Bad Virus - HJT Log
Here's my log... I got a nasty virus through AOL Instant Messanger. I see "gimmysmileysB.exe" on the list, which I know is bad, but I dont know how to get rid of it, or anything else bad... Any help would be appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 12:04:56 AM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Common Files\Windows\AutoIt3.exe
C:\Program Files\InetGet2\gimmysmileysB.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138605310203
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:04:56 AM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Common Files\Windows\AutoIt3.exe
C:\Program Files\InetGet2\gimmysmileysB.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138605310203
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe
0
This discussion has been closed.
Comments
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.000\Hijac kThis.exe
This is a temporary directory. Please make a new folder here:
C:\HJT
Place Hijack This into that folder or alternatively drag the HijackThis.exe file to your desktop. After you do this please post another log.
it... I'm assuming there is still somethin bad in there.
Thanks
Logfile of HijackThis v1.99.1
Scan saved at 2:26:09 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\hijack\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138605310203
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe
I'm thoroughly confused... I only ran one adaware scan, and tried to fix all those. Thats all I did between the two posts, so did that get rid of it?
Sorry for the long post, but I want to include everything I've done.
Here's my quarantine log from the first scan (between the two log posts),
and one I just did. There is also a Search and Destroy list, which found a BargainBuddy and some others, but got rid of them all.
First AdAware Scan (429 Found)
ArchiveData(auto-quarantine- 2006-04-03 00-20-46.bckp)
Referencefile : SE1R101 27.03.2006
======================================================
MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent\animatino.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Owner\recent\02 - Cat Stevens - Father And Son.lnk
obj[2]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles\c1
obj[3]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\creative tech\creative wavestudio\settings LastDir1
obj[4]=MRU FileReference : C:\Documents and Settings\Owner\recent\11 Transatlantic Foe.lnk
obj[5]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\direct3d\mostrecentapplication name
obj[6]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[7]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\direct3d\mostrecentapplication name
obj[8]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[9]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[10]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\directinput\mostrecentapplication name
obj[11]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\directinput\mostrecentapplication id
obj[12]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\internet explorer download directory
obj[13]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\internet explorer\typedurls
obj[14]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
obj[15]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\mediaplayer\player\settings opendir
obj[16]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[17]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\mediaplayer\preferences lastplaylist
obj[18]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\microsoft management console\recent file list
obj[19]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru value
obj[20]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru value
obj[21]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\search assistant\acmru\5603
obj[22]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\search assistant\acmru\5604
obj[23]=MRU FileReference : C:\Documents and Settings\Owner\recent\Captured Footage.lnk
obj[24]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[25]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.aep
obj[26]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.asf
obj[27]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.avi
obj[28]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.BMP
obj[29]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.diz
obj[30]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.doc
obj[31]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.gif
obj[32]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.htm
obj[33]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ISO
obj[34]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[35]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.LOG
obj[36]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.m3u
obj[37]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.m4a
obj[38]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.MAC
obj[39]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.MOV
obj[40]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mp3
obj[41]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.pdf
obj[42]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ppt
obj[43]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.prproj
obj[44]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.PSD
obj[45]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rar
obj[46]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rcl
obj[47]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rtf
obj[48]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.sit
obj[49]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[50]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.wal
obj[51]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.wav
obj[52]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.wmv
obj[53]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.XLS
obj[54]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.zip
obj[55]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[56]=MRU FileReference : C:\Documents and Settings\Owner\recent\fire.lnk
obj[57]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
obj[58]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername
obj[59]=MRU RegReference : S-1-5-18\software\microsoft\windows media\wmsdk\general computername
obj[60]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows media\wmsdk\general computername
obj[61]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\winrar\dialogedithistory\extrpath
obj[62]=MRU FileReference : C:\Documents and Settings\Owner\recent\Frame6.lnk
obj[63]=MRU FileReference : C:\Documents and Settings\Owner\recent\Frame7 (2).lnk
obj[64]=MRU FileReference : C:\Documents and Settings\Owner\recent\Frame7.lnk
obj[65]=MRU FileReference : C:\Documents and Settings\Owner\recent\Frame8 (2).lnk
obj[66]=MRU FileReference : C:\Documents and Settings\Owner\recent\Frame8.lnk
obj[67]=MRU FileReference : C:\Documents and Settings\Owner\recent\FX - Static.lnk
obj[68]=MRU FileReference : C:\Documents and Settings\Owner\recent\F_Chai.lnk
obj[69]=MRU FileReference : C:\Documents and Settings\Owner\recent\F_Potato_3.lnk
obj[70]=MRU FileReference : C:\Documents and Settings\Owner\recent\F_Punk'd.lnk
obj[71]=MRU FileReference : C:\Documents and Settings\Owner\recent\F_Punk'd_2.lnk
obj[72]=MRU FileReference : C:\Documents and Settings\Owner\recent\happybdaytart (2).lnk
obj[73]=MRU FileReference : C:\Documents and Settings\Owner\recent\happybdaytart.lnk
obj[74]=MRU FileReference : C:\Documents and Settings\Owner\recent\Help.lnk
obj[75]=MRU FileReference : C:\Documents and Settings\Owner\recent\HP First Test.lnk
obj[76]=MRU FileReference : C:\Documents and Settings\Owner\recent\hpandtesting.lnk
obj[77]=MRU FileReference : C:\Documents and Settings\Owner\recent\HPcompressed.lnk
obj[78]=MRU FileReference : C:\Documents and Settings\Owner\recent\Instructions.lnk
obj[79]=MRU FileReference : C:\Documents and Settings\Owner\recent\Jeff.lnk
obj[80]=MRU FileReference : C:\Documents and Settings\Owner\recent\jpgs.lnk
obj[81]=MRU FileReference : C:\Documents and Settings\Owner\recent\keely.lnk
obj[82]=MRU FileReference : C:\Documents and Settings\Owner\recent\Keylight.lnk
obj[83]=MRU FileReference : C:\Documents and Settings\Owner\recent\Keylight1.0v4.lnk
obj[84]=MRU FileReference : C:\Documents and Settings\Owner\recent\Keylight_Japanese.lnk
obj[85]=MRU FileReference : C:\Documents and Settings\Owner\recent\LightS.lnk
obj[86]=MRU FileReference : C:\Documents and Settings\Owner\recent\LineZer0.part3.lnk
obj[87]=MRU FileReference : C:\Documents and Settings\Owner\recent\log1.txt.lnk
obj[88]=MRU FileReference : C:\Documents and Settings\Owner\recent\Luke.lnk
obj[89]=MRU FileReference : C:\Documents and Settings\Owner\recent\magicwebpromo.lnk
obj[90]=MRU FileReference : C:\Documents and Settings\Owner\recent\managerie.lnk
obj[91]=MRU FileReference : C:\Documents and Settings\Owner\recent\Me.lnk
obj[92]=MRU FileReference : C:\Documents and Settings\Owner\recent\meal.lnk
obj[93]=MRU FileReference : C:\Documents and Settings\Owner\recent\mine.lnk
obj[94]=MRU FileReference : C:\Documents and Settings\Owner\recent\mine2.lnk
obj[95]=MRU FileReference : C:\Documents and Settings\Owner\recent\Misc.lnk
obj[96]=MRU FileReference : C:\Documents and Settings\Owner\recent\MOV's.lnk
obj[97]=MRU FileReference : C:\Documents and Settings\Owner\recent\n1312290_30134682_22.lnk
obj[98]=MRU FileReference : C:\Documents and Settings\Owner\recent\n40507271_30164124_712.lnk
obj[99]=MRU FileReference : C:\Documents and Settings\Owner\recent\n40507271_30281566_5522.lnk
obj[100]=MRU FileReference : C:\Documents and Settings\Owner\recent\n40507424_30051085_8474.lnk
obj[101]=MRU FileReference : C:\Documents and Settings\Owner\recent\n40508088_30059588_7467.lnk
obj[102]=MRU FileReference : C:\Documents and Settings\Owner\recent\NAII Cool Wave.lnk
obj[103]=MRU FileReference : C:\Documents and Settings\Owner\recent\night.lnk
obj[104]=MRU FileReference : C:\Documents and Settings\Owner\recent\night2.lnk
obj[105]=MRU FileReference : C:\Documents and Settings\Owner\recent\Passwords.lnk
obj[106]=MRU FileReference : C:\Documents and Settings\Owner\recent\Photoshop Files.lnk
obj[107]=MRU FileReference : C:\Documents and Settings\Owner\recent\Photoshop.lnk
obj[108]=MRU FileReference : C:\Documents and Settings\Owner\recent\Pictures.lnk
obj[109]=MRU FileReference : C:\Documents and Settings\Owner\recent\pimp.lnk
obj[110]=MRU FileReference : C:\Documents and Settings\Owner\recent\Pink Moon (2001).lnk
obj[111]=MRU FileReference : C:\Documents and Settings\Owner\recent\Poetry.lnk
obj[112]=MRU FileReference : C:\Documents and Settings\Owner\recent\Poker_Movie2.lnk
obj[113]=MRU FileReference : C:\Documents and Settings\Owner\recent\por tay.lnk
obj[114]=MRU FileReference : C:\Documents and Settings\Owner\recent\posting_grades_after_first_exam_and_2_quizzes.lnk
obj[115]=MRU FileReference : C:\Documents and Settings\Owner\recent\project (2).lnk
obj[116]=MRU FileReference : C:\Documents and Settings\Owner\recent\Project Files.lnk
obj[117]=MRU FileReference : C:\Documents and Settings\Owner\recent\project.lnk
obj[118]=MRU FileReference : C:\Documents and Settings\Owner\recent\psch.lnk
obj[119]=MRU FileReference : C:\Documents and Settings\Owner\recent\Quotes and Poems.lnk
obj[120]=MRU FileReference : C:\Documents and Settings\Owner\recent\Rball_Wide.lnk
obj[121]=MRU FileReference : C:\Documents and Settings\Owner\recent\Rball_Wide_24p.lnk
obj[122]=MRU FileReference : C:\Documents and Settings\Owner\recent\Rball_Wide_24p_UnComp.lnk
obj[123]=MRU FileReference : C:\Documents and Settings\Owner\recent\read this later.lnk
obj[124]=MRU FileReference : C:\Documents and Settings\Owner\recent\Reel_24P.lnk
obj[125]=MRU FileReference : C:\Documents and Settings\Owner\recent\Runner.lnk
obj[126]=MRU FileReference : C:\Documents and Settings\Owner\recent\shade-juice2.lnk
obj[127]=MRU FileReference : C:\Documents and Settings\Owner\recent\****.lnk
obj[128]=MRU FileReference : C:\Documents and Settings\Owner\recent\sigur_ros-vidrar-video.lnk
obj[129]=MRU FileReference : C:\Documents and Settings\Owner\recent\Sound FX.lnk
obj[130]=MRU FileReference : C:\Documents and Settings\Owner\recent\spanish.lnk
obj[131]=MRU FileReference : C:\Documents and Settings\Owner\recent\swim.lnk
obj[132]=MRU FileReference : C:\Documents and Settings\Owner\recent\Swim_beforematte.lnk
obj[133]=MRU FileReference : C:\Documents and Settings\Owner\recent\swim_erase.lnk
obj[134]=MRU FileReference : C:\Documents and Settings\Owner\recent\swim_erase2.lnk
obj[135]=MRU FileReference : C:\Documents and Settings\Owner\recent\switchtrailer640x360.lnk
obj[136]=MRU FileReference : C:\Documents and Settings\Owner\recent\tarts.lnk
obj[137]=MRU FileReference : C:\Documents and Settings\Owner\recent\tart_final.lnk
obj[138]=MRU FileReference : C:\Documents and Settings\Owner\recent\Taylor Walling - Fear of Heights.lnk
obj[139]=MRU FileReference : C:\Documents and Settings\Owner\recent\test1.lnk
obj[140]=MRU FileReference : C:\Documents and Settings\Owner\recent\Test1PracticeCap3&4.lnk
obj[141]=MRU FileReference : C:\Documents and Settings\Owner\recent\Test2.lnk
obj[142]=MRU FileReference : C:\Documents and Settings\Owner\recent\test3.lnk
obj[143]=MRU FileReference : C:\Documents and Settings\Owner\recent\test4.lnk
obj[144]=MRU FileReference : C:\Documents and Settings\Owner\recent\Tests.lnk
obj[145]=MRU FileReference : C:\Documents and Settings\Owner\recent\The Very Best of Cat Stevens (2005).lnk
obj[146]=MRU FileReference : C:\Documents and Settings\Owner\recent\trueend.lnk
obj[147]=MRU FileReference : C:\Documents and Settings\Owner\recent\Unita.lnk
obj[148]=MRU FileReference : C:\Documents and Settings\Owner\recent\Valentines.lnk
obj[149]=MRU FileReference : C:\Documents and Settings\Owner\recent\vector1.lnk
obj[150]=MRU FileReference : C:\Documents and Settings\Owner\recent\whoosh1.lnk
obj[151]=MRU FileReference : C:\Documents and Settings\Owner\recent\whoosh2.lnk
obj[152]=MRU FileReference : C:\Documents and Settings\Owner\recent\yeah yeah yeahs - show your bones (2006).lnk
ADWARE.FREEPROD TOOLBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[31]=Process : C:\Program Files\Common Files\Windows\services32.exe
obj[132]=RegValue : software\microsoft\windows\currentversion\internet settings "GlobalUserOffline"
obj[133]=Folder : C:\Program Files\Common Files\InetGet
obj[134]=Folder : C:\Program Files\Common Files\Windows
EXACTSEARCHBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[32]=Process : C:\Program Files\NaviSearch\bin\nls.exe
obj[121]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "NaviSearch"
obj[155]=File : c:\program files\navisearch\bin\nls.exe
BARGAINBUDDY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[33]=Process : C:\Program Files\BullsEye Network\bin\bargains.exe
obj[34]=Regkey : adp.urlcatcher
obj[35]=Regkey : adp.urlcatcher.1
obj[36]=Regkey : clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}
obj[37]=Regkey : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
obj[38]=Regkey : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}
obj[39]=Regkey : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
obj[40]=Regkey : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}
obj[41]=Regkey : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
obj[42]=Regkey : nls.urlcatcher
obj[43]=Regkey : nls.urlcatcher.1
obj[44]=Regkey : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516c2e3}
obj[45]=Regkey : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}
obj[54]=Regkey : software\bargains
obj[55]=RegValue : software\bargains "Binary"
obj[56]=RegValue : software\bargains "ConfigUpdateQueryUrl"
obj[57]=RegValue : software\bargains "ADDataUpdateQueryUrl"
obj[58]=RegValue : software\bargains "SoftwareUpdateQueryUrl"
obj[59]=RegValue : software\bargains "ServerName"
obj[60]=RegValue : software\bargains "ServerPath"
obj[61]=RegValue : software\bargains "SliderLegalText"
obj[62]=RegValue : software\bargains "ServerPort"
obj[63]=RegValue : software\bargains "UpdateQueryDuration"
obj[64]=RegValue : software\bargains "UpdateQueryFailedDuration"
obj[65]=RegValue : software\bargains "BuildNumber"
obj[66]=RegValue : software\bargains "AdvDelaySec"
obj[67]=RegValue : software\bargains "TrackingFileFlag"
obj[68]=RegValue : software\bargains "RestartADPDuration"
obj[69]=RegValue : software\bargains "TimeOutInterval"
obj[70]=RegValue : software\bargains "FrameUrl"
obj[71]=RegValue : software\bargains "FirstHit"
obj[72]=RegValue : software\bargains "PartnerName"
obj[73]=RegValue : software\bargains "PartnerID"
obj[74]=RegValue : software\bargains "SystemInstallTime"
obj[75]=RegValue : software\bargains "ADDataVersion"
obj[76]=RegValue : software\bargains "TempUniqueKey"
obj[77]=RegValue : software\bargains "LastADPRestart"
obj[78]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}
obj[79]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}
obj[80]=Regkey : software\microsoft\windows\currentversion\uninstall\bargainbuddy
obj[81]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "UninstallString"
obj[82]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "Publisher"
obj[83]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "URLInfoAbout"
obj[84]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "DisplayVersion"
obj[85]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "DisplayIcon"
obj[86]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "NoModify"
obj[87]=RegValue : software\microsoft\windows\currentversion\uninstall\bargainbuddy "NoRepair"
obj[88]=Regkey : software\navisearch
obj[89]=RegValue : software\navisearch "Binary"
obj[90]=RegValue : software\navisearch "ConfigUpdateQueryUrl"
obj[91]=RegValue : software\navisearch "ADDataUpdateQueryUrl"
obj[92]=RegValue : software\navisearch "SoftwareUpdateQueryUrl"
obj[93]=RegValue : software\navisearch "ServerName"
obj[94]=RegValue : software\navisearch "ServerPath"
obj[95]=RegValue : software\navisearch "TrackingServerPath"
obj[96]=RegValue : software\navisearch "TrackingGIFURL"
obj[97]=RegValue : software\navisearch "ADDataVersion"
obj[98]=RegValue : software\navisearch "ServerPort"
obj[99]=RegValue : software\navisearch "UpdateQueryDuration"
obj[100]=RegValue : software\navisearch "UpdateQueryFailedDuration"
obj[101]=RegValue : software\navisearch "BuildNumber"
obj[102]=RegValue : software\navisearch "TrackingURLCount"
obj[103]=RegValue : software\navisearch "TrackingURLEnable"
obj[104]=RegValue : software\navisearch "TrackingFileFlag"
obj[105]=RegValue : software\navisearch "UseSearchAsst"
obj[106]=RegValue : software\navisearch "SearchAssistant"
obj[107]=RegValue : software\navisearch "ErrLandingURL"
obj[108]=RegValue : software\navisearch "ErrLandingQuery"
obj[109]=RegValue : software\navisearch "FirstHit"
obj[110]=RegValue : software\navisearch "PartnerID"
obj[111]=RegValue : software\navisearch "SystemInstallTime"
obj[112]=RegValue : software\navisearch "PartnerName"
obj[113]=RegValue : software\exactutil "PartnerID"
obj[114]=RegValue : software\exactutil "UtilFolder"
obj[115]=RegValue : software\exactutil "BuildNumber"
obj[116]=RegValue : software\exactutil "UninstallUrl"
obj[117]=RegValue : software\exactutil "UniqueKeyUrl"
obj[118]=RegValue : software\exactutil "FirstHitUrl"
obj[119]=RegValue : software\microsoft\windows\currentversion\run "BullsEye Network"
obj[135]=Regkey : software\exactutil
obj[136]=RegValue : software\exactutil "InstallOccurUrl"
obj[137]=RegValue : software\exactutil "AlreadyInstalledUrl"
obj[138]=RegValue : software\exactutil "ETServer"
obj[139]=RegValue : software\exactutil "NewPartnerName"
obj[140]=RegValue : software\exactutil "System"
obj[141]=RegValue : software\exactutil "CCODE"
obj[142]=Regkey : software\microsoft\windows\currentversion\uninstall\navisearch
obj[143]=RegValue : software\microsoft\windows\currentversion\uninstall\navisearch "UninstallString"
obj[144]=RegValue : software\microsoft\windows\currentversion\uninstall\navisearch "Publisher"
obj[145]=RegValue : software\microsoft\windows\currentversion\uninstall\navisearch "DisplayVersion"
obj[146]=RegValue : software\microsoft\windows\currentversion\uninstall\navisearch "URLInfoAbout"
obj[147]=RegValue : software\microsoft\windows\currentversion\uninstall\navisearch "Readme"
obj[148]=RegValue : software\microsoft\windows\currentversion\uninstall\navisearch "DisplayIcon"
obj[149]=RegValue : software\microsoft\windows\currentversion\uninstall\navisearch "HelpLink"
obj[150]=RegValue : software\microsoft\windows\currentversion\uninstall\navisearch "NoModify"
obj[151]=RegValue : software\microsoft\windows\currentversion\uninstall\navisearch "NoRepair"
obj[152]=Folder : C:\Program Files\BullsEye Network
obj[153]=Folder : C:\Program Files\NaviSearch
obj[154]=Folder : C:\Program Files\navisearch\bin
obj[156]=File : C:\WINDOWS\exdl.exe
obj[158]=File : C:\WINDOWS\system32\bbchk.exe
obj[159]=File : C:\WINDOWS\system32\exdl.exe
obj[160]=File : C:\WINDOWS\system32\exdl1.exe
obj[161]=File : C:\WINDOWS\system32\exdl2.exe
obj[162]=File : C:\WINDOWS\system32\exul.exe
obj[163]=File : C:\WINDOWS\system32\javexulm.vxd
obj[164]=File : C:\WINDOWS\system32\mqexdlm.srg
obj[165]=File : C:\WINDOWS\system32\msbe.dll
obj[166]=File : C:\WINDOWS\system32\nvms.dll
obj[167]=File : C:\Program Files\bullseye network\index.dat
obj[168]=File : C:\Program Files\bullseye network\Uninstall.exe
obj[169]=File : C:\Program Files\bullseye network\bin\adv.exe
obj[170]=File : C:\Program Files\bullseye network\bin\adx.exe
obj[171]=File : C:\Program Files\bullseye network\bin\bargains.exe
obj[172]=File : C:\Program Files\navisearch\ad.dat
obj[173]=File : C:\Program Files\navisearch\Uninstall.exe
obj[174]=File : C:\WINDOWS\system32\exclean.exe
ADWARE.DIRECTOR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[46]=Regkey : .DEFAULT\software\director
obj[47]=RegValue : .DEFAULT\software\director "BaseURL"
obj[48]=RegValue : .DEFAULT\software\director "Uid"
obj[49]=RegValue : .DEFAULT\software\director "Request"
obj[50]=Regkey : S-1-5-18\software\director
obj[51]=RegValue : S-1-5-18\software\director "BaseURL"
obj[52]=RegValue : S-1-5-18\software\director "Uid"
obj[53]=RegValue : S-1-5-18\software\director "Request"
obj[175]=File : C:\Program Files\Common Files\windows\ack.html
obj[176]=File : C:\Program Files\Common Files\windows\AutoIt3.exe
obj[177]=File : C:\Program Files\Common Files\windows\mc-110-12-0000230.exe
obj[178]=File : C:\Program Files\Common Files\windows\psapi.dll
obj[179]=File : C:\Program Files\Common Files\windows\request.html
obj[180]=File : C:\Program Files\Common Files\windows\services32.exe
WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[120]=RegData : scrfile\shell\open\command ""
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[122]=IECache Entry : Cookie:owner@advertising.com/
obj[123]=IECache Entry : Cookie:owner@imrworldwide.com/cgi-bin
obj[124]=IECache Entry : Cookie:owner@questionmarket.com/
obj[125]=IECache Entry : Cookie:owner@realmedia.com/
obj[126]=IECache Entry : Cookie:owner@2o7.net/
obj[127]=IECache Entry : Cookie:owner@atdmt.com/
obj[128]=IECache Entry : Cookie:owner@tradedoubler.com/
obj[129]=IECache Entry : Cookie:owner@vdn.valuead.com/
obj[130]=IECache Entry : Cookie:owner@doubleclick.net/
obj[131]=IECache Entry : Cookie:owner@live365.com/
WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[157]=File : C:\WINDOWS\mc-110-12-0000230.exe
OTHER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[181]=File : C:\WINDOWS\prefetch\NLS.EXE-1247113D.pf
obj[182]=File : C:\WINDOWS\prefetch\EXDL.EXE-1D0E7E58.pf
obj[183]=File : C:\WINDOWS\prefetch\EXDL1.EXE-3464A2D8.pf
obj[184]=File : C:\WINDOWS\prefetch\EXDL2.EXE-0566EB68.pf
obj[185]=File : C:\WINDOWS\prefetch\BARGAINS.EXE-2169B5D2.pf
obj[186]=File : C:\WINDOWS\prefetch\AUTOIT3.EXE-1F8003AB.pf
Second Scan (45 Found) - Done Today
ArchiveData(auto-quarantine- 2006-04-04 15-46-26.bckp)
Referencefile : SE1R102 03.04.2006
======================================================
MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Owner\recent\Brushes.lnk
obj[1]=MRU FileReference : C:\Documents and Settings\Owner\recent\Captured Video.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\Owner\recent\DR_Poker_2.avi.lnk
obj[3]=MRU FileReference : C:\Documents and Settings\Owner\recent\DR_Poker_4.avi.lnk
obj[4]=MRU FileReference : C:\Documents and Settings\Owner\recent\DR_Poker_5.avi.lnk
obj[5]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\search assistant\acmru\5603
obj[6]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\search assistant\acmru\5604
obj[7]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[8]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.abr
obj[9]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.avi
obj[11]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.sit
obj[12]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[13]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[14]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\internet explorer\typedurls
obj[10]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.psd
obj[15]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\microsoft\windows media\wmsdk\general computername
obj[16]=MRU RegReference : S-1-5-21-527237240-1965331169-725345543-1003\software\winrar\dialogedithistory\extrpath
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[11]=IECache Entry : Cookie:owner@advertising.com/
obj[12]=IECache Entry : Cookie:owner@atdmt.com/
obj[13]=IECache Entry : Cookie:owner@doubleclick.net/
ADWARE.FREEPROD TOOLBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[14]=File : C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\50T2T0EP\launcher[1].exe
ADWARE.DIRECTOR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[15]=File : C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JOG0E6VC\drdata[1].avi
obj[16]=File : C:\System Volume Information\_restore{EE62E4F1-070C-4FB8-B959-5DF8A97A5E86}\RP161\A0012735.exe
obj[17]=File : C:\System Volume Information\_restore{EE62E4F1-070C-4FB8-B959-5DF8A97A5E86}\RP161\A0012736.exe
obj[19]=File : C:\System Volume Information\_restore{EE62E4F1-070C-4FB8-B959-5DF8A97A5E86}\RP161\A0012739.exe
WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[18]=File : C:\System Volume Information\_restore{EE62E4F1-070C-4FB8-B959-5DF8A97A5E86}\RP161\A0012737.exe
I also ran Spybot, and it got about 24 hits...
Advertising.com
Avenue A, Inc.
BFast
CoreMetrics
DoubleClick
eXact Advertising.BargainsBuddy
FastClick
HitBox
Mediaplex
Smitfraud-C.
TargetNet
ValueClick
Then 6 Windows Security Center Notifications
It was able to remove all of them.
I ran one more hijackthis log, here it is. (I made sure none of my folders are
hidden, but should I be in safemode to run this?)
Logfile of HijackThis v1.99.1
Scan saved at 4:05:57 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\Winamp.exe
C:\hijack\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138605310203
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe
Thank you for your help. I hope its gone, but I'm worried, since I never really
ran anything that would have gotten rid of it.
Thanks again.
Great job!
Your log is now free of any malware that I can see. Are you having any specific problems or pop-ups?
Since I had a bunch of 'virus' scans show a virus, I didn't think removing spyware and adware would get rid of it.
Regardless, thank you for your help.