Solved: Please Check My Hjt Log

cheapkelly · 19-Jun-2007, 08:18 PM #1

It's been while since I asked for help on this computer, but it's starting to give me problems again with warnings, freezing, etc. Can you see if anything is out of the ordinary?? Thanks!!
Logfile of HijackThis v1.99.1
Scan saved at 7:12:33 PM, on 6/19/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\All Users\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...nsumer&LC=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [{ZN}] C:\DOCUME~1\default\LOCALS~1\Temp\TICHD003.exe CHD003
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\vbivgwhf.dll",realset
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\default\Local Settings\Temp\TICHD003.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/poti_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.com/online2/pogo/d...h.1.0.0.80.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

MFDnNC · 19-Jun-2007, 08:54 PM #2

If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
====================
Download Superantispyware (SAS)

http://www.superantispyware.com/supe...freevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.

cheapkelly · 30-Jun-2007, 05:38 PM #3

i will be doing the superanti spyware next , then the hj log, but here is the first thing you asked for.

VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 4:20:15 PM 6/30/2007

Listing files found while scanning....

C:\windows\system32\mljhefd.dll
C:\WINDOWS\system32\mnnpo.bak1
C:\WINDOWS\system32\mnnpo.bak2
C:\WINDOWS\system32\mnnpo.ini
C:\WINDOWS\system32\opnnm.dll
C:\WINDOWS\system32\roiduaif.dll
C:\WINDOWS\system32\sffmmels.dll
C:\windows\system32\slemmffs.ini
C:\WINDOWS\system32\tuvsrrr.dll

Beginning removal...

Attempting to delete C:\windows\system32\mljhefd.dll
C:\windows\system32\mljhefd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mnnpo.bak1
C:\WINDOWS\system32\mnnpo.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mnnpo.bak2
C:\WINDOWS\system32\mnnpo.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mnnpo.ini
C:\WINDOWS\system32\mnnpo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnnm.dll
C:\WINDOWS\system32\opnnm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sffmmels.dll
C:\WINDOWS\system32\sffmmels.dll Has been deleted!

Attempting to delete C:\windows\system32\slemmffs.ini
C:\windows\system32\slemmffs.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvsrrr.dll
C:\WINDOWS\system32\tuvsrrr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

cheapkelly · 30-Jun-2007, 07:52 PM #4

Hereis mysuperantispyware log. I will post hjt log next:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/30/2007 at 06:32 PM

Application Version : 3.9.1008

Core Rules Database Version : 3263
Trace Rules Database Version: 1274

Scan type : Complete Scan
Total Scan Time : 01:40:10

Memory items scanned : 331
Memory threats detected : 0
Registry items scanned : 3952
Registry threats detected : 12
File items scanned : 56244
File threats detected : 398

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{ 8A61098D-612B-4EF2-943D-64E920684061}

Adware.Tracking Cookie
C:\Documents and Settings\default\Cookies\default@adlegend[2].txt
C:\Documents and Settings\default\Cookies\default@partypoker[2].txt
C:\Documents and Settings\default\Cookies\default@login.tracking101[2].txt
C:\Documents and Settings\default\Cookies\default@ad.abum[1].txt
C:\Documents and Settings\default\Cookies\default@mass.advertarium.com[1].txt
C:\Documents and Settings\default\Cookies\default@ex=1_[2].txt
C:\Documents and Settings\default\Cookies\default@ads.cartoonnetwork[1].txt
C:\Documents and Settings\default\Cookies\default@pt.crossmediaservices[1].txt
C:\Documents and Settings\default\Cookies\default@onlinerewardcenter[2].txt
C:\Documents and Settings\default\Cookies\default@66702201[1].txt
C:\Documents and Settings\default\Cookies\default@ads.freeonlinegames[1].txt
C:\Documents and Settings\default\Cookies\default@adultadworld[1].txt
C:\Documents and Settings\default\Cookies\default@amlocalhost.trymedia[1].txt
C:\Documents and Settings\default\Cookies\default@82544646[1].txt
C:\Documents and Settings\default\Cookies\default@sales.liveperson[1].txt
C:\Documents and Settings\default\Cookies\default@web-stat[1].txt
C:\Documents and Settings\default\Cookies\default@mediaplex[2].txt
C:\Documents and Settings\default\Cookies\default@ad[1].txt
C:\Documents and Settings\default\Cookies\default@ad.interclick[2].txt
C:\Documents and Settings\default\Cookies\default@www.clickmanage[2].txt
C:\Documents and Settings\default\Cookies\default@stats[1].txt
C:\Documents and Settings\default\Cookies\default@tacoda[2].txt
C:\Documents and Settings\default\Cookies\default@www.burstnet[1].txt
C:\Documents and Settings\default\Cookies\default@showit[2].txt
C:\Documents and Settings\default\Cookies\default@stat.dealtime[1].txt
C:\Documents and Settings\default\Cookies\default@ad.yieldmanager[1].txt
C:\Documents and Settings\default\Cookies\default@atlas.fixionmedia[1].txt
C:\Documents and Settings\default\Cookies\default@humornsex[2].txt
C:\Documents and Settings\default\Cookies\default@76226072[1].txt
C:\Documents and Settings\default\Cookies\default@taylorgifts.122.2o7[1].txt
C:\Documents and Settings\default\Cookies\default@live-porn[1].txt
C:\Documents and Settings\default\Cookies\default@ad1.clickhype[1].txt
C:\Documents and Settings\default\Cookies\default@ads.evtv1[2].txt
C:\Documents and Settings\default\Cookies\default@icc.intellisrv[2].txt
C:\Documents and Settings\default\Cookies\default@ehg-dig.hitbox[2].txt
C:\Documents and Settings\default\Cookies\default@clickshift[1].txt
C:\Documents and Settings\default\Cookies\default@nextag[1].txt
C:\Documents and Settings\default\Cookies\default@www.claxonmedia[1].txt
C:\Documents and Settings\default\Cookies\default@directtrack[1].txt
C:\Documents and Settings\default\Cookies\default@popunderadvertise[2].txt
C:\Documents and Settings\default\Cookies\default@toplist[1].txt
C:\Documents and Settings\default\Cookies\default@rotator.adjuggler[2].txt
C:\Documents and Settings\default\Cookies\default@cpvfeed[2].txt
C:\Documents and Settings\default\Cookies\default@qnsr[1].txt
C:\Documents and Settings\default\Cookies\default@indiads[1].txt
C:\Documents and Settings\default\Cookies\default@cgi-bin[6].txt
C:\Documents and Settings\default\Cookies\default@pornmaniak[1].txt
C:\Documents and Settings\default\Cookies\default@ads.addesktop[2].txt
C:\Documents and Settings\default\Cookies\default@adopt.euroclick[2].txt
C:\Documents and Settings\default\Cookies\default@questionmarket[1].txt
C:\Documents and Settings\default\Cookies\default@searchadnetwork[2].txt
C:\Documents and Settings\default\Cookies\default@www.burstbeacon[1].txt
C:\Documents and Settings\default\Cookies\default@interclick[1].txt
C:\Documents and Settings\default\Cookies\default@i.screensavers[2].txt
C:\Documents and Settings\default\Cookies\default@anad.tacoda[2].txt
C:\Documents and Settings\default\Cookies\default@besthomesex[1].txt
C:\Documents and Settings\default\Cookies\default@trafficmp[1].txt
C:\Documents and Settings\default\Cookies\default@audiomixer.oddcast[2].txt
C:\Documents and Settings\default\Cookies\default@adinterax[2].txt
C:\Documents and Settings\default\Cookies\default@ad.zanox[1].txt
C:\Documents and Settings\default\Cookies\default@cgi-bin[5].txt
C:\Documents and Settings\default\Cookies\default@cgi-bin[9].txt
C:\Documents and Settings\default\Cookies\default@server.lon.liveperson[2].txt
C:\Documents and Settings\default\Cookies\default@advertising[2].txt
C:\Documents and Settings\default\Cookies\default@superstats[2].txt
C:\Documents and Settings\default\Cookies\default@partygaming.122.2o7[1].txt
C:\Documents and Settings\default\Cookies\default@ex=0_[3].txt
C:\Documents and Settings\default\Cookies\default@www.winantispyware[1].txt
C:\Documents and Settings\default\Cookies\default@admarketplace[3].txt
C:\Documents and Settings\default\Cookies\default@stilemedia[1].txt
C:\Documents and Settings\default\Cookies\default@www.bigtitpornstars[2].txt
C:\Documents and Settings\default\Cookies\default@mtr.splash.sexsearch[2].txt
C:\Documents and Settings\default\Cookies\default@www.clickondetroit[1].txt
C:\Documents and Settings\default\Cookies\default@pornenmeer[1].txt
C:\Documents and Settings\default\Cookies\default@yourporntube[1].txt
C:\Documents and Settings\default\Cookies\default@drivecleaner[3].txt
C:\Documents and Settings\default\Cookies\default@ticketsnow[1].txt
C:\Documents and Settings\default\Cookies\default@banners.tribute[2].txt
C:\Documents and Settings\default\Cookies\default@cf-db01.clickfacts[1].txt
C:\Documents and Settings\default\Cookies\default@www.onetwoporn[1].txt
C:\Documents and Settings\default\Cookies\default@rapidresponse.directtrack[1].txt
C:\Documents and Settings\default\Cookies\default@e-2dj6whlogpc5shp.stats.esomniture[2].txt
C:\Documents and Settings\default\Cookies\default@1070548007[1].txt
C:\Documents and Settings\default\Cookies\default@yadro[1].txt
C:\Documents and Settings\default\Cookies\default@www.xxxmsncam[1].txt
C:\Documents and Settings\default\Cookies\default@adcentriconline[2].txt
C:\Documents and Settings\default\Cookies\default@h.starware[2].txt
C:\Documents and Settings\default\Cookies\default@server.cpmstar[2].txt
C:\Documents and Settings\default\Cookies\default@cgi-bin[8].txt
C:\Documents and Settings\default\Cookies\default@sbc[1].txt
C:\Documents and Settings\default\Cookies\default@www.xxxuploads[2].txt
C:\Documents and Settings\default\Cookies\default@www.pornenmeer[1].txt
C:\Documents and Settings\default\Cookies\default@st[2].txt
C:\Documents and Settings\default\Cookies\default@uclick[1].txt
C:\Documents and Settings\default\Cookies\default@xxxporn[1].txt
C:\Documents and Settings\default\Cookies\default@pornstar.dvdempire[1].txt
C:\Documents and Settings\default\Cookies\default@pch.122.2o7[1].txt
C:\Documents and Settings\default\Cookies\default@Sweetangelgets****ed[2].txt
C:\Documents and Settings\default\Cookies\default@gozing.directtrack[2].txt
C:\Documents and Settings\default\Cookies\default@audit.median[1].txt
C:\Documents and Settings\default\Cookies\default@trackstat[1].txt
C:\Documents and Settings\default\Cookies\default@xiti[1].txt
C:\Documents and Settings\default\Cookies\default@sexcess[1].txt
C:\Documents and Settings\default\Cookies\default@www.amateursex[2].txt
C:\Documents and Settings\default\Cookies\default@secure.agoramedia[1].txt
C:\Documents and Settings\default\Cookies\default@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\default\Cookies\default@adult.dvdempire[2].txt
C:\Documents and Settings\default\Cookies\default@kinxxx[2].txt
C:\Documents and Settings\default\Cookies\default@ecnext.advertserve[1].txt
C:\Documents and Settings\default\Cookies\default@www.pornminded[1].txt
C:\Documents and Settings\default\Cookies\default@ads.jokaroo[2].txt
C:\Documents and Settings\default\Cookies\default@s.clickability[2].txt
C:\Documents and Settings\default\Cookies\default@v7.stats.load[2].txt
C:\Documents and Settings\default\Cookies\default@dhdmedia[2].txt
C:\Documents and Settings\default\Cookies\default@e-2dj6wfkoqpcpefo.stats.esomniture[2].txt
C:\Documents and Settings\default\Cookies\default@1071417649[1].txt
C:\Documents and Settings\default\Cookies\default@cgi-bin[7].txt
C:\Documents and Settings\default\Cookies\default@sexlog[1].txt
C:\Documents and Settings\default\Cookies\default@hit.stat[1].txt
C:\Documents and Settings\default\Cookies\default@serving.rpowermedia[1].txt
C:\Documents and Settings\default\Cookies\default@nordictrack[1].txt
C:\Documents and Settings\default\Cookies\default@keywordmax[2].txt
C:\Documents and Settings\default\Cookies\default@cgi-bin[3].txt
C:\Documents and Settings\default\Cookies\default@tdstats[2].txt
C:\Documents and Settings\default\Cookies\default@mywebsearch[2].txt
C:\Documents and Settings\default\Cookies\default@2.go.globaladsales[2].txt
C:\Documents and Settings\default\Cookies\default@ad.greenmarquee[2].txt
C:\Documents and Settings\default\Cookies\default@www.ticketsnow[1].txt
C:\Documents and Settings\default\Cookies\default@freeporn.camelstyle[1].txt
C:\Documents and Settings\default\Cookies\default@winantispyware[2].txt
C:\Documents and Settings\default\Cookies\default@ads.swiftnews[2].txt
C:\Documents and Settings\default\Cookies\default@stats[2].txt
C:\Documents and Settings\default\Cookies\default@adultshack[2].txt
C:\Documents and Settings\default\Cookies\default@tgp.adultpulse[2].txt
C:\Documents and Settings\default\Cookies\default@megastats[2].txt
C:\Documents and Settings\default\Cookies\default@www.atxxx[2].txt
C:\Documents and Settings\default\Cookies\default@smileycentral[2].txt
C:\Documents and Settings\default\Cookies\default@get[1].txt
C:\Documents and Settings\default\Cookies\default@www.stilemedia[2].txt
C:\Documents and Settings\default\Cookies\default@www.babes2sexy[1].txt
C:\Documents and Settings\default\Cookies\default@atxxx[2].txt
C:\Documents and Settings\default\Cookies\default@free[1].txt
C:\Documents and Settings\default\Cookies\default@popularscreensavers[1].txt
C:\Documents and Settings\default\Cookies\default@worldlingomedia[1].txt
C:\Documents and Settings\default\Cookies\default@twelvefifteen[1].txt
C:\Documents and Settings\default\Cookies\default@pornstarbucks[2].txt
C:\Documents and Settings\default\Cookies\default@tracker.myspacemaps[2].txt
C:\Documents and Settings\default\Cookies\default@ads.as4x.tmcs[1].txt
C:\Documents and Settings\default\Cookies\default@htmlgear.tripod[1].txt
C:\Documents and Settings\default\Cookies\default@ats[1].txt
C:\Documents and Settings\default\Cookies\default@adv.surinter[1].txt
C:\Documents and Settings\default\Cookies\default@xxxuploads[1].txt
C:\Documents and Settings\default\Cookies\default@ads.adgrup[2].txt
C:\Documents and Settings\default\Cookies\default@go.winantispyware[1].txt
C:\Documents and Settings\default\Cookies\default@stats1.reliablestats[1].txt
C:\Documents and Settings\default\Cookies\default@pornoamateurs[1].txt
C:\Documents and Settings\default\Cookies\default@www.searchadnetwork[1].txt
C:\Documents and Settings\default\Cookies\default@revsci[2].txt
C:\Documents and Settings\default\Cookies\default@partner2profit[1].txt
C:\Documents and Settings\default\Cookies\default@kanoodle[2].txt
C:\Documents and Settings\default\Cookies\default@view-4440[1].txt
C:\Documents and Settings\default\Cookies\default@2.marketbanker[2].txt
C:\Documents and Settings\default\Cookies\default@adprofile[1].txt
C:\Documents and Settings\default\Cookies\default@ad.thewheelof[2].txt
C:\Documents and Settings\default\Cookies\default@www.drivecleaner[2].txt
C:\Documents and Settings\default\Cookies\default@sexmovies[2].txt
C:\Documents and Settings\default\Cookies\default@video.pornhost[1].txt
C:\Documents and Settings\default\Cookies\default@fixionmedia[1].txt
C:\Documents and Settings\default\Cookies\default@www.kinxxx[1].txt
C:\Documents and Settings\default\Cookies\default@ads.heias[1].txt
C:\Documents and Settings\default\Cookies\default@catalog[1].txt
C:\Documents and Settings\default\Cookies\default@sexy****games[1].txt
C:\Documents and Settings\default\Cookies\default@id3651[1].txt
C:\Documents and Settings\default\Cookies\default@try.starware[1].txt
C:\Documents and Settings\default\Cookies\default@track.vivid[1].txt
C:\Documents and Settings\default\Cookies\default@amateursex[2].txt
C:\Documents and Settings\default\Cookies\default@stats.drivecleaner[2].txt
C:\Documents and Settings\default\Cookies\default@anat.tacoda[1].txt
C:\Documents and Settings\default\Cookies\default@www.pornoamateurs[2].txt
C:\Documents and Settings\default\Cookies\default@www.sexythief[1].txt
C:\Documents and Settings\default\Cookies\default@msnportal.112.2o7[1].txt
C:\Documents and Settings\default\Cookies\default@soundtrackcollector[2].txt
C:\Documents and Settings\default\Cookies\default@www.ticketsnow2[1].txt
C:\Documents and Settings\default\Cookies\default@galleries.jonnidarkkoxxx[1].txt
C:\Documents and Settings\default\Cookies\default@roiservice[1].txt
C:\Documents and Settings\default\Cookies\default@www.dealtime[1].txt
C:\Documents and Settings\default\Cookies\default@revenuegateway.directtrack[2].txt
C:\Documents and Settings\default\Cookies\default@stats.webmineinc[1].txt
C:\Documents and Settings\default\Cookies\default@completecalvinhobbes.tripod[1].txt
C:\Documents and Settings\default\Cookies\default@atwola[1].txt
C:\Documents and Settings\default\Cookies\default@e-2dj6wfliamdjkfo.stats.esomniture[2].txt
C:\Documents and Settings\default\Cookies\default@dealtime[1].txt
C:\Documents and Settings\default\Cookies\default@exitexchange[1].txt
C:\Documents and Settings\default\Cookies\default@cnn.122.2o7[1].txt
C:\Documents and Settings\default\Cookies\default@toyboxxx[1].txt
C:\Documents and Settings\default\Cookies\default@dailynewmedia[1].txt
C:\Documents and Settings\default\Cookies\default@ex=0_[2].txt
C:\Documents and Settings\default\Cookies\default@www.winantiviruspro[2].txt
C:\Documents and Settings\default\Cookies\default@www.nordictrack[1].txt
C:\Documents and Settings\default\Cookies\default@dcsgoplte64xo24eg5ijloz0x_4d4t[1].txt
C:\Documents and Settings\default\Cookies\default@media303[2].txt
C:\Documents and Settings\default\Cookies\default@actortracker[1].txt
C:\Documents and Settings\default\Cookies\default@e-2dj6wjkyshcjsdo.stats.esomniture[2].txt
C:\Documents and Settings\default\Cookies\default@sexcuritycams[2].txt
C:\Documents and Settings\default\Cookies\default@dvdpornreviews[1].txt
C:\Documents and Settings\default\Cookies\default@freecodesource.advertserve[1].txt
C:\Documents and Settings\default\Cookies\default@jokes[2].txt
C:\Documents and Settings\default\Cookies\default@eliteherbals[2].txt
C:\Documents and Settings\default\Cookies\default@www.dirtypornzone[1].txt
C:\Documents and Settings\default\Cookies\default@blockbuster.112.2o7[1].txt
C:\Documents and Settings\default\Cookies\default@adultsallowed[1].txt
C:\Documents and Settings\default\Cookies\default@www.xxxxlist[1].txt
C:\Documents and Settings\default\Cookies\default@dcsi583rp10000oevcqz9y4us_6l6d[1].txt
C:\Documents and Settings\default\Cookies\default@optimost[1].txt
C:\Documents and Settings\default\Cookies\default@cbs.112.2o7[1].txt
C:\Documents and Settings\default\Cookies\default@count3.exitexchange[2].txt
C:\Documents and Settings\default\Cookies\default@bluestreak[1].txt
C:\Documents and Settings\default\Cookies\default@a[1].txt
C:\Documents and Settings\default\Cookies\default@a.websponsors[2].txt
C:\Documents and Settings\default\Cookies\default@adserving.cpxinteractive[2].txt
C:\Documents and Settings\default\Cookies\default@divavillage.advertserve[1].txt
C:\Documents and Settings\default\Cookies\default@ads.realtechnetwork[2].txt
C:\Documents and Settings\default\Cookies\default@ads.addynamix[1].txt
C:\Documents and Settings\default\Cookies\default@tremor.adbureau[2].txt
C:\Documents and Settings\default\Cookies\default@clickondetroit[1].txt
C:\Documents and Settings\default\Cookies\default@indextools[2].txt
C:\Documents and Settings\default\Cookies\default@ads.cluster01.oasis.zmh.zope[2].txt
C:\Documents and Settings\default\Cookies\default@videos[1].txt
C:\Documents and Settings\default\Cookies\default@www.disney-xxx[1].txt
C:\Documents and Settings\default\Cookies\default@adsrevenue[1].txt
C:\Documents and Settings\default\Cookies\default@hitbox[2].txt
C:\Documents and Settings\default\Cookies\default@cgi-bin[2].txt
C:\Documents and Settings\default\Cookies\default@winantivirus[1].txt
C:\Documents and Settings\default\Cookies\default@count4.exitexchange[2].txt
C:\Documents and Settings\default\Cookies\default@ads.pointroll[2].txt
C:\Documents and Settings\default\Cookies\default@galleries.drawn-sex[1].txt
C:\Documents and Settings\default\Cookies\default@go.winantivirus[2].txt
C:\Documents and Settings\default\Cookies\default@buycom.122.2o7[1].txt
C:\Documents and Settings\default\Cookies\default@webpower[1].txt
C:\Documents and Settings\default\Cookies\default@richmedia.yahoo[2].txt
C:\Documents and Settings\default\Cookies\default@ad.firstadsolution[2].txt
C:\Documents and Settings\default\Cookies\default@xxx[2].txt
C:\Documents and Settings\default\Cookies\default@www.clickxchange[2].txt
C:\Documents and Settings\default\Cookies\default@ehg-hollywoodmedia.hitbox[1].txt
C:\Documents and Settings\default\Cookies\default@sitestat.mayoclinic[1].txt
C:\Documents and Settings\default\Cookies\default@ads.cnn[1].txt
C:\Documents and Settings\default\Cookies\default@ads.adgoto[1].txt
C:\Documents and Settings\default\Cookies\default@image.masterstats[1].txt
C:\Documents and Settings\default\Cookies\default@dalenetwork.directtrack[2].txt
C:\Documents and Settings\default\Cookies\default@e-2dj6wfl4kocpgap.stats.esomniture[2].txt
C:\Documents and Settings\default\Cookies\default@cgi-bin[1].txt
C:\Documents and Settings\default\Cookies\default@perf.overture[1].txt
C:\Documents and Settings\default\Cookies\default@stats.manticoretechnology[2].txt
C:\Documents and Settings\default\Cookies\default@server.iad.liveperson[1].txt
C:\Documents and Settings\default\Cookies\default@toseeka[1].txt
C:\Documents and Settings\default\Cookies\default@drivecleaner[1].txt
C:\Documents and Settings\default\Cookies\default@porn-videos[1].txt
C:\Documents and Settings\default\Cookies\default@revsci[1].txt
C:\Documents and Settings\default\Local

Settings\Temp\Cookies\default@ad.yieldmanager[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ad.zanox[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ad1.clickhype[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@adecn[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@adinterax[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@adlegend[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@adopt.euroclick[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ads.adgrup[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@adultadworld[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@adultfriendfinder[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@amgirls.juicypornhost[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@anad.tacoda[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@blockbuster.112.2o7[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@burstnet[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@cbs.112.2o7[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@cdn.euroclick[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@clickondetroit[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@collegepornvideos[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@cpvfeed[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@drivecleaner[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@forums.sexyandfunny[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@icc.intellisrv[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@image.masterstats[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@interclick[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@mywebsearch[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@network.realmedia[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@nextag[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@partner2profit[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@pch.122.2o7[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@pornenmeer[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@pornotube[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@realsexcash[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@revsci[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@sales.liveperson[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@sexlog[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@sex[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@stats.drivecleaner[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@stats1.reliablestats[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@tacoda[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@toplist[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@winantispyware[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@winantivirus[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@www.amateursex[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@www.burstbeacon[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@www.burstnet[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@www.clickondetroit[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@www.collegepornvideos[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@www.drivecleaner[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@www.pornenmeer[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@www.pornoamateurs[1].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@www.ticketsnow[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@yadro[2].txt
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@youramateurporn[1].txt

cheapkelly · 30-Jun-2007, 07:54 PM #5

Here is the rest of it. I had to post it in 2 fields as it was too long to do it in one post:
Trojan.SpySheriff
HKU\S-1-5-21-1220945662-1957994488-1060284298-1000\Software\SpySheriff
C:\Program Files\SpySheriff\base.avd
C:\Program Files\SpySheriff\base001.avd
C:\Program Files\SpySheriff\base002.avd
C:\Program Files\SpySheriff\found.wav
C:\Program Files\SpySheriff\notfound.wav
C:\Program Files\SpySheriff\removed.wav
C:\Program Files\SpySheriff\SpySheriff.dvm
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\SpySheriff\Uninstall.exe
C:\Program Files\SpySheriff
C:\Documents and Settings\default\Start Menu\Programs\SpySheriff\SpySheriff.lnk
C:\Documents and Settings\default\Start Menu\Programs\SpySheriff
C:\Documents and Settings\default\Desktop\SpySheriff.lnk

Trojan.PestTrap
HKU\S-1-5-21-1220945662-1957994488-1060284298-1000\Software\SNO2

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publishe r
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayN ame
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Uninstal lString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallL ocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayV ersion

Trojan.Downloader-UPNP/Fake
C:\2D0.TMP

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWA7P_0001_N91M0809NETINSTALLER.EXE

Trojan.Downloader-Gen/HitItQuitIt
C:\WINDOWS\SYSTEM32\TUVSRRR.DLL

Trace.Known Threat Sources
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\top1_menu[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\top1[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\logo[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\ico1[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\top_pic2[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\CA0TI74P.gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\minus[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\ratings[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\menu_bg[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\index[1].php
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\ico2[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\bg_testi_right[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\small1[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\new_article[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\img_14[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\comp_naw[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\box[1].jpg
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\checksoft[1].js
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\button2[2].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\bg_testi_topleft[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\pic2[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\CAT46LTJ.gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\pic1[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\small2[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\spacer[3].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\plus[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\topbox_bg[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\img_03[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\bg_rate_left[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\four_plus_one[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\wav_banner[1].swf
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\tb_01[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\img_02[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\bg_rate_right[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\box_sm[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\download[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\bt_bgT[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\CAPCSV1H.js
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\bg_testi_topright[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\box_sm1[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\header_bg[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\no[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\small3[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\tb_03[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\img_11[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\win2[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\bg_testi_subleft[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\na_li_item[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\dot[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\img_37[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\favicon[5].ico
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\check[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\body_bg[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\bg[2].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\boton1[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\box_sm2[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\top_threats[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\star_full[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\pic3[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\win1[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\star_empty[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\h4_bg[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\WRMBOP8F\bg_testi_bottomleft[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\box2[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\exellent[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\bottom_threats[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHU32L4H\boxh_bg[1].gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\O1KRY5UD\CACDUZC5.gif
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OPQXSN8L\CA102LTF.js
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\6FEHA9SR\index[1].php

cheapkelly · 30-Jun-2007, 07:55 PM #6

Here is the hjt log:
Logfile of HijackThis v1.99.1
Scan saved at 6:52:42 PM, on 6/30/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\All Users\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...nsumer&LC=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7F24611A-5F2E-4DFD-AAB7-4103023707C7} - C:\WINDOWS\system32\opnnm.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [{ZN}] C:\DOCUME~1\default\LOCALS~1\Temp\TICHD003.exe CHD003
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\default\Local Settings\Temp\TICHD003.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/poti_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1182295637148
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.com/online2/pogo/d...h.1.0.0.80.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

MFDnNC · 30-Jun-2007, 08:33 PM #7

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {7F24611A-5F2E-4DFD-AAB7-4103023707C7} - C:\WINDOWS\system32\opnnm.dll (file missing)

O4 - HKLM\..\Run: [{ZN}] C:\DOCUME~1\default\LOCALS~1\Temp\TICHD003.exe CHD003

O4 - Startup: TA_Start.lnk = C:\Documents and Settings\default\Local Settings\Temp\TICHD003.exe

O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx

DownLoad Killbox from one of these links

http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Documents and Settings\default\Local Settings\Temp\TICHD003.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system

cheapkelly · 01-Jul-2007, 05:22 PM #8

Here is the hjt log again. I downloaded killbox, but noticed it was zipped or unzipped or something. When I double click on it, it says open with and gives lots of choices. Now, I can follow directions pretty good, but i'm dumb when it comes to stuff like this. Where do I download an unzipper, or should I have one already on my computer?
Logfile of HijackThis v1.99.1
Scan saved at 4:18:15 PM, on 7/1/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\All Users\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...nsumer&LC=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/poti_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1182295637148
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.com/online2/pogo/d...h.1.0.0.80.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

MFDnNC · 01-Jul-2007, 05:29 PM #9

Use Windows explorer to delete that file

Log looks good - how are things??

cheapkelly · 01-Jul-2007, 08:36 PM **#10**

good lots quicker. That first one I downloaded got rid of lots. That spywareplus or whatever it's called. It got rid of tons of adaware, cookies sypware, but also lots of trojans. I also downloaded that program on my laptop and ran it, but it only got rid of and found adaware /malware or whatever you call it, no trojans, so I guess it's ok then. Thanks , and I guess I can mark this solved until it gets all junked up again. LOL That program I have never really heard of. I have only used adaware, and run that about 2 or 3 times a week. Anything else you suggest to keep it clean??"

MFDnNC · 02-Jul-2007, 04:07 PM **#11**

SAS is excellent

Clean

If you feel its is fixed mark it solved via Thread Tools above

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

This clears infected restore points and sets a new, clean one.

cheapkelly · 01-Aug-2007, 04:34 PM **#12**

Good thing i didn't check fixed on this log. I also will be including my log. WHat i have now is a popup box that says file or directory c is corrupt and unreadable, please run chkdsk untility. Then on the botton it says ybrowser.exe-corrupt file or yahoom~1.exe-corrupt file. Here is my log.
Logfile of HijackThis v1.99.1
Scan saved at 3:29:00 PM, on 8/1/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\All Users\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...nsumer&LC=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/poti_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1182295637148
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.com/online2/pogo/d...h.1.0.0.80.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

THANK YOU!!!!!!!!!!!!!!!!!!!!!

cheapkelly · 03-Aug-2007, 05:49 PM **#13**

Please Help Me!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Tag Cloud
access acer asus bios bsod computer crash dns drive driver drivers error ethernet excel freeze games gaming graphics hard drive hardware hdmi internet java laptop malware memory monitor motherboard network printer problem ram random registry router slow software sound trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!