Tech Support Forum - View Single Post

frustratedIam · 05-27-2005, 09:47 AM

Incident Status Location

Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Adware:Adware/KeenValue No disinfected Windows Registry
Adware:Adware/CWS No disinfected C:\WINDOWS\Favorites\Health
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:Adware/KeenValue No disinfected C:\Program Files\Kazaa\PerfectNavUninstall.exe
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32a.sys
------------
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12.0.41, on 5/26/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\CDSTART.EXE
C:\WINDOWS\WINHLP32.EXE
C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...nsumer&LC=1009
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...search&LC=1009
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...rchbar&LC=1009
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...search&LC=1009
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...rchbar&LC=1009
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O4 - HKLM\..\Run: [OEMCLEANUP] C:\WINDOWS\OPTIONS\oemreset.exe /o
O4 - HKLM\..\Run: [MMInstall] C:\cpqdrv\dvd\setup.exe -s -SMS
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing)
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/...x/HMAtchmt.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

End of KRC HijackThis Analyzer Log.
====================================================================

05-27-2005, 09:47 AM	#3 (permalink)
frustratedIam Registered User Join Date: Apr 2005 Posts: 114 OS: xp	panda scan hijack this log Incident Status Location Adware:Adware/MyWay No disinfected C:\Program Files\MyWay Adware:Adware/KeenValue No disinfected Windows Registry Adware:Adware/CWS No disinfected C:\WINDOWS\Favorites\Health Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32a.sys Adware:Adware/KeenValue No disinfected C:\Program Files\Kazaa\PerfectNavUninstall.exe Adware:Adware/MyWay No disinfected C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32a.sys ------------ ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 12.0.41, on 5/26/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: E:\CDSTART.EXE C:\WINDOWS\WINHLP32.EXE C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...nsumer&LC=1009 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...search&LC=1009 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...rchbar&LC=1009 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...search&LC=1009 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...rchbar&LC=1009 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O4 - HKLM\..\Run: [OEMCLEANUP] C:\WINDOWS\OPTIONS\oemreset.exe /o O4 - HKLM\..\Run: [MMInstall] C:\cpqdrv\dvd\setup.exe -s -SMS O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing) O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing) O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing) O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing) O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing) O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=1009 (file missing) O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/...x/HMAtchmt.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab End of KRC HijackThis Analyzer Log. ====================================================================