Tech Support Forum - View Single Post

Padders · 10-16-2005, 07:27 AM

Results from logs are as follows:

HiJackThis log -

Logfile of HijackThis v1.99.1
Scan saved at 11:12:57 PM, on 16/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\hijackthis\Ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\KMaestro\Key_e.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\KMaestro\WTS_KEY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://redirect.aol7.com.au/cgi-bin/..._searchsidebar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aol7.com.au/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL|7
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AOL|7 Bar - {80DAB143-0FD4-4758-8DD8-F131515F524A} - C:\PROGRA~1\AOL7\Toolbar\AOLTOO~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GNP Generic Host Process] C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [735c2ivf] C:\WINDOWS\System32\735c2ivf.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [imuf] C:\PROGRA~1\COMMON~1\imuf\imufm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://aol7.com.au/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120487972437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\hijackthis\Ewido\security suite\ewidoctrl.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Online Scan -

Incident Status Location

Adware:adware/superspider No disinfected C:\WINDOWS\SYSTEM32\a.exe
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\conscorr.inf
Spyware:spyware/new.net No disinfected C:\WINDOWS\NDNuninstall6_90.exe
Adware:adware/twain-tech No disinfected C:\WINDOWS\satmat.ini
Adware:adware/savenow No disinfected C:\PROGRAM FILES\VVSN
Adware:adware/cws No disinfected C:\Documents and Settings\Anna\Favorites\Going Places
Adware:adware/wupd No disinfected Windows Registry
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\imuf\imufd\imufc.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\satmat.inf
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_90.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\a.exe

Ewido -

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:51:44 PM, 16/10/2005
+ Report-Checksum: 9CE5B95E

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\PrevAdX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrevAdX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrevAdX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
[432] C:\Program Files\NewDotNet\newdotnet6_90.dll -> Spyware.NewDotNet : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\uv9ruen4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\uv9ruen4.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\uv9ruen4.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Common Files\imuf\imufl.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\imuf\imufp.exe -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\Kazaa Lite\TopSearch.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\NewDotNet\newdotnet6_90.dll -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\qidkwn.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup

::Report End

Trend's Antispyware log -

Started Scanning
Internet Cookies
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'a.websponsors.com' in 'Internet Explorer Cache'
Found 'offeroptimizer.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'azjmp.com' in 'Internet Explorer Cache'
Found 'a.websponsors.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'cliks.org' in 'Internet Explorer Cache'
Found 'atwola.com' in 'Internet Explorer Cache'
Found 'abetterinternet.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\New.net'
Found '' in 'SOFTWARE\LimeWire'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Uninstall\New.net'
Found '' in 'SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}'
Found '' in 'SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\ed2k'
Found '' in 'SOFTWARE\Classes\ed2k\DefaultIcon'
Found '' in 'SOFTWARE\Classes\ed2k\shell\open\command'
Found '' in 'Software\Kazaa'
Found '' in 'SOFTWARE\Classes\Tldctl2.URLLink'
Found '' in 'SOFTWARE\Classes\Tldctl2.URLLink.1'
Found '' in 'SOFTWARE\Classes\Tldctl2.URLLink.1\CLSID'
Found '' in 'SOFTWARE\Classes\Tldctl2.URLLink\CLSID'
Found '' in 'SOFTWARE\Classes\Tldctl2.URLLink\CurVer'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\New.net'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}'
Found '' in 'SOFTWARE\TSA'
Found '' in 'SOFTWARE\TSA\update'
Found '' in 'SOFTWARE\ScreenSaver.com\Relevant Knowledge'
Found 'Location' in 'SOFTWARE\Magnet'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found 'LastSearchHash' in 'Software\Kazaa'
Found 'ScanFolder' in 'Software\Kazaa\Advanced'
Found 'IgnoreAll' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\Search'
Found 'adult_filter_level' in 'Software\Kazaa\ResultsFilter'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'CacheDiscoveryTime' in 'Software\Kazaa\Transfer'
Found 'CacheHost' in 'Software\Kazaa\Transfer'
Found 'CachePort' in 'Software\Kazaa\Transfer'
Found 'CountryCode' in 'Software\Kazaa\UserDetails'
Found 'DdeApplication' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'DdeTopic' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'DlDir0' in 'Software\Kazaa\Transfer'
Found 'AutoConnected' in 'Software\Kazaa\UserDetails'
Found 'Description' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'firewall_filter' in 'Software\Kazaa\ResultsFilter'
Found 'SkinsDir' in 'Software\Kazaa\Skins'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'UserName' in 'Software\Kazaa\UserDetails'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found 'kt' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'ShellExecute' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'http' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found 'urn:kzhash' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found 'urn:topsearch' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found 'New.net Startup' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX'
Found 'satmat' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Internet URL Shortcuts
Files and Directories
Found 'np.tmp' in 'C:\Documents and Settings\All Users\Application Data\Kazaa\db'
Found 'np.tmp' in 'C:\Documents and Settings\All Users\Application Data\Kazaa Lite\db'
Found 'winmx353.exe' in 'C:\Documents and Settings\Anna\My Documents\Applications'
Found '' in 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX'
Found 'winmx353.exe' in 'C:\Documents and Settings\Bill\Desktop'
Found 'class-barrel' in 'C:\Program Files\Common Files\imuf\imufd'
Found 'imufc.dll' in 'C:\Program Files\Common Files\imuf\imufd'
Found 'vocabulary' in 'C:\Program Files\Common Files\imuf\imufd'
Found '' in 'C:\Program Files\VVSN'
Found '' in 'C:\Program Files\WinMX'
Found 'errcatch.exe' in 'C:\Program Files\WinMX'
Found 'uninstall.exe' in 'C:\Program Files\WinMX'
Found 'WinMX.exe' in 'C:\Program Files\WinMX'
Found 'conscorr.inf' in 'C:\WINDOWS\inf'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\All Users\Application Data\Kazaa\db\np.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\Kazaa\db\np.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\Kazaa\db\np.tmp'
Checking for 'C:\Documents and Settings\All Users\Application Data\Kazaa Lite\db\np.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\Kazaa Lite\db\np.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\Kazaa Lite\db\np.tmp'
Checking for 'C:\Documents and Settings\Anna\My Documents\Applications\winmx353.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\Anna\My Documents\Applications\winmx353.exe' in startup areas.
Cleaning 'C:\Documents and Settings\Anna\My Documents\Applications\winmx353.exe'
Checking for 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX' in shortcut areas.
Checking for 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX' in startup areas.
Cleaning 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX'
Checking for 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\WinMX.lnk'
Checking for 'C:\Documents and Settings\Bill\Desktop\winmx353.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\Bill\Desktop\winmx353.exe' in startup areas.
Cleaning 'C:\Documents and Settings\Bill\Desktop\winmx353.exe'
Checking for 'C:\Program Files\Common Files\imuf\imufd\class-barrel' in shortcut areas.
Checking for 'C:\Program Files\Common Files\imuf\imufd\class-barrel' in startup areas.
Cleaning 'C:\Program Files\Common Files\imuf\imufd\class-barrel'
Checking for 'C:\Program Files\Common Files\imuf\imufd\imufc.dll' in shortcut areas.
Checking for 'C:\Program Files\Common Files\imuf\imufd\imufc.dll' in startup areas.
Cleaning 'C:\Program Files\Common Files\imuf\imufd\imufc.dll'
Checking for 'C:\Program Files\Common Files\imuf\imufd\vocabulary' in shortcut areas.
Checking for 'C:\Program Files\Common Files\imuf\imufd\vocabulary' in startup areas.
Cleaning 'C:\Program Files\Common Files\imuf\imufd\vocabulary'
Checking for 'C:\Program Files\VVSN' in shortcut areas.
Checking for 'C:\Program Files\VVSN' in startup areas.
Cleaning 'C:\Program Files\VVSN'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\colors.dat'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\library.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\library.dat'
Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\license.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\license.txt'
Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\settings.dat'
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\Anna\Desktop\Shortcuts\'
[SCANMODS] The file 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\Anna\Desktop\Shortcuts\'
[SCANMODS] The file 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
[SCANMODS] The file 'C:\Documents and Settings\Anna\Desktop\Shortcuts\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\WINDOWS\inf\conscorr.inf' in shortcut areas.
Checking for 'C:\WINDOWS\inf\conscorr.inf' in startup areas.
Cleaning 'C:\WINDOWS\inf\conscorr.inf'
Finished Cleaning
Started Scanning
Internet Cookies
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'a.websponsors.com' in 'Internet Explorer Cache'
Found 'offeroptimizer.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'azjmp.com' in 'Internet Explorer Cache'
Found 'a.websponsors.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'cliks.org' in 'Internet Explorer Cache'
Found 'atwola.com' in 'Internet Explorer Cache'
Found 'abetterinternet.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning

Processes and Problems Encountered

* Didn't need to run LSPFix

* I didn't complete the following step

Click Start->Run - type SERVICES.MSC & then click on the OK button

1. Locate the service - System Startup Service (SvcProc)
2. Double-click on it to open the Properties dialog.
* Under the General tab, note down the name of "Service name". We shall need it later.
* Stop the service by using the Stop button.
* Change the Startup type to Disabled & then click on the OK button
3. Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
4. In the popup box that appears, type in "Service name" & then click on the OK button

As 'System Startup Service' couldn't be located.

* Some of the things listed to be deleted in HiJackThis weren't there when I went to fix them. As in, F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe wasn't listed in the scan anymore. I'll list them if necessary, though I don't think it is?

* When using KillBox.exe nothing would paste when I used copy/paste from clipboard so I copy/pasted individually and then hit the x button. Hope this wasn't the wrong thing to do.

Computer Behaviour -

So far no pop-ups like I was getting. My dad still can't run PowerDVD correctly but this may be an unrelated issue. I think things are running better.

10-16-2005, 07:27 AM	#4 (permalink)
Padders Registered User Join Date: Oct 2005 Posts: 5 OS: WinXP	Results from logs are as follows: HiJackThis log - Logfile of HijackThis v1.99.1 Scan saved at 11:12:57 PM, on 16/10/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\hijackthis\Ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\KMaestro\Key_e.EXE C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe C:\KMaestro\WTS_KEY.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://redirect.aol7.com.au/cgi-bin/..._searchsidebar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aol7.com.au/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL\|7 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: AOL\|7 Bar - {80DAB143-0FD4-4758-8DD8-F131515F524A} - C:\PROGRA~1\AOL7\Toolbar\AOLTOO~1.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GNP Generic Host Process] C:\WINDOWS\system\svchost.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [735c2ivf] C:\WINDOWS\System32\735c2ivf.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [imuf] C:\PROGRA~1\COMMON~1\imuf\imufm.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://aol7.com.au/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120487972437 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: ewido security suite control - ewido networks - C:\hijackthis\Ewido\security suite\ewidoctrl.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe Online Scan - Incident Status Location Adware:adware/superspider No disinfected C:\WINDOWS\SYSTEM32\a.exe Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\conscorr.inf Spyware:spyware/new.net No disinfected C:\WINDOWS\NDNuninstall6_90.exe Adware:adware/twain-tech No disinfected C:\WINDOWS\satmat.ini Adware:adware/savenow No disinfected C:\PROGRAM FILES\VVSN Adware:adware/cws No disinfected C:\Documents and Settings\Anna\Favorites\Going Places Adware:adware/wupd No disinfected Windows Registry Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\imuf\imufd\imufc.dll Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\satmat.inf Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_90.exe Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\a.exe Ewido - --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 6:51:44 PM, 16/10/2005 + Report-Checksum: 9CE5B95E + Scan result: HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib\\ -> Spyware.NewDotNet : Cleaned with backup HKLM\SOFTWARE\Classes\PrevAdX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrevAdX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrevAdX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup [432] C:\Program Files\NewDotNet\newdotnet6_90.dll -> Spyware.NewDotNet : Cleaned with backup :mozilla.9:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\uv9ruen4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\uv9ruen4.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.13:C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\uv9ruen4.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup C:\Program Files\Common Files\imuf\imufl.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup C:\Program Files\Common Files\imuf\imufp.exe -> Spyware.Xupiter : Cleaned with backup C:\Program Files\Kazaa Lite\TopSearch.dll -> Spyware.Altnet : Cleaned with backup C:\Program Files\NewDotNet\newdotnet6_90.dll -> Spyware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup C:\WINDOWS\qidkwn.exe -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup ::Report End Trend's Antispyware log - Started Scanning Internet Cookies Found 'dist.belnk.com' in 'Internet Explorer Cache' Found 'a.websponsors.com' in 'Internet Explorer Cache' Found 'offeroptimizer.com' in 'Internet Explorer Cache' Found 'belnk.com' in 'Internet Explorer Cache' Found 'com.com' in 'Internet Explorer Cache' Found 'btg.btgrab.com' in 'Internet Explorer Cache' Found 'azjmp.com' in 'Internet Explorer Cache' Found 'a.websponsors.com' in 'Internet Explorer Cache' Found 'btg.btgrab.com' in 'Internet Explorer Cache' Found 'ad.yieldmanager.com' in 'Internet Explorer Cache' Found 'insightexpressai.com' in 'Internet Explorer Cache' Found 'cliks.org' in 'Internet Explorer Cache' Found 'atwola.com' in 'Internet Explorer Cache' Found 'abetterinternet.com' in 'Internet Explorer Cache' Programs in Memory Windows Registry Found '' in 'SOFTWARE\New.net' Found '' in 'SOFTWARE\LimeWire' Found '' in 'Software\Kazaa' Found '' in 'Software\Kazaa\ResultsFilter' Found '' in 'Software\Kazaa\Transfer' Found '' in 'Software\KaZaA\ConnectionInfo' Found '' in 'Software\Microsoft\Windows\CurrentVersion\Uninstall\New.net' Found '' in 'SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}' Found '' in 'SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32' Found '' in 'SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID' Found '' in 'SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib' Found '' in 'SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID' Found '' in 'SOFTWARE\Classes\ed2k' Found '' in 'SOFTWARE\Classes\ed2k\DefaultIcon' Found '' in 'SOFTWARE\Classes\ed2k\shell\open\command' Found '' in 'Software\Kazaa' Found '' in 'SOFTWARE\Classes\Tldctl2.URLLink' Found '' in 'SOFTWARE\Classes\Tldctl2.URLLink.1' Found '' in 'SOFTWARE\Classes\Tldctl2.URLLink.1\CLSID' Found '' in 'SOFTWARE\Classes\Tldctl2.URLLink\CLSID' Found '' in 'SOFTWARE\Classes\Tldctl2.URLLink\CurVer' Found '' in 'Software\Kazaa\Advanced' Found '' in 'Software\Kazaa\InstantMessaging' Found '' in 'Software\Kazaa\LocalContent' Found '' in 'Software\Kazaa\Skins' Found '' in 'Software\Kazaa\UserDetails' Found '' in 'SOFTWARE\Kazaa\Bandwidth\in' Found '' in 'SOFTWARE\Kazaa\Bandwidth\out' Found '' in 'SOFTWARE\New.net' Found '' in 'SOFTWARE\Magnet' Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa' Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type' Found '' in 'SOFTWARE\Classes\magnet' Found '' in 'SOFTWARE\Classes\magnet\shell\open\command' Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}' Found '' in 'SOFTWARE\TSA' Found '' in 'SOFTWARE\TSA\update' Found '' in 'SOFTWARE\ScreenSaver.com\Relevant Knowledge' Found 'Location' in 'SOFTWARE\Magnet' Found 'URL Protocol' in 'SOFTWARE\Classes\magnet' Found 'LastSearchHash' in 'Software\Kazaa' Found 'ScanFolder' in 'Software\Kazaa\Advanced' Found 'IgnoreAll' in 'Software\Kazaa\InstantMessaging' Found '' in 'Software\Kazaa\Search' Found 'adult_filter_level' in 'Software\Kazaa\ResultsFilter' Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in' Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out' Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in' Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out' Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in' Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out' Found 'CacheDiscoveryTime' in 'Software\Kazaa\Transfer' Found 'CacheHost' in 'Software\Kazaa\Transfer' Found 'CachePort' in 'Software\Kazaa\Transfer' Found 'CountryCode' in 'Software\Kazaa\UserDetails' Found 'DdeApplication' in 'SOFTWARE\Magnet\Handlers\Kazaa' Found 'DdeTopic' in 'SOFTWARE\Magnet\Handlers\Kazaa' Found 'DlDir0' in 'Software\Kazaa\Transfer' Found 'AutoConnected' in 'Software\Kazaa\UserDetails' Found 'Description' in 'SOFTWARE\Magnet\Handlers\Kazaa' Found 'firewall_filter' in 'Software\Kazaa\ResultsFilter' Found 'SkinsDir' in 'Software\Kazaa\Skins' Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer' Found 'UserName' in 'Software\Kazaa\UserDetails' Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo' Found 'kt' in 'SOFTWARE\Magnet\Handlers\Kazaa' Found 'ShellExecute' in 'SOFTWARE\Magnet\Handlers\Kazaa' Found 'http' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type' Found 'urn:kzhash' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type' Found 'urn:topsearch' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type' Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1' Found 'New.net Startup' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run' Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX' Found 'satmat' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run' Internet URL Shortcuts Files and Directories Found 'np.tmp' in 'C:\Documents and Settings\All Users\Application Data\Kazaa\db' Found 'np.tmp' in 'C:\Documents and Settings\All Users\Application Data\Kazaa Lite\db' Found 'winmx353.exe' in 'C:\Documents and Settings\Anna\My Documents\Applications' Found '' in 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX' Found 'winmx353.exe' in 'C:\Documents and Settings\Bill\Desktop' Found 'class-barrel' in 'C:\Program Files\Common Files\imuf\imufd' Found 'imufc.dll' in 'C:\Program Files\Common Files\imuf\imufd' Found 'vocabulary' in 'C:\Program Files\Common Files\imuf\imufd' Found '' in 'C:\Program Files\VVSN' Found '' in 'C:\Program Files\WinMX' Found 'errcatch.exe' in 'C:\Program Files\WinMX' Found 'uninstall.exe' in 'C:\Program Files\WinMX' Found 'WinMX.exe' in 'C:\Program Files\WinMX' Found 'conscorr.inf' in 'C:\WINDOWS\inf' Finished Scanning Started Backup Finished Backup Started Cleaning Checking for 'C:\Documents and Settings\All Users\Application Data\Kazaa\db\np.tmp' in shortcut areas. Checking for 'C:\Documents and Settings\All Users\Application Data\Kazaa\db\np.tmp' in startup areas. Cleaning 'C:\Documents and Settings\All Users\Application Data\Kazaa\db\np.tmp' Checking for 'C:\Documents and Settings\All Users\Application Data\Kazaa Lite\db\np.tmp' in shortcut areas. Checking for 'C:\Documents and Settings\All Users\Application Data\Kazaa Lite\db\np.tmp' in startup areas. Cleaning 'C:\Documents and Settings\All Users\Application Data\Kazaa Lite\db\np.tmp' Checking for 'C:\Documents and Settings\Anna\My Documents\Applications\winmx353.exe' in shortcut areas. Checking for 'C:\Documents and Settings\Anna\My Documents\Applications\winmx353.exe' in startup areas. Cleaning 'C:\Documents and Settings\Anna\My Documents\Applications\winmx353.exe' Checking for 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX' in shortcut areas. Checking for 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX' in startup areas. Cleaning 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX' Checking for 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas. Checking for 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas. Cleaning 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\WinMX.lnk' Checking for 'C:\Documents and Settings\Bill\Desktop\winmx353.exe' in shortcut areas. Checking for 'C:\Documents and Settings\Bill\Desktop\winmx353.exe' in startup areas. Cleaning 'C:\Documents and Settings\Bill\Desktop\winmx353.exe' Checking for 'C:\Program Files\Common Files\imuf\imufd\class-barrel' in shortcut areas. Checking for 'C:\Program Files\Common Files\imuf\imufd\class-barrel' in startup areas. Cleaning 'C:\Program Files\Common Files\imuf\imufd\class-barrel' Checking for 'C:\Program Files\Common Files\imuf\imufd\imufc.dll' in shortcut areas. Checking for 'C:\Program Files\Common Files\imuf\imufd\imufc.dll' in startup areas. Cleaning 'C:\Program Files\Common Files\imuf\imufd\imufc.dll' Checking for 'C:\Program Files\Common Files\imuf\imufd\vocabulary' in shortcut areas. Checking for 'C:\Program Files\Common Files\imuf\imufd\vocabulary' in startup areas. Cleaning 'C:\Program Files\Common Files\imuf\imufd\vocabulary' Checking for 'C:\Program Files\VVSN' in shortcut areas. Checking for 'C:\Program Files\VVSN' in startup areas. Cleaning 'C:\Program Files\VVSN' Checking for 'C:\Program Files\WinMX' in shortcut areas. Checking for 'C:\Program Files\WinMX' in startup areas. Cleaning 'C:\Program Files\WinMX' Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\colors.dat' Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\errcatch.exe' Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\library.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\library.dat' Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas. Checking for 'C:\Program Files\WinMX\license.txt' in startup areas. Cleaning 'C:\Program Files\WinMX\license.txt' Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\settings.dat' Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\uninstall.exe' Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas. Found 'WinMX.lnk' in 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\' Found 'WinMX.lnk' in 'C:\Documents and Settings\Anna\Desktop\Shortcuts\' [SCANMODS] The file 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\WinMX.exe' Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas. Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas. Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt' Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\errcatch.exe' [SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\uninstall.exe' [SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas. Found 'WinMX.lnk' in 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\' Found 'WinMX.lnk' in 'C:\Documents and Settings\Anna\Desktop\Shortcuts\' [SCANMODS] The file 'C:\Documents and Settings\Anna\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module. [SCANMODS] The file 'C:\Documents and Settings\Anna\Desktop\Shortcuts\WinMX.lnk' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\WinMX.exe' [SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\WINDOWS\inf\conscorr.inf' in shortcut areas. Checking for 'C:\WINDOWS\inf\conscorr.inf' in startup areas. Cleaning 'C:\WINDOWS\inf\conscorr.inf' Finished Cleaning Started Scanning Internet Cookies Found 'dist.belnk.com' in 'Internet Explorer Cache' Found 'a.websponsors.com' in 'Internet Explorer Cache' Found 'offeroptimizer.com' in 'Internet Explorer Cache' Found 'belnk.com' in 'Internet Explorer Cache' Found 'com.com' in 'Internet Explorer Cache' Found 'btg.btgrab.com' in 'Internet Explorer Cache' Found 'azjmp.com' in 'Internet Explorer Cache' Found 'a.websponsors.com' in 'Internet Explorer Cache' Found 'btg.btgrab.com' in 'Internet Explorer Cache' Found 'ad.yieldmanager.com' in 'Internet Explorer Cache' Found 'insightexpressai.com' in 'Internet Explorer Cache' Found 'cliks.org' in 'Internet Explorer Cache' Found 'atwola.com' in 'Internet Explorer Cache' Found 'abetterinternet.com' in 'Internet Explorer Cache' Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Backup Finished Backup Started Cleaning Finished Cleaning Processes and Problems Encountered * Didn't need to run LSPFix * I didn't complete the following step Click Start->Run - type SERVICES.MSC & then click on the OK button 1. Locate the service - System Startup Service (SvcProc) 2. Double-click on it to open the Properties dialog. * Under the General tab, note down the name of "Service name". We shall need it later. * Stop the service by using the Stop button. * Change the Startup type to Disabled & then click on the OK button 3. Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service... 4. In the popup box that appears, type in "Service name" & then click on the OK button As 'System Startup Service' couldn't be located. * Some of the things listed to be deleted in HiJackThis weren't there when I went to fix them. As in, F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe wasn't listed in the scan anymore. I'll list them if necessary, though I don't think it is? * When using KillBox.exe nothing would paste when I used copy/paste from clipboard so I copy/pasted individually and then hit the x button. Hope this wasn't the wrong thing to do. Computer Behaviour - So far no pop-ups like I was getting. My dad still can't run PowerDVD correctly but this may be an unrelated issue. I think things are running better. Last edited by Padders; 10-16-2005 at 07:30 AM.