Tech Support banner

Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter #1
Hey guys,

I have some kind of spyware on my PC that is driving me crazy. Everytime I open IE a pop-under window shows up. They sure are't pop-ups because I havea pop-up blocker installed. Tryed spybot and adaware but nothing helped. With a help of HijackThis I got rid of some strange processes and files but apparently that wasn't it.

These are the pop-unders:

The first is titled AdultFriend finder, but the window is always empty;
The second shows some thumbnails of screensavers and says paid Popup
And sometymes i get Is your computer running slow? message. Of course it's running slow - due to these nasty pop-unders. :cry:

Please help me

Sara

----------------

Logfile of HijackThis v1.99.1
Scan saved at 13:31:06, on 30.9.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\WinPortrait\wpctrl.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtwAdvCfg.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Memory Optimizer\mopt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\emule\emule.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\kfcobyps.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MagicTune.lnk = C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100966148754
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {77A21BC8-EF05-4081-93BF-928AE8908A25} (UMediaPlayer Class) - http://streaming.gamamm.si/predvajalnik.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA4B0DC-E174-4062-9505-C678FFFD5439}: NameServer = 193.2.1.66,193.2.1.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1DF7230-AC5E-4556-8B7A-0ECEB104F026}: NameServer = 193.2.1.66,193.2.1.72
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
Registered
Joined
·
3,100 Posts
Hi stusar and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.
 

·
Registered
Joined
·
3,100 Posts
Thanks for your patience

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Download CWShredder and click on Fix (it will automatically fix anything it finds for you). If it asks if you want to delete a certain random file, choose No and post that filename here.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

P2P - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation. I’ll leave the decision to you.

Download Accelerator (DAP)is not technically malware, but it may include malware and allow it into your system. I have made recommendations below for removal, if you do not wish to remove it ignore all entries with a red asterisk(*).

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time).
*C:\PROGRA~1\DAP\DAP.EXE

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
*Download Accelerator

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
*O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll (file missing)
*O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
*O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\kfcobyps.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
*O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm


Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
*C:\Program Files\DAP
C:\WINDOWS\System32\NDrv.dll
C:\WINDOWS\System32\kfcobyps.exe
E6F1873B.DLL<<<Do a search and delete this file
D9EBC318C.dll<<<Do a search and delete this file
D0CE0C16B1.dll<<<Do a search and delete this file
D0CE0C16B1.dll<<<Do a search and delete this file

Reboot your system in Normal Mode.

Please run a Scan at Panda ActiveScan

Make sure that you choose the "fix" or "clean" option when available
at the end of this scan you will be given then option to save a log from the scan –SAVE THAT LOG- and post it here

Please post a fresh Hijack This log and Panda log so that we can check if your system is clean.
 

·
Registered
Joined
·
3 Posts
Discussion Starter #4
Re

First I want to thank you Vikesrock8411 for taking your time in order to help me.

I did everything you instucted me to do (except DAP) and this is the result:

- CWShredder didn't find anything
- Deleted all entries with HijackThis (except DAP)
- deleted E6F1873B.dll, D0CE0C16B1.dll others didn't exist

-------------

Logfile of HijackThis v1.99.1
Scan saved at 12:26:43, on 1.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtwAdvCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MagicTune.lnk = C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100966148754
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {77A21BC8-EF05-4081-93BF-928AE8908A25} (UMediaPlayer Class) - http://streaming.gamamm.si/predvajalnik.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA4B0DC-E174-4062-9505-C678FFFD5439}: NameServer = 193.2.1.66,193.2.1.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1DF7230-AC5E-4556-8B7A-0ECEB104F026}: NameServer = 193.2.1.66,193.2.1.72
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-----------------
and Panda Log



Incident Status Location

Adware:adware/browseraid No disinfected C:\WINDOWS\SYSTEM32\inetp60.dll
Adware:adware/powersearch No disinfected C:\WINDOWS\SYSTEM32\stlb2.xml
Spyware:spyware/new.net No disinfected C:\WINDOWS\NDNuninstall4_85.exe
Spyware:spyware/adclicker No disinfected C:\WINDOWS\usta32.ini
Adware:adware/ilookup No disinfected C:\WINDOWS\iLookup
Adware:adware/mediatickets No disinfected Windows Registry
Adware:Adware/TopRebates No disinfected C:\WINDOWS\iNetPal\ezTSetup.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_85.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_22.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38.exe
Adware:Adware/BrowserAid No disinfected C:\WINDOWS\system32\inetp60.dll
Adware:Adware/InstaFinder No disinfected C:\WINDOWS\system32\InstaFinder_inst245.exe



------------

If it isn't too much, would you be so kind and tell me what I have and had on my PC and how I got it.

I'm aware of P2P threaths, so thats why I'm being very careful about what I download.

I also have Norton internet security running all the time and Norton Antivirus sceduled to perform the scan every week. But I assume you allready knew that :smile:

So what more can I do?


Thank you so much

Sara
 

·
Registered
Joined
·
3,100 Posts
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Download Hoster and run it. Choose the 'Restore Original Hosts' button and press OK.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\WINDOWS\SYSTEM32\inetp60.dll
C:\WINDOWS\SYSTEM32\stlb2.xml
C:\WINDOWS\NDNuninstall4_85.exe
C:\WINDOWS\usta32.ini
C:\WINDOWS\iLookup
C:\WINDOWS\iNetPal
C:\WINDOWS\NDNuninstall4_85.exe
C:\WINDOWS\NDNuninstall6_22.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\system32\inetp60.dll
C:\WINDOWS\system32\InstaFinder_inst245.exe

Reboot your system in Normal Mode.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

The main files that were infecting your PC were part of an adware package called BrowserAid. Depending on the variant this installs through “drive-by” Active X downloads or through emails claiming to be a Windows Update. The file causing the Adult Friend Finder popups was most likely kfcobyps.exe which is related to the Norio Trojanhttp://securityresponse.symantec.com/avcenter/venc/data/trojan.norio.html. I could not find any specific info about how this Trojan may have gotten onto your computer. Once we get your computer completely clean I will make some recommendations that should help prevent future infections.
 

·
Registered
Joined
·
3 Posts
Discussion Starter #6
Re

Hey!

My report:
Ran Hoster and did the restore
Then I deleted all the files - they were all there.

I noticed additional 6 files in windows/system32 /that seemd suspicious. You asked me to delete inetp60.dll. In the same directory there also:

- inetclp.clp
- inetclpc.dll
- inetmib1.dll
- inetpp.dll
- inetppui.dll
- inetres.dll

Should i delete them too or are they legitimate files?

Trend Micro found quite some stuff

--------------
Started Scanning
Internet Cookies
Found 'targetnet.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'statcounter.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Programs in Memory
Found 'DAP.exe' in 'C:\Program Files\DAP'
Windows Registry
Found '' in 'SOFTWARE\iMesh'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\SpeedBit\Download Accelerator\IEBar'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Uninstall\Download Accelerator Plus Beta'
Found '' in 'Software\SpeedBit\Download Accelerator'
Found '' in 'Software\SpeedBit\Download Accelerator\ADS'
Found '' in 'Software\SpeedBit\Download Accelerator\ADS\Default'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\Always'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\WhenFound'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\WhenNotFound'
Found '' in 'SOFTWARE\Classes\ed2k'
Found '' in 'SOFTWARE\Classes\ed2k\DefaultIcon'
Found '' in 'SOFTWARE\Classes\ed2k\shell\open\command'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}'
Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}\InProcServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}\ProgID'
Found '' in 'SOFTWARE\Classes\DAPIE.Catcher.1\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.Catcher\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE.1'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE.1\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE\CurVer'
Found '' in 'SOFTWARE\Classes\DAPNS.Protocol.1'
Found '' in 'SOFTWARE\Classes\DAPNS.Protocol.1\CLSID'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7892BA33-7984-43A5-A8F5-27ED0AFE6143}'
Found '' in 'SOFTWARE\Classes\Interface\{7892BA33-7984-43A5-A8F5-27ED0AFE6143}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7892BA33-7984-43A5-A8F5-27ED0AFE6143}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7892BA33-7984-43A5-A8F5-27ED0AFE6143}\TypeLib'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{79516451-3E3E-453A-8968-37942F7979F3}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{79516451-3E3E-453A-8968-37942F7979F3}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{79516451-3E3E-453A-8968-37942F7979F3}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{79516451-3E3E-453A-8968-37942F7979F3}\1.0\HELPDIR'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'Software\iMesh'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}'
Found '' in 'SOFTWARE\Classes\CLSID\{354382db-df55-4da9-85a3-41696a0f510f}'
Found '' in 'SOFTWARE\Classes\CLSID\{354382db-df55-4da9-85a3-41696a0f510f}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{354382db-df55-4da9-85a3-41696a0f510f}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{354382db-df55-4da9-85a3-41696a0f510f}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{354382db-df55-4da9-85a3-41696a0f510f}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}'
Found '' in 'SOFTWARE\Classes\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI'
Found '' in 'SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI.1'
Found '' in 'SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI.1\CLSID'
Found '' in 'SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI\CLSID'
Found '' in 'SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI\CurVer'
Found '' in 'SOFTWARE\Classes\Hotbar.HbTravelCompareBar'
Found '' in 'SOFTWARE\Classes\Hotbar.HbTravelCompareBar.1'
Found '' in 'SOFTWARE\Classes\Hotbar.HbTravelCompareBar.1\CLSID'
Found '' in 'SOFTWARE\Classes\Hotbar.HbTravelCompareBar\CLSID'
Found '' in 'SOFTWARE\Classes\Hotbar.HbTravelCompareBar\CurVer'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Download Accelerator'
Found '' in 'SOFTWARE\Classes\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\Instance'
Found '' in 'SOFTWARE\Classes\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\Instance\InitPropertyBag'
Found '' in 'SOFTWARE\Classes\Interface\{340D8791-0E2C-43CF-9671-7E90AAFBF0DA}'
Found '' in 'SOFTWARE\Classes\Interface\{340D8791-0E2C-43CF-9671-7E90AAFBF0DA}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{340D8791-0E2C-43CF-9671-7E90AAFBF0DA}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{340D8791-0E2C-43CF-9671-7E90AAFBF0DA}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}'
Found '' in 'SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{BC2025DC-136B-492F-AEFF-31D0BA8B98DA}'
Found '' in 'SOFTWARE\Classes\Interface\{BC2025DC-136B-492F-AEFF-31D0BA8B98DA}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{BC2025DC-136B-492F-AEFF-31D0BA8B98DA}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{BC2025DC-136B-492F-AEFF-31D0BA8B98DA}\TypeLib'
Found '' in 'SOFTWARE\Classes\AppID\{5CA2095F-E932-48BF-88E1-603094E9331F}'
Found '' in 'SOFTWARE\Classes\AppID\Wallpaper.DLL'
Found '' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}'
Found '' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\TypeLib\{AB357854-7A72-4FBE-9382-CC74B45A3ADD}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{AB357854-7A72-4FBE-9382-CC74B45A3ADD}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{AB357854-7A72-4FBE-9382-CC74B45A3ADD}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{AB357854-7A72-4FBE-9382-CC74B45A3ADD}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager.1'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager.1\CLSID'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager\CLSID'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager\CurVer'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\GAIN Publishing'
Found '' in 'SOFTWARE\Classes\AppID\{0507FDDE-F3B7-49F5-9E8F-C557E991F39B}'
Found '' in 'SOFTWARE\Classes\AppID\WeatherOnTray.EXE'
Found '' in 'SOFTWARE\Classes\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}'
Found '' in 'SOFTWARE\Classes\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}\TypeLib'
Found '' in 'SOFTWARE\Classes\TypeLib\{522985F4-BA43-45A0-9B20-AB5F82C0FF7E}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{522985F4-BA43-45A0-9B20-AB5F82C0FF7E}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{522985F4-BA43-45A0-9B20-AB5F82C0FF7E}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{522985F4-BA43-45A0-9B20-AB5F82C0FF7E}\1.0\HELPDIR'
Found 'AppID' in 'SOFTWARE\Classes\AppID\Wallpaper.DLL'
Found 'AppID' in 'SOFTWARE\Classes\AppID\WeatherOnTray.EXE'
Found '' in 'SOFTWARE\Classes\CLSID\{175652E8-8BCC-47C4-B591-0D630F469C19}'
Found '' in 'SOFTWARE\Classes\CLSID\{175652E8-8BCC-47C4-B591-0D630F469C19}\InprocServer32'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{175652E8-8BCC-47C4-B591-0D630F469C19}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{175652E8-8BCC-47C4-B591-0D630F469C19}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{175652E8-8BCC-47C4-B591-0D630F469C19}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{175652E8-8BCC-47C4-B591-0D630F469C19}\VersionIndependentProgID'
Found 'AppID' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\InprocServer32'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{354382db-df55-4da9-85a3-41696a0f510f}\InprocServer32'
Found 'AppID' in 'SOFTWARE\Classes\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\InprocServer32'
Found '' in 'SOFTWARE\Classes\Contact.Contacts'
Found '' in 'SOFTWARE\Classes\Contact.Contacts.1'
Found '' in 'SOFTWARE\Classes\Contact.Contacts.1\CLSID'
Found '' in 'SOFTWARE\Classes\Contact.Contacts\CLSID'
Found '' in 'SOFTWARE\Classes\Contact.Contacts\CurVer'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BA32D9E-F1BD-476C-AD42-97C9379A57A4}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BA32D9E-F1BD-476C-AD42-97C9379A57A4}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BA32D9E-F1BD-476C-AD42-97C9379A57A4}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BA32D9E-F1BD-476C-AD42-97C9379A57A4}\1.0\HELPDIR'
Found 'LastSearchHash' in 'Software\Kazaa'
Found 'ScanFolder' in 'Software\Kazaa\Advanced'
Found 'IgnoreAll' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\Search'
Found 'adult_filter_level' in 'Software\Kazaa\ResultsFilter'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'CacheDiscoveryTime' in 'Software\Kazaa\Transfer'
Found 'CacheHost' in 'Software\Kazaa\Transfer'
Found 'CachePort' in 'Software\Kazaa\Transfer'
Found 'CountryCode' in 'Software\Kazaa\UserDetails'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'DlDir0' in 'Software\Kazaa\Transfer'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'AutoConnected' in 'Software\Kazaa\UserDetails'
Found 'firewall_filter' in 'Software\Kazaa\ResultsFilter'
Found 'SkinsDir' in 'Software\Kazaa\Skins'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'UserName' in 'Software\Kazaa\UserDetails'
Found 'FirewallStatus' in 'SOFTWARE\Kazaa'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'my_ip_address' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'UDP_receive_status' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\saap'
Found '' in 'SOFTWARE\saap'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate'
Found '' in 'Software\Dynamic Toolbar'
Found '' in 'SOFTWARE\Classes\TypeLib\{AB357854-7A72-4FBE-9382-CC74B45A3ADD}\1.0\0'
Found '' in 'SOFTWARE\Classes\TypeLib\{AB357854-7A72-4FBE-9382-CC74B45A3ADD}'
Found '' in 'SOFTWARE\Classes\TypeLib\{522985F4-BA43-45A0-9B20-AB5F82C0FF7E}\1.0\0'
Found '' in 'SOFTWARE\Classes\TypeLib\{522985F4-BA43-45A0-9B20-AB5F82C0FF7E}'
Found '{B195B3B3-8A05-11D3-97A4-0004ACA6948E}' in 'Software\Microsoft\Internet Explorer\Toolbar\WebBrowser'
Found '' in 'SOFTWARE\MySearch\bar'
Found 'CacheDir' in 'SOFTWARE\MySearch\bar'
Found 'HistoryDir' in 'SOFTWARE\MySearch\bar'
Found 'Id' in 'SOFTWARE\MySearch\bar'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Internet URL Shortcuts
Files and Directories
Found 'np.tmp' in 'C:\Documents and Settings\Sara\Application Data\Kazaa Lite\db'
Found 'cabex.dll' in 'C:\Program Files\DAP'
Found 'DAP.exe' in 'C:\Program Files\DAP'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning

------------

and the second log

Started Scanning
Internet Cookies
Found 'statcounter.com' in 'Internet Explorer Cache'
Programs in Memory
Found 'DAP.exe' in 'C:\Program Files\DAP'
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\SpeedBit\Download Accelerator\IEBar'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Uninstall\Download Accelerator Plus Beta'
Found '' in 'Software\SpeedBit\Download Accelerator'
Found '' in 'Software\SpeedBit\Download Accelerator\ADS'
Found '' in 'Software\SpeedBit\Download Accelerator\ADS\Default'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\Always'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\WhenFound'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\WhenNotFound'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}'
Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}\InProcServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}\ProgID'
Found '' in 'SOFTWARE\Classes\DAPIE.Catcher.1\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.Catcher\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE.1'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE.1\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE\CurVer'
Found '' in 'SOFTWARE\Classes\DAPNS.Protocol.1'
Found '' in 'SOFTWARE\Classes\DAPNS.Protocol.1\CLSID'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7892BA33-7984-43A5-A8F5-27ED0AFE6143}'
Found '' in 'SOFTWARE\Classes\Interface\{7892BA33-7984-43A5-A8F5-27ED0AFE6143}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7892BA33-7984-43A5-A8F5-27ED0AFE6143}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7892BA33-7984-43A5-A8F5-27ED0AFE6143}\TypeLib'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{79516451-3E3E-453A-8968-37942F7979F3}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{79516451-3E3E-453A-8968-37942F7979F3}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{79516451-3E3E-453A-8968-37942F7979F3}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{79516451-3E3E-453A-8968-37942F7979F3}\1.0\HELPDIR'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'LastSearchHash' in 'Software\Kazaa'
Found 'ScanFolder' in 'Software\Kazaa\Advanced'
Found 'IgnoreAll' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\Search'
Found 'adult_filter_level' in 'Software\Kazaa\ResultsFilter'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'CacheDiscoveryTime' in 'Software\Kazaa\Transfer'
Found 'CacheHost' in 'Software\Kazaa\Transfer'
Found 'CachePort' in 'Software\Kazaa\Transfer'
Found 'CountryCode' in 'Software\Kazaa\UserDetails'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'DlDir0' in 'Software\Kazaa\Transfer'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'AutoConnected' in 'Software\Kazaa\UserDetails'
Found 'firewall_filter' in 'Software\Kazaa\ResultsFilter'
Found 'SkinsDir' in 'Software\Kazaa\Skins'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'UserName' in 'Software\Kazaa\UserDetails'
Found 'FirewallStatus' in 'SOFTWARE\Kazaa'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'my_ip_address' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'UDP_receive_status' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Internet URL Shortcuts
Files and Directories
Found 'np.tmp' in 'C:\Documents and Settings\Sara\Application Data\Kazaa Lite\db'
Found 'cabex.dll' in 'C:\Program Files\DAP'
Found 'DAP.exe' in 'C:\Program Files\DAP'
Finished Scanning

----------

I cleaned all the things except DAP and Kazaa, cause I was affraid it would stop working if I did that. Would it?

Is my PC clean now? And please, do recommend what I'm supposed to do in the future to avoid this kind of truble.

And one additional question: My roomate's Norton Antivirus has expired. Which free software do you recommend for her. Antivirus / antispyware that will protect her PC whenever she's on the net. We have cable internet here so it is quite dangerous to be without protection I guess

Thanks a lot

Sara
 

·
Registered
Joined
·
3,100 Posts
Those files you mentioned are all legitimate Windows files despite their similarity in name to the BrowserAid file I had you delete.
Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, I would ask that you please read through my suggestions for preventing future infections.

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.
To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check Turn off System Restore or Turn off System Restore on all drives. Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Reboot your system.

To turn on System Restore click Start > Right Click My Computer > Properties.Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition
AntiVirhttp://www.free-av.com

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:

Zone Alarm
Kerio
Sygate

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top