HKCR\TypeLib\{79DE8D41-161C-11D3-8B9B-DF77640BA112} Elevated
FlashGet HKCR\TypeLib\{E0E8999E-F487-11D5-8D29-0050BA6940E3} Elevated
FlashGet HKCU\Software\JetCar Elevated
FlashGet HKCU\Software\Stilesoft Elevated
FlashGet HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} Elevated
FlashGet HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{A5366673-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet HKCU\Software\Netscape\Netscape Navigator\Automation Protocols##ftp##JetCar.Netscape Elevated
FlashGet HKLM\software\microsoft\internet explorer\toolbar##{E0E899AB-F487-11D5-8D29-0050BA6940E3} Elevated
FlashGet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashGet(JetCar) Elevated
FlashGet HKCU\Software\Netscape\Netscape Navigator\Automation Protocols##http##JetCar.Netscape Elevated
IEPlugin HKCR\clsid\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
IEPlugin HKCR\Interface\{E318D698-27B3-44D5-8998-C35EAFB9C034} Medium
IEPlugin HKCR\TypeLib\{ECB25A48-E6E0-49AF-99AF-07C763E31389} Medium
IEPlugin HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
MediaTicket HKCR\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF} Elevated
PcPowerscan HKCR\TypeLib\{1BCD446E-7095-11D0-9C4E-00AA00BDD685} Low
PurityScan HKCU\software\purityscan Medium
Searchforit.com HKCU\Software\WhenU Elevated
Searchforit.com HKCU\Software\Microsoft\Windows\CurrentVersion\Run##ClockSync Elevated
Searchforit.com HKCR\AppID\eZulaBootExe.EXE Elevated
Searchforit.com HKCR\EZulaBootExe.InstallCtrl Elevated
Searchforit.com HKCR\EZulaBootExe.InstallCtrl.1 Elevated
Searchforit.com HKLM\SOFTWARE\WhenUSave Elevated
WhenU HKCR\WUSN.1 Medium
WhenU HKLM\SOFTWARE\WhenUSave Medium
WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##WhenUSave Medium
WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClockSync Medium
WhenU HKLM\SOFTWARE\WhenUSave\Partners Medium
WhenU HKCU\Software\Microsoft\Windows\CurrentVersion\Run##ClockSync Medium
Winpage Blocker HKCR\clsid\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
Winpage Blocker HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
Zango Search Assistant HKCR\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF} Elevated
Zango Search Assistant HKCR\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 Elevated
Zango Search Assistant HKLM\SOFTWARE\ClickSpring Elevated
Zango Search Assistant HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF} Elevated
Zango Search Assistant HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx Elevated
Tracking Cookie(s) [email]christy@S151311[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ads.pointroll[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@11268342[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@gator[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@network.realmedia[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@realmedia[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@valueclick[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@abetterinternet[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@cgi-bin[19].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-j2.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-tickleinc.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ar.atwola[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@tribalfusion[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@62672927[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@valuead[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@25432653[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@overture[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ads.specificclick[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@campaigns.f2.com[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-viacom.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@advertising[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@paycounter[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@hg1.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@servedby.advertising[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@espn.go[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@metareward[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@tmpad[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-dig.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@bravenet[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ads.addynamix[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@2o7[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@web4.realtracker[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@statcounter[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@www.web-stat[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@bfast[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@zedo[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@specificclick[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@z1.adserver[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@adnetintads.valuead[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@mediaplex[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@trafic[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-bestbuy.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@counter.hitslink[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ezboard[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@go[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@atwola[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@cs.valuead[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-aol.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@tripod[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-enotes.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@questionmarket[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@server.iad.liveperson[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@clickagents[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-newegg.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@counter2.hitslink[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@66693905[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@doubleclick[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@maxserving[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@dcskqeg2voifwznnd6alhtnei_8f3u[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ads.specificpop[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S146260[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@qksrv[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@trafficmp[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@bluestreak[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@revenue[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S130376[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@cgi-bin[17].txt[/email] Medium
Tracking Cookie(s) [email]christy@www2.yesadvertising[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@centrport[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@exitexchange[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@targetnet[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@rsi.espn.go[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@citi.bridgetrack[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-cruiseone.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-meandaur.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S139232[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@cgi-bin[5].txt[/email] Medium
Tracking Cookie(s) [email]christy@commission-junction[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@atdmt[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@247realmedia[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@fastclick[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@adviva[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@www.affiliatefuel[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@a.as-us.falkag[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@theuseful[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-shoes.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@linksynergy[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@S110380[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@internetfuel[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-sierratradingpost.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@www.cheapest-online-advertising[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@112.2o7[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-techtarget.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@dcst8x41poifwzzk3iihgm3xb_9p4w[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@w101.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@adlegend[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@valueclick[3].txt[/email] Medium
Tracking Cookie(s) [email]christy@adtech[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@net-filter[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@stat.onestat[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@hotlog[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@go2net[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@cgi-bin[4].txt[/email] Medium
Tracking Cookie(s) [email]christy@okcounter[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@server1.web-stat[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@cgi-bin[6].txt[/email] Medium
Tracking Cookie(s) [email]christy@tradedoubler[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@data.coremetrics[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-superwarehouse.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S149487[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@fortunecity[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ads.x10[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@insightfirst[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@74613876[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-acdsystems.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@casalemedia[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@phg.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@perf.overture[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@apmebf[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S113851[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@servlets[3].txt[/email] Medium
Tracking Cookie(s) [email]christy@sales.liveperson[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S001-00-3-31-118674-3301[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@as-us.falkag[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@specificpop[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@3721[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-maplesoft.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@hc2.humanclick[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@www.metareward[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@servlet[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@zwsw.3721[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@45813911[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-aha.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@www2.flowgo[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@site.x10[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@c1.zedo[1].txt[/email] Medium
ClickSpring {9EB320CE-BE1D-4304-A081-4B4665414BEF} Medium
eZula {C03351A4-6755-11D4-8A73-0050DA2EE1BE} Medium
FlashGet {A5366673-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet {E0E899AB-F487-11D5-8D29-0050BA6940E3} Elevated
FlashGet {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} Elevated
FlashGet {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} Elevated
IEPlugin {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
MediaTicket {9EB320CE-BE1D-4304-A081-4B4665414BEF} Elevated
Winpage Blocker {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
FlashGet C:\Documents and Settings\Christy\Desktop\FlashGet.lnk Elevated
FlashGet C:\Documents and Settings\Christy\Start Menu\Programs\FlashGet\Documentation.lnk Elevated
FlashGet C:\Documents and Settings\Christy\Start Menu\Programs\FlashGet\FlashGet.lnk Elevated
FlashGet C:\Documents and Settings\Christy\Start Menu\Programs\FlashGet\License.lnk Elevated
FlashGet C:\Documents and Settings\Christy\Start Menu\Programs\FlashGet\Uninstall FlashGet.lnk Elevated
FlashGet C:\Documents and Settings\Christy\Start Menu\Programs\FlashGet\What's New.lnk Elevated
CnsMin C:\Program Files\3721\autolive.dll Medium
CnsMin C:\Program Files\3721\Helper.dll Medium
ClockSync C:\Program Files\clocksync\Sync.exe Medium
WhenU C:\Program Files\ClockSync\Sync.exe Medium
ClockSync C:\Program Files\clocksync\Uninst.exe Medium
WhenU C:\Program Files\ClockSync\Uninst.exe Medium
FlashGet C:\Program Files\FlashGet\INSTALL.LOG Elevated
FlashGet C:\Program Files\FlashGet\language\jcchs.ini Elevated
FlashGet C:\Program Files\FlashGet\language\jccht.ini Elevated
FlashGet C:\Program Files\FlashGet\language\jceng.ini Elevated
PurityScan C:\Program Files\purityscan\PurityScan.exe Medium
PowerSearch C:\Program Files\Save\ReadMe.txt Medium
WhenU C:\Program Files\Save\save.db Medium
OnlDial/MaConnect C:\Program Files\Save\save.db Medium
PowerSearch C:\Program Files\Save\save.db Medium
WhenU C:\Program Files\Save\Save.exe Medium
PowerSearch C:\Program Files\Save\Save.exe Medium
PowerSearch C:\Program Files\Save\save.htm Medium
WhenU C:\Program Files\Save\save.htm Medium
WhenU C:\Program Files\Save\SaveUninst.exe Medium
PowerSearch C:\Program Files\Save\SaveUninst.exe Medium
PowerSearch C:\Program Files\Save\store.db Medium
ClickSpring C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF Medium
Zango Search Assistant C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF Elevated
ClickSpring C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx Medium
Zango Search Assistant C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx Elevated
Cydoor C:\WINDOWS\system32\CD_CLINT.DLL Medium
FlashGet C:\Program Files\FlashGet\Skin\ImageBk.ini Elevated
FlashGet C:\Program Files\FlashGet\Skin\XP_Luna.ini Elevated
FlashGet C:\Program Files\FlashGet\Skin\XP_Luna(Gradient).ini Elevated
FlashGet C:\Program Files\FlashGet\Skin\Sky(Gradient).ini Elevated
FlashGet C:\Program Files\FlashGet\Normal.jcs Elevated
FlashGet C:\Program Files\FlashGet\Skin\Normal.ini Elevated
FlashGet C:\Program Files\FlashGet\flashget.exe.manifest Elevated
FlashGet C:\Program Files\FlashGet\jc_all.htm Elevated
FlashGet C:\Program Files\FlashGet\Table.jcs Elevated
FlashGet C:\Program Files\FlashGet\mymirror.lst Elevated
FlashGet C:\Program Files\FlashGet\unreg.inf Elevated
FlashGet C:\Program Files\FlashGet\Skin\Leftback.jpg Elevated
FlashGet C:\Program Files\FlashGet\Skin\logo_bg.gif Elevated
FlashGet C:\Program Files\FlashGet\jc_link.htm Elevated
FlashGet C:\Program Files\FlashGet\License.txt Elevated
FlashGet C:\Program Files\FlashGet\sounds\error.wav Elevated
FlashGet C:\Program Files\FlashGet\sounds\all_done.wav Elevated
FlashGet C:\Program Files\FlashGet\sounds\done.wav Elevated
FlashGet C:\Program Files\FlashGet\sounds\added.wav Elevated
FlashGet C:\Program Files\FlashGet\mirrors.lst Elevated
FlashGet C:\Program Files\FlashGet\Skin\TestBk.jpg Elevated
FlashGet C:\Program Files\FlashGet\fgiebar.dll Elevated
FlashGet C:\Program Files\FlashGet\UNWISE.EXE Elevated
MediaTicket C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF Elevated
#####The avove log is what I get from Spyware Doctor after I scan my computer, hope it is helpful for you to help me to solve my problem!!!
Thank you very much for helping me!!!
Hello ,
This problem really irritate me!!! Everytime I open up an IE window, Ads 234 hijacks the home page. Here is my hijack this log.
Logfile of HijackThis v1.99.0
Scan saved at 10:59:44 PM, on 12/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SV00LSV.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Save\Save.exe
C:\documents and settings\christy\local settings\temp\3vHNXS.exe
C:\documents and settings\christy\local settings\temp\2aH.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
C:\WINDOWS\system32\KAVFP.EXE
C:\Program Files\Common Files\KingSoft\KSG\client.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ClockSync\Sync.exe
C:\Documents and Settings\Christy\Application Data\acwu.exe
C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Kingsoft\FASTAI~1\KTEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lоgonui.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Christy\LOCALS~1\Temp\Rar$EX00.362\Hij ackThis.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\SV00LSV.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - c:\3???BT????èí?t\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: (no name) - {39F91327-E716-2AC1-D504-115505F17310} - C:\WINDOWS\system32\swkzjhaa.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: YMIN IEBand - {D4F7605B-084D-4353-A1E1-C1BC3161938C} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Christy\Local Settings\Temp\ZR2p5kkcq.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ?eé??ìò?(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [3vHNXS] C:\documents and settings\christy\local settings\temp\3vHNXS.exe
O4 - HKLM\..\Run: [2aH] C:\documents and settings\christy\local settings\temp\2aH.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [MiniMsgr] C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
O4 - HKLM\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKLM\..\Run: [KAVFP] KAVFP.EXE
O4 - HKLM\..\Run: [KsgUpdateRun] C:\Program Files\Common Files\KingSoft\KSG\client.exe
O4 - HKLM\..\RunServices: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Wvladqf] C:\WINDOWS\system32\l§àgonui.exe
O4 - HKCU\..\Run: [Twrc] C:\Documents and Settings\Christy\Application Data\acwu.exe
O4 - HKCU\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - Startup: ?eé?′ê°? 2005.lnk
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://c:\3???BT????èí?t\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: use FlashGet to download - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: use FlashGet to download all the link - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ???¢óê??í¨ - {D1B76CE4-CCCA-4B22-9ECB-09F85C140904} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1094695107296
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DE519BA-1510-42E4-8639-97CB076C2302}: NameServer = 12.127.16.83,12.127.17.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{7DE519BA-1510-42E4-8639-97CB076C2302}: NameServer = 12.127.16.83,12.127.17.83
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: CA License Client - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
###################
Spyware Doctor Activity Report
Generated on 12/21/2004 8:52:15 AM Spyware Doctor Homepage PCTools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 12/21/2004 8:52:23 AM
scan stop: 12/21/2004 9:00:12 AM
scanned items: 152854
found items: 290
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner
Infection Name Location Risk
Cydoor multiple Medium
eZula multiple Medium
Grokster multiple Medium
SaveNow multiple Medium
WhenU multiple Medium
ClockSync Sync.exe (C:\Program Files\ClockSync\Sync.exe) Medium
FlashGet flashget.exe (C:\Program Files\FlashGet\flashget.exe) Elevated
Cydoor flashget.exe (C:\WINDOWS\system32\CD_Clint.dll) Medium
ClickSpring HKCR\Interface\{20F13844-04BC-4987-9964-2502F0DA54D3} Medium
ClickSpring HKCR\Interface\{3E43040C-73C1-4898-A4F8-E2C9428B1167} Medium
ClickSpring HKCR\TypeLib\{EE6F3F6A-AD8E-48DA-9B1D-D5204B2D227D} Medium
ClickSpring HKLM\Software\ClickSpring Medium
ClickSpring HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF} Medium
ClockSync HKLM\software\microsoft\windows\currentversion\uninstall\clocksync Medium
ClockSync HKCU\software\microsoft\windows\currentversion\run##clocksync Medium
CnsMin HKCU\Software\3721 Medium
CnsMin HKLM\Software\3721 Medium
Cydoor HKCU\Software\Cydoor Medium
Cydoor HKLM\Software\Cydoor Medium
eZula HKCR\appid\{c0335198-6755-11d4-8a73-0050da2ee1be} Medium
eZula HKCR\appid\ezulabootexe.exe Medium
eZula HKCR\clsid\{C03351A4-6755-11D4-8A73-0050DA2EE1BE} Medium
eZula HKCR\ezulabootexe.installctrl Medium
eZula HKCR\ezulabootexe.installctrl.1 Medium
eZula HKCR\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be} Medium
eZula HKLM\software\classes\appid\{c0335198-6755-11d4-8a73-0050da2ee1be} Medium
eZula HKLM\software\classes\appid\ezulabootexe.exe Medium
eZula HKLM\software\classes\ezulabootexe.installctrl Medium
eZula HKLM\software\classes\ezulabootexe.installctrl.1 Medium
eZula HKLM\software\classes\ezulabootexe.installctrl\clsid Medium
eZula HKLM\software\classes\ezulabootexe.installctrl\curver Medium
eZula HKLM\software\classes\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be} Medium
eZula HKLM\software\classes\typelib\{c0335197-6755-11d4-8a73-0050da2ee1be} Medium
eZula HKCR\typelib\{c0335197-6755-11d4-8a73-0050da2ee1be} Medium
FlashGet HKCR\.jcd Elevated
FlashGet HKCR\clsid\{A5366673-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet HKCR\clsid\{E0E899AB-F487-11D5-8D29-0050BA6940E3} Elevated
FlashGet HKCR\clsid\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524} Elevated
FlashGet HKCR\clsid\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} Elevated
FlashGet HKCR\Fgiebar.FgInfoBand Elevated
FlashGet HKCR\Fgiebar.FgInfoBand.1 Elevated
FlashGet HKCR\FlashGet.Document Elevated
FlashGet HKCR\Interface\{A5366672-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet HKCR\Interface\{E0E899AA-F487-11D5-8D29-0050BA6940E3} Elevated
FlashGet HKCR\Interface\{FB5DA723-162B-11D3-8B9B-AA70B4B0B524} Elevated
FlashGet HKCR\Jccatch.IeCatch2 Elevated
FlashGet HKCR\Jccatch.IeCatch2.1 Elevated
FlashGet HKCR\JetCar.IeCatch Elevated
FlashGet HKCR\JetCar.IeCatch.1 Elevated
FlashGet HKCR\JetCar.Netscape Elevated
FlashGet HKCR\JetCar.Netscape.1 Elevated
FlashGet HKCR\TypeLib\{79DE8D41-161C-11D3-8B9B-DF77640BA112} Elevated
FlashGet HKCR\TypeLib\{E0E8999E-F487-11D5-8D29-0050BA6940E3} Elevated
FlashGet HKCU\Software\JetCar Elevated
FlashGet HKCU\Software\Stilesoft Elevated
FlashGet HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} Elevated
FlashGet HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{A5366673-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet HKCU\Software\Netscape\Netscape Navigator\Automation Protocols##ftp##JetCar.Netscape Elevated
FlashGet HKLM\software\microsoft\internet explorer\toolbar##{E0E899AB-F487-11D5-8D29-0050BA6940E3} Elevated
FlashGet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashGet(JetCar) Elevated
FlashGet HKCU\Software\Netscape\Netscape Navigator\Automation Protocols##http##JetCar.Netscape Elevated
IEPlugin HKCR\clsid\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
IEPlugin HKCR\Interface\{E318D698-27B3-44D5-8998-C35EAFB9C034} Medium
IEPlugin HKCR\TypeLib\{ECB25A48-E6E0-49AF-99AF-07C763E31389} Medium
IEPlugin HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
MediaTicket HKCR\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF} Elevated
PcPowerscan HKCR\TypeLib\{1BCD446E-7095-11D0-9C4E-00AA00BDD685} Low
PurityScan HKCU\software\purityscan Medium
Searchforit.com HKCU\Software\WhenU Elevated
Searchforit.com HKCU\Software\Microsoft\Windows\CurrentVersion\Run##ClockSync Elevated
Searchforit.com HKCR\AppID\eZulaBootExe.EXE Elevated
Searchforit.com HKCR\EZulaBootExe.InstallCtrl Elevated
Searchforit.com HKCR\EZulaBootExe.InstallCtrl.1 Elevated
Searchforit.com HKLM\SOFTWARE\WhenUSave Elevated
WhenU HKCR\WUSN.1 Medium
WhenU HKLM\SOFTWARE\WhenUSave Medium
WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##WhenUSave Medium
WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClockSync Medium
WhenU HKLM\SOFTWARE\WhenUSave\Partners Medium
WhenU HKCU\Software\Microsoft\Windows\CurrentVersion\Run##ClockSync Medium
Winpage Blocker HKCR\clsid\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
Winpage Blocker HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
Zango Search Assistant HKCR\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF} Elevated
Zango Search Assistant HKCR\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 Elevated
Zango Search Assistant HKLM\SOFTWARE\ClickSpring Elevated
Zango Search Assistant HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF} Elevated
Zango Search Assistant HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx Elevated
Tracking Cookie(s) [email]christy@S151311[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ads.pointroll[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@11268342[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@gator[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@network.realmedia[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@realmedia[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@valueclick[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@abetterinternet[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@cgi-bin[19].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-j2.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-tickleinc.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ar.atwola[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@tribalfusion[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@62672927[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@valuead[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@25432653[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@overture[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ads.specificclick[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@campaigns.f2.com[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-viacom.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@advertising[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@paycounter[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@hg1.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@servedby.advertising[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@espn.go[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@metareward[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@tmpad[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-dig.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@bravenet[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ads.addynamix[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@2o7[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@web4.realtracker[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@statcounter[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@www.web-stat[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@bfast[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@zedo[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@specificclick[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@z1.adserver[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@adnetintads.valuead[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@mediaplex[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@trafic[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-bestbuy.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@counter.hitslink[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ezboard[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@go[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@atwola[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@cs.valuead[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-aol.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@tripod[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-enotes.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@questionmarket[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@server.iad.liveperson[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@clickagents[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-newegg.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@counter2.hitslink[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@66693905[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@doubleclick[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@maxserving[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@dcskqeg2voifwznnd6alhtnei_8f3u[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ads.specificpop[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S146260[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@qksrv[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@trafficmp[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@bluestreak[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@revenue[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S130376[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@cgi-bin[17].txt[/email] Medium
Tracking Cookie(s) [email]christy@www2.yesadvertising[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@centrport[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@exitexchange[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@targetnet[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@rsi.espn.go[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@citi.bridgetrack[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-cruiseone.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-meandaur.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S139232[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@cgi-bin[5].txt[/email] Medium
Tracking Cookie(s) [email]christy@commission-junction[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@atdmt[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@247realmedia[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@fastclick[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@adviva[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@www.affiliatefuel[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@a.as-us.falkag[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@theuseful[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-shoes.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@linksynergy[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@S110380[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@internetfuel[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-sierratradingpost.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@www.cheapest-online-advertising[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@112.2o7[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-techtarget.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@dcst8x41poifwzzk3iihgm3xb_9p4w[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@w101.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@adlegend[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@valueclick[3].txt[/email] Medium
Tracking Cookie(s) [email]christy@adtech[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@net-filter[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@stat.onestat[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@hotlog[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@go2net[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@cgi-bin[4].txt[/email] Medium
Tracking Cookie(s) [email]christy@okcounter[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@server1.web-stat[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@cgi-bin[6].txt[/email] Medium
Tracking Cookie(s) [email]christy@tradedoubler[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@data.coremetrics[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-superwarehouse.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S149487[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@fortunecity[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ads.x10[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@insightfirst[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@74613876[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-acdsystems.hitbox[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@casalemedia[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@phg.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@perf.overture[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@apmebf[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S113851[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@servlets[3].txt[/email] Medium
Tracking Cookie(s) [email]christy@sales.liveperson[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@S001-00-3-31-118674-3301[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@as-us.falkag[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@specificpop[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@3721[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-maplesoft.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@hc2.humanclick[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@www.metareward[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@servlet[2].txt[/email] Medium
Tracking Cookie(s) [email]christy@zwsw.3721[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@45813911[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@ehg-aha.hitbox[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@www2.flowgo[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@site.x10[1].txt[/email] Medium
Tracking Cookie(s) [email]christy@c1.zedo[1].txt[/email] Medium
ClickSpring {9EB320CE-BE1D-4304-A081-4B4665414BEF} Medium
eZula {C03351A4-6755-11D4-8A73-0050DA2EE1BE} Medium
FlashGet {A5366673-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet {E0E899AB-F487-11D5-8D29-0050BA6940E3} Elevated
FlashGet {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} Elevated
FlashGet {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} Elevated
IEPlugin {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
MediaTicket {9EB320CE-BE1D-4304-A081-4B4665414BEF} Elevated
Winpage Blocker {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} Medium
FlashGet C:\Documents and Settings\Christy\Desktop\FlashGet.lnk Elevated
FlashGet C:\Documents and Settings\Christy\Start Menu\Programs\FlashGet\Documentation.lnk Elevated
FlashGet C:\Documents and Settings\Christy\Start Menu\Programs\FlashGet\FlashGet.lnk Elevated
FlashGet C:\Documents and Settings\Christy\Start Menu\Programs\FlashGet\License.lnk Elevated
FlashGet C:\Documents and Settings\Christy\Start Menu\Programs\FlashGet\Uninstall FlashGet.lnk Elevated
FlashGet C:\Documents and Settings\Christy\Start Menu\Programs\FlashGet\What's New.lnk Elevated
CnsMin C:\Program Files\3721\autolive.dll Medium
CnsMin C:\Program Files\3721\Helper.dll Medium
ClockSync C:\Program Files\clocksync\Sync.exe Medium
WhenU C:\Program Files\ClockSync\Sync.exe Medium
ClockSync C:\Program Files\clocksync\Uninst.exe Medium
WhenU C:\Program Files\ClockSync\Uninst.exe Medium
FlashGet C:\Program Files\FlashGet\INSTALL.LOG Elevated
FlashGet C:\Program Files\FlashGet\language\jcchs.ini Elevated
FlashGet C:\Program Files\FlashGet\language\jccht.ini Elevated
FlashGet C:\Program Files\FlashGet\language\jceng.ini Elevated
PurityScan C:\Program Files\purityscan\PurityScan.exe Medium
PowerSearch C:\Program Files\Save\ReadMe.txt Medium
WhenU C:\Program Files\Save\save.db Medium
OnlDial/MaConnect C:\Program Files\Save\save.db Medium
PowerSearch C:\Program Files\Save\save.db Medium
WhenU C:\Program Files\Save\Save.exe Medium
PowerSearch C:\Program Files\Save\Save.exe Medium
PowerSearch C:\Program Files\Save\save.htm Medium
WhenU C:\Program Files\Save\save.htm Medium
WhenU C:\Program Files\Save\SaveUninst.exe Medium
PowerSearch C:\Program Files\Save\SaveUninst.exe Medium
PowerSearch C:\Program Files\Save\store.db Medium
ClickSpring C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF Medium
Zango Search Assistant C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF Elevated
ClickSpring C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx Medium
Zango Search Assistant C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx Elevated
Cydoor C:\WINDOWS\system32\CD_CLINT.DLL Medium
FlashGet C:\Program Files\FlashGet\Skin\ImageBk.ini Elevated
FlashGet C:\Program Files\FlashGet\Skin\XP_Luna.ini Elevated
FlashGet C:\Program Files\FlashGet\Skin\XP_Luna(Gradient).ini Elevated
FlashGet C:\Program Files\FlashGet\Skin\Sky(Gradient).ini Elevated
FlashGet C:\Program Files\FlashGet\Normal.jcs Elevated
FlashGet C:\Program Files\FlashGet\Skin\Normal.ini Elevated
FlashGet C:\Program Files\FlashGet\flashget.exe.manifest Elevated
FlashGet C:\Program Files\FlashGet\jc_all.htm Elevated
FlashGet C:\Program Files\FlashGet\Table.jcs Elevated
FlashGet C:\Program Files\FlashGet\mymirror.lst Elevated
FlashGet C:\Program Files\FlashGet\unreg.inf Elevated
FlashGet C:\Program Files\FlashGet\Skin\Leftback.jpg Elevated
FlashGet C:\Program Files\FlashGet\Skin\logo_bg.gif Elevated
FlashGet C:\Program Files\FlashGet\jc_link.htm Elevated
FlashGet C:\Program Files\FlashGet\License.txt Elevated
FlashGet C:\Program Files\FlashGet\sounds\error.wav Elevated
FlashGet C:\Program Files\FlashGet\sounds\all_done.wav Elevated
FlashGet C:\Program Files\FlashGet\sounds\done.wav Elevated
FlashGet C:\Program Files\FlashGet\sounds\added.wav Elevated
FlashGet C:\Program Files\FlashGet\mirrors.lst Elevated
FlashGet C:\Program Files\FlashGet\Skin\TestBk.jpg Elevated
FlashGet C:\Program Files\FlashGet\fgiebar.dll Elevated
FlashGet C:\Program Files\FlashGet\UNWISE.EXE Elevated
MediaTicket C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF Elevated
#####The avove log is what I get from Spyware Doctor after I scan my computer, hope it is helpful for you to help me to solve my problem!!!
Thank you very much for helping me!!!
0
Comments
Post a new HJT log after the scans
Logfile of HijackThis v1.99.0
Scan saved at 1:41:36 PM, on 12/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
C:\WINDOWS\system32\SV00LSV.EXE
C:\WINDOWS\system32\KAVFP.EXE
C:\Program Files\Common Files\KingSoft\KSG\client.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Christy\Application Data\acwu.exe
C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Kingsoft\FASTAI~1\KTEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dllhost.exe
\?\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
E:\M1\BitComet\BitComet.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\WINDOWS\system32\с?rss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
E:\M1\Comic\File\1\hijackthis\HijackThis.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\SV00LSV.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - c:\3???BT????èí?t\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {D4A9EFFF-573E-5CEB-4A53-2BF074CE6992} - C:\WINDOWS\system32\yyaopput.dll
O2 - BHO: YMIN IEBand - {D4F7605B-084D-4353-A1E1-C1BC3161938C} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ?eé??ìò?(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [3vHNXS] C:\documents and settings\christy\local settings\temp\3vHNXS.exe
O4 - HKLM\..\Run: [2aH] C:\documents and settings\christy\local settings\temp\2aH.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [MiniMsgr] C:\PROGRA~1\Yahoo!\MiniMsgr\YMiniSvr.exe
O4 - HKLM\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKLM\..\Run: [KAVFP] KAVFP.EXE
O4 - HKLM\..\Run: [KsgUpdateRun] C:\Program Files\Common Files\KingSoft\KSG\client.exe
O4 - HKLM\..\RunServices: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Twrc] C:\Documents and Settings\Christy\Application Data\acwu.exe
O4 - HKCU\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Tskdfht] C:\WINDOWS\system32\§??rss.exe
O4 - Startup: ?eé?′ê°? 2005.lnk
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://c:\3???BT????èí?t\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: use FlashGet to download - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: use FlashGet to download all the links - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ???¢óê??í¨ - {D1B76CE4-CCCA-4B22-9ECB-09F85C140904} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094695107296
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DE519BA-1510-42E4-8639-97CB076C2302}: NameServer = 12.127.16.83,12.127.17.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{7DE519BA-1510-42E4-8639-97CB076C2302}: NameServer = 12.127.16.83,12.127.17.83
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: CA License Client - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O4 - HKLM\..\Run: [3vHNXS] C:\documents and settings\christy\local settings\temp\3vHNXS.exe
O4 - HKLM\..\Run: [2aH] C:\documents and settings\christy\local settings\temp\2aH.exe
O4 - HKLM\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKLM\..\Run: [KAVFP] KAVFP.EXE
O4 - HKLM\..\RunServices: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [Twrc] C:\Documents and Settings\Christy\Application Data\acwu.exe
O4 - HKCU\..\Run: [SV00LSV] C:\WINDOWS\system32\SV00LSV.EXE
O4 - HKCU\..\Run: [Tskdfht] C:\WINDOWS\system32\§??rss.exe
O4 - Startup: ?eé?′ê°? 2005.lnk
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
Fix those entries then find and delete the files listed above, reboot and post a new log.