Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Registry Cleaner, pc slow, crashes & freezes
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-31-2006, 01:29 PM   #1 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 22
OS: 2000


Exclamation Registry Cleaner, pc slow, crashes & freezes
Hello,

I'm helping my parents with getting thier computer cleaned of ad/spyware. So far it's been going ok, but I can't get rid of this pesky Registry Cleaner. I've tryed uninstalling it several times with no success. The computer is slow and its sometimes crashes or freezes but my dad just formated it about 5 or 6 months ago and it's using up alot of resources too. Thanks

=============================
Logfile of HijackThis v1.99.1
Scan saved at 3:21:20 PM, on 8/31/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\AOLFIX.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\CY_BG.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
C:\PROGRAM FILES\REGISTRY CLEANER TRIAL\REGCLEAN.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\CY_NI9X.EXE
C:\HIJACKTHIS 1.99.1\HIJACKTHIS 1.99.1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - (no file)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [AolFix] C:\windows\system\AolFix.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [kavsvc] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O4 - HKLM\..\RunServices: [KPF4] c:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet
O4 - HKCU\..\Run: [Registry Cleaner] "C:\PROGRAM FILES\REGISTRY CLEANER TRIAL\REGCLEAN.EXE"
O4 - Startup: WALB Live Online.lnk = C:\Program Files\WALB Live Online\liveonline_2351304.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCYYYYYYYYUS
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://reciperewards.aavalue.com/rr/...rr-toolbar.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/game...ts/y/yt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/...er/Install.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.3.2...eaks-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.7.3.2...ldem-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.5.2...jack-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.6.5.3...igow-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.3.2...pit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.6.5.3...ider-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.2.2...lass-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.7.0.3...jack-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.6.3.3...euce-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.5.5.2...opfu-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.3.3...aces-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.2.3...oppa-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.5.3...ling-en_US.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.6.3.3...oker-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.6.3.3...kers-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.6.3.3...des2-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.1.3...ass2-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.6.4.2...heel-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.6.5.3...mino-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.5.3...biz2-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.3...jong-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.7.2.3...oker-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.3...puck-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.7.0.4...cade-en_US.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.7.2.3...cell-en_US.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.7.1.3...lots-en_US.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents...r/imloader.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.7.2.3...eper-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.7.3.2...pool-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.3.3...ttso-en_US.cab
Iahhel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 09-03-2006, 11:05 AM   #2 (permalink)
Analyst, Security Team
 
Join Date: Mar 2005
Posts: 890
OS: Windows XP Home


Hello and welcome to TSF

You may wish to Subscribe to this thread (Thread Tools) so that you are alerted when you receive a reply.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Open My Computer. Select the View menu and click Folder Options. Select the View Tab then select Show all files in the Hidden files section. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.


------------------


DOWNLOADS

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.



-----------------


Download LSPFix.exe

We may need it later.


------------------


Please download Dr.Web CureIT

Alternate Download Site http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html


---------------------



SAFE MODE

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.


----------------------


ADD/REMOVE PROGRAMS

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

NewDotNet or New.Net
Registry Cleaner Trial


-----------------------


FIXES WITH HIJACK THIS

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [Registry Cleaner] "C:\PROGRAM FILES\REGISTRY CLEANER TRIAL\REGCLEAN.EXE"
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCYYYYYYYYUS
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://reciperewards.aavalue.com/rr/...rr-toolbar.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/...er/Install.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab

Please remember to close all other windows, including browsers then click Fix checked.


------------------------


FILE DELETIONS

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\ NewDotNet
C:\PROGRAM FILES\ REGISTRY CLEANER TRIAL


------------------------


CLEANUP!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the “Temporary Files” and uncheck the box for “Scan drives for file matching” if it’s checked.
Click OK
Press the CleanUp! button to start the program. DO NOT reboot/logoff when prompted.


-------------------------


DR WEB CURE IT!
  • Doubleclick the "drweb-cureit.exe" and click "OK" in the prompt window that will open.
  • Then click "start the express scan now". It will first make a quick scan of your system so let it clean what it finds and when it says "done" click on the Green Screwdriver-ActionsTab, Adware-Dialers-Riskware-Hacktools and use dropdown menu and select "Delete"
  • Click on the drive(s) you want to scan.
  • A red dot * will mark the selected drive(s) then hit the green arrow in lower right corner.
  • It will now scan your drive(s) so say YES to ALL.

Reboot into Normal mode.



--------------------------



ONLINE SCAN

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner
  1. Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on See report then click Save report
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report here together with a new HiJackThis log and the log from Dr Web Cure IT!.
__________________
Hustler24 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2006, 02:53 PM   #3 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 22
OS: 2000


Hello Hustler24,

I did what you said and heres my logs...
---------------------------
Logfile of HijackThis v1.99.1
Scan saved at 4:36:03 PM, on 9/4/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\AOLFIX.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\CY_BG.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS 1.99.1\HIJACKTHIS 1.99.1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [AolFix] C:\windows\system\AolFix.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [kavsvc] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O4 - HKLM\..\RunServices: [KPF4] c:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: WALB Live Online.lnk = C:\Program Files\WALB Live Online\liveonline_2351304.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
---------------------------
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-09-04, 00:26:45
Command-line: "C:\WINDOWS\TEMP\RARSFX0\CUREIT.EXE" /lng /ini:cureit_Me.ini
Operating system:Windows 98 SE x86 (Build 2222)
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crwtoday.cdb - skipped
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43351.cdb - 943 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43346.cdb - 1429 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\cwrtoday.cdb - 228 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\cwntoday.cdb - 129 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\WINDOWS\TEMP\RARSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 138371
Key file: C:\WINDOWS\TEMP\RARSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] C:\WINDOWS\SYSTEM\KERNEL32.DLL
[Scan path] C:\WINDOWS\SYSTEM\MSGSRV32.EXE
[Scan path] C:\WINDOWS\SYSTEM\MPREXE.EXE
[Scan path] C:\WINDOWS\EXPLORER.EXE
[Scan path] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
[Scan path] C:\WINDOWS\SYSTEM\RNAAPP.EXE
[Scan path] C:\WINDOWS\SYSTEM\TAPISRV.EXE
[Scan path] C:\WINDOWS\DESKTOP\CUREIT.EXE
[Scan path] C:\WINDOWS\TEMP\RARSFX0\_START.EXE
[Scan path] C:\WINDOWS\TEMP\RARSFX0\CUREIT.EXE
[Scan path] C:\WINDOWS\SYSTEM\tcaudiag.exe
[Scan path] c:\windows\scanregw.exe
[Scan path] c:\windows\taskmon.exe
[Scan path] C:\WINDOWS\SYSTEM\SysTray.Exe
[Scan path] C:\WINDOWS\SYSTEM\powrprof.dll
[Scan path] C:\WINDOWS\rundll32.exe
[Scan path] C:\WINDOWS\SYSTEM\Aticwd32.exe
[Scan path] C:\WINDOWS\SYSTEM\Atitask.exe
[Scan path] C:\WINDOWS\SYSTEM\HPScanFix.exe
[Scan path] c:\windows\system\hpsysdrv.exe
[Scan path] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
[Scan path] C:\WINDOWS\SYSTEM\usbmmkbd.exe
[Scan path] C:\WINDOWS\SYSTEM\STIMON.EXE
[Scan path] C:\Program Files\DirectCD\DIRECTCD.EXE
[Scan path] C:\WINDOWS\CY_BG.EXE
[Scan path] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[Scan path] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
[Scan path] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[Scan path] c:\windows\system\wucrtupd.exe
[Scan path] c:\program files\kaspersky lab\kaspersky anti-virus personal\kav.exe
[Scan path] C:\WINDOWS\SYSTEM\mstask.exe
[Scan path] C:\Program Files\Easy Internet\ENCMONTR.EXE
[Scan path] C:\WINDOWS\SYSTEM\hidserv.exe
[Scan path] C:\windows\system\AolFix.exe
[Scan path] c:\windows\SYSTEM\KB891711\KB891711.EXE
[Scan path] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
[Scan path] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
[Scan path] C:\Program Files\Microsoft Money\System\Money Express.exe
[Scan path] C:\Program Files\WALB Live Online\liveonline_2351304.exe
[Scan path] C:\WINDOWS\SYSTEM\mstask.dll
[Scan path] C:\WINDOWS\SYSTEM\icmui.dll
[Scan path] c:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Scan path] C:\WINDOWS\SYSTEM\rnaui.dll
[Scan path] C:\WINDOWS\SYSTEM\BROWSEUI.DLL
[Scan path] C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[Scan path] C:\WINDOWS\SYSTEM\SHDOC401.DLL
[Scan path] C:\WINDOWS\SYSTEM\CRYPTEXT.DLL
[Scan path] C:\WINDOWS\SYSTEM\THUMBVW.DLL
[Scan path] C:\WINDOWS\SYSTEM\WEBCHECK.DLL
[Scan path] C:\WINDOWS\SYSTEM\OCCACHE.DLL
[Scan path] C:\WINDOWS\SYSTEM\SHELL32.DLL
[Scan path] C:\Program Files\DirectCD\shellex.dll
[Scan path] C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
[Scan path] C:\WINDOWS\SYSTEM\SENDMAIL.DLL
[Scan path] C:\WINDOWS\SYSTEM\CDFVIEW.DLL
[Scan path] c:\windows\SYSTEM\wshext.dll
[Scan path] C:\Program Files\7-Zip\7-zip.dll
[Scan path] C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
[Scan path] C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
[Scan path] C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 60
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1693 Kb/s
Scan time: 00:00:11
-----------------------------------------------------------------------------

[Scan path] C:\
C:\WINDOWS\NDNuninstall6_90.exe is adware program Adware.NewDotNet - deleted
C:\WINDOWS\NDNuninstall6_98.exe is adware program Adware.NewDotNet - deleted
C:\WINDOWS\NDNuninstall7_22.exe is adware program Adware.NewDotNet - deleted
C:\WINDOWS\SYSTEM\Popular Screensavers.scr is adware program Adware.Msearch - deleted
C:\WINDOWS\Downloaded Program Files\Install.dll is adware program Adware.SpywareStorm - deleted
C:\Downloads\BEJ2SETUP_TRYGAMES-DM[1].EXE is adware program Adware.TryMedia - deleted
C:\HijackThis 1.99.1\backups\backup-20060904-000601-602.dll is adware program Adware.SpywareStorm - deleted
C:\HijackThis 1.99.1\backups\backup-20060904-000601-843.dll is adware program Adware.Coupons - deleted

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 78238
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 8
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 8
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 549 Kb/s
Scan time: 01:36:41
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 78298
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 8
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 8
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 552 Kb/s
Scan time: 01:36:52
---------------------------

Panda Scan report
Incident Status Location

Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall7_14.exe
Potentially unwanted tool:application/spywarestormer Not disinfected c:\program files\Spyware Stormer
Potentially unwanted tool:application/regclean32 Not disinfected C:\WINDOWS\Application Data\Registry Cleaner
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch
Potentially unwanted tool:application/funweb Not disinfected hkey_current_user\software\Fun Web Products
Spyware:Cookie/Casalemedia Not disinfected C:\WINDOWS\.file_store_32\main_file_cache.dat
Potentially unwanted tool:Application/SpywareStormer Not disinfected C:\Program Files\Spyware Stormer\Setup.exe[SpywareStormer.exe]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\HijackThis 1.99.1\backups\backup-20060904-000601-362.inf
Iahhel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2006, 04:05 PM   #4 (permalink)
Analyst, Security Team
 
Join Date: Mar 2005
Posts: 890
OS: Windows XP Home


SAFE MODE

Please reboot into Safe Mode as directed earlier.


------------


ADD/REMOVE PROGRAMS

Please uninstall the following programs via Add/Remove:

Spyware Stormer


-------------


FILE/FOLDER DELETIONS

Please delete the following files/folders if found:

C:\windows\ NDNuninstall7_14.exe
C:\program files\ Spyware Stormer
C:\WINDOWS\Application Data\ Registry Cleaner

Reboot normally.


--------------


ONLINE SCAN

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Post the Kaspersky log here with a new HJT log.

How is your system performing now?
__________________
Hustler24 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-05-2006, 08:35 PM   #5 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 22
OS: 2000


Hello,

Ok, heres my HijackThis log and I know how ya'll dont like attachments but the kaspersky online scanner didnt have a "save as text", I could only save it as a html file, when I upload it, it says "Invalid File". And my computer is doing pretty good. Altho, the file "NDNuninstall7_14.exe" wont uninstall, I just cant delete it.

Logfile of HijackThis v1.99.1
Scan saved at 10:07:16 PM, on 9/5/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\AOLFIX.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\CY_BG.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS 1.99.1\HIJACKTHIS 1.99.1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [AolFix] C:\windows\system\AolFix.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [kavsvc] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O4 - HKLM\..\RunServices: [KPF4] c:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: WALB Live Online.lnk = C:\Program Files\WALB Live Online\liveonline_2351304.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.7.3.3...mino-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-6.7.3.3...ack2-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.7.3.3...igow-en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...bscan_ansi.cab
Iahhel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-06-2006, 01:27 AM   #6 (permalink)
Analyst, Security Team
 
Join Date: Mar 2005
Posts: 890
OS: Windows XP Home


Please copy and paste the Kaspersky log here.
__________________
Hustler24 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-07-2006, 06:44 PM   #7 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 22
OS: 2000


Ok, well it in html but here it is :)...

HTML Code:
<html>
<head>
<title>KASPERSKY ONLINE SCANNER REPORT</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
</head>

<style>
	.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
	.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
	TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>

<body>
	<table width='100%' height='110' border='0'>
		<tr height='30' align='center' bgcolor='#005447'>
			<td colspan='2' height='30' class='pagetitle'>
				<b>KASPERSKY ONLINE SCANNER REPORT</b>
			</td>
		</tr>
		<tr height='70'>
			<td colspan='2' height='70'>
				Tuesday, September 05, 2006 10:02:54 PM<br>
				Operating System: Microsoft Windows 98 SE <br>
				Kaspersky Online Scanner version: 5.0.83.0<br>
				Kaspersky Anti-Virus database last update:  6/09/2006<br>
				Kaspersky Anti-Virus database records: 221093<br>
			</td>
		</tr>
		<tr height='10'>
			<td colspan='2' height='10'>
			</td>
		</tr>
	</table>
	<table width='100%' height='145' border='0'>
		<tr height='20' bgcolor='#EFEBDE'>
			<td colspan='2' height='20'><b>Scan Settings</b></td>
		</tr>
		<tr height='15'>
			<td height='15' width='250'>Scan using the following antivirus database</td>
			<td>extended</td>
		</tr>
		<tr height='15'>
			<td height='15'>Scan Archives</td>
			<td>true</td>
		</tr>
		<tr height='15'>
			<td height='15'>Scan Mail Bases</td>
			<td>true</td>
		</tr>
		<tr height='10'>
			<td colspan='2' height='10'>
			</td>
		</tr>
		<tr height='20' bgcolor='#EFEBDE'>
			<td height='20'><b>Scan Target</b></td>
			<td>My Computer</td>
		</tr>
		<tr height='20'>
			<td colspan='2' height='20'>
				a:\<br>
				c:\<br>
				m:\<br>
				n:\
			</td>
		</tr>
		<tr height='10'>
			<td colspan='2' height='10'>
			</td>
		</tr>
		<tr height='20' bgcolor='#EFEBDE'>
			<td colspan='2' height='20'><b>Scan Statistics</b></td>
		</tr>
		<tr height='15'>
			<td height='15'>Total number of scanned objects</td>
			<td>37413</td>
		</tr>
		<tr height='15'>
			<td height='15'>Number of viruses found</td>
			<td>1</td>
		</tr>
		<tr height='15'>
			<td height='15'>Number of infected objects</td>
			<td>1 / 0</td>
		</tr>
		<tr height='15'>
			<td height='15'>Number of suspicious objects</td>
			<td>0</td>
		</tr>
		<tr height='15'>
			<td height='15'>Duration of the scan process</td>
			<td>00:52:03</td>
		</tr>
	</table>
	<br>
	<table width='100%' border='0'>
		<tr height='20' bgcolor='#EFEBDE'>
			<td height='20'><b>Infected Object Name</b></td>
			<td width='200'><b>Virus Name</b></td>
			<td width='100'><b>Last Action</b></td>
		</tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\TEMP\~DFF96B.TMP			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\TEMP\~DFBE7.TMP			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\Cookies\index.dat			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\SCHEDLOG.TXT			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\WIN386.SWP			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\History\History.IE5\INDEX.DAT			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\Sti_Trace.log			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\NDNuninstall7_14.exe			</td>
			<td>Infected: not-a-virus:AdWare.Win32.NewDotNet.e			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Quarantine\QMng.rept			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Quarantine\QMng.reph			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Quarantine\QMng.repi			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Quarantine\QMng.i0000			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Quarantine\QMng.i0001			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Quarantine\QMng.i0100			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Quarantine\QMng.i0101			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Quarantine\QMng.i0200			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Quarantine\QMng.i0201			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Quarantine\QMng.i0300			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Quarantine\QMng.i0301			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Reports\RptMng.rept			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Reports\RptMng.reph			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Reports\RptMng.repi			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Reports\RptMng.i0000			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Reports\RptMng.i0001			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Reports\RptMng.i0100			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Reports\RptMng.i0101			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Reports\RptMng.i0200			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Reports\RptMng.i0201			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td colspan='3' height='20'><b>Scan process completed.</b></td>
		</tr>
	</table>
</body>
</html>
Iahhel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-08-2006, 10:13 AM   #8 (permalink)
Analyst, Security Team
 
Join Date: Mar 2005
Posts: 890
OS: Windows XP Home


Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)



Launch KillBox.exe & select the following options:
  • delete on Reboot
  • All files (if available)
Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy

Quote:
C:\windows\NDNuninstall7_14.exe

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


---------------------


Once rebooted, run the Kaspersky scan again and post the log it produces. Also post a new HJT log.

How is the computer performing now?
__________________
Hustler24 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-10-2006, 02:27 PM   #9 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 22
OS: 2000


I forgot to delete my temp files but here is my Kaspersky scan and my new HJT log...

HTML Code:
<html>
<head>
<title>KASPERSKY ONLINE SCANNER REPORT</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
</head>

<style>
	.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
	.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
	TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>

<body>
	<table width='100%' height='110' border='0'>
		<tr height='30' align='center' bgcolor='#005447'>
			<td colspan='2' height='30' class='pagetitle'>
				<b>KASPERSKY ONLINE SCANNER REPORT</b>
			</td>
		</tr>
		<tr height='70'>
			<td colspan='2' height='70'>
				Saturday, September 09, 2006 10:31:04 PM<br>
				Operating System: Microsoft Windows 98 SE <br>
				Kaspersky Online Scanner version: 5.0.83.0<br>
				Kaspersky Anti-Virus database last update: 10/09/2006<br>
				Kaspersky Anti-Virus database records: 222100<br>
			</td>
		</tr>
		<tr height='10'>
			<td colspan='2' height='10'>
			</td>
		</tr>
	</table>
	<table width='100%' height='145' border='0'>
		<tr height='20' bgcolor='#EFEBDE'>
			<td colspan='2' height='20'><b>Scan Settings</b></td>
		</tr>
		<tr height='15'>
			<td height='15' width='250'>Scan using the following antivirus database</td>
			<td>extended</td>
		</tr>
		<tr height='15'>
			<td height='15'>Scan Archives</td>
			<td>true</td>
		</tr>
		<tr height='15'>
			<td height='15'>Scan Mail Bases</td>
			<td>true</td>
		</tr>
		<tr height='10'>
			<td colspan='2' height='10'>
			</td>
		</tr>
		<tr height='20' bgcolor='#EFEBDE'>
			<td height='20'><b>Scan Target</b></td>
			<td>My Computer</td>
		</tr>
		<tr height='20'>
			<td colspan='2' height='20'>
				a:\<br>
				c:\<br>
				d:\<br>
				m:\<br>
				n:\
			</td>
		</tr>
		<tr height='10'>
			<td colspan='2' height='10'>
			</td>
		</tr>
		<tr height='20' bgcolor='#EFEBDE'>
			<td colspan='2' height='20'><b>Scan Statistics</b></td>
		</tr>
		<tr height='15'>
			<td height='15'>Total number of scanned objects</td>
			<td>37797</td>
		</tr>
		<tr height='15'>
			<td height='15'>Number of viruses found</td>
			<td>0</td>
		</tr>
		<tr height='15'>
			<td height='15'>Number of infected objects</td>
			<td>0 / 0</td>
		</tr>
		<tr height='15'>
			<td height='15'>Number of suspicious objects</td>
			<td>0</td>
		</tr>
		<tr height='15'>
			<td height='15'>Duration of the scan process</td>
			<td>01:02:07</td>
		</tr>
	</table>
	<br>
	<table width='100%' border='0'>
		<tr height='20' bgcolor='#EFEBDE'>
			<td height='20'><b>Infected Object Name</b></td>
			<td width='200'><b>Virus Name</b></td>
			<td width='100'><b>Last Action</b></td>
		</tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\JAVA\javalog.txt			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\TEMP\~DF691D.TMP			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\TEMP\~DF71DA.TMP			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\Cookies\index.dat			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\SCHEDLOG.TXT			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\WIN386.SWP			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\History\History.IE5\INDEX.DAT			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\Sti_Trace.log			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\WINDOWS\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\McAfee\SpamKiller\Data\Logs\Filtering.log			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\McAfee.com\Agent\Data\Logs\TaskScheduler\McTskshd001.log			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td height='20'>c:\Program Files\McAfee.com\VSO\OASLogs\OAS.log			</td>
			<td>Object is locked			</td>
			<td>skipped			</td>
		</tr>
		<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
		<tr height='20'>
			<td colspan='3' height='20'><b>Scan process completed.</b></td>
		</tr>
	</table>
</body>
</html>
-----------------
Logfile of HijackThis v1.99.1
Scan saved at 4:02:39 PM, on 9/10/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\AOLFIX.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\CY_BG.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\MPS\MSCIFAPP.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKAGENT.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKSRVR.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS 1.99.1\HIJACKTHIS 1.99.1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - C:\PROGRAM FILES\MCAFEE.COM\MPS\POPUPKILLER.DLL
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - C:\PROGRAM FILES\MCAFEE.COM\MPS\MCBRHLPR.DLL
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MCAPFBHO.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRAM FILES\SPYWARE TERMINATOR\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] C:\PROGRA~1\MCAFEE.COM\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
O4 - HKLM\..\Run: [MSKServerExe] C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKDETCT.EXE /startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [AolFix] C:\windows\system\AolFix.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [kavsvc] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WALB Live Online.lnk = C:\Program Files\WALB Live Online\liveonline_2351304.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Download with TrueDownloader! - C:\PROGRAM FILES\TRUEDOWNLOADER\TrueDownloader.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MCAPFBHO.DLL
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MCAPFBHO.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.7.3.3...mino-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-6.7.3.3...ack2-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.7.3.3...igow-en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...bscan_ansi.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.7.3.3...stax-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.7.3.3...bage-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.7.3.3...ider-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.7.3.3...ride-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.7.3.3...cell-en_US.cab
Iahhel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-10-2006, 04:38 PM   #10 (permalink)
Analyst, Security Team
 
Join Date: Mar 2005
Posts: 890
OS: Windows XP Home


Well done. Your system is clean!

You may now re-enable any antispyware protection that you have.
  • Open My Computer.
  • Select the View option
  • Select the Folder Options option.
  • Select the View tab option.
  • In the Advanced settings box Under the Hidden files folder,
  • Select the Do not show hidden or system files option
  • Also Select Hide file extensions for known file types
  • Click Apply to confirm.
  • Click OK.


--------------------------


This is a good time to set up protection against further attacks. Read TonyKlein's How Did I Get Infected In The First Place?. You need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard, to prevent spyware intrusions. IE-Spyad is another excellent program that places over 4000 websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. All of the above have good free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

More information and downloads are available at the following links:

Spyware Blaster
Spyware Guard
IE-Spyad

---------------------------

Please let me know if you are happy for me to treat your topic as resolved.
__________________
Hustler24 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-12-2006, 12:11 PM   #11 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 22
OS: 2000


Thumbs Up
Thank you Hustler24! Sorry it took so long for me to reply :)
Iahhel is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:25 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85