Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

ads345.com

(New)
(!)

Chelejohnson1's Avatar
Chelejohnson1 Chelejohnson1 is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Aug 2008
14-Aug-2008, 07:25 PM #1
ads345.com
I have a problem with internet explorer. no matter what website i try to go to it takes me to ads345.com.... I can't get anywhere on the internet... It will let me see my comcast home page but as soon as i try to go anywhere else it takes me back to ads345.com... I had someone tell me to reinstall internet explorer.. i installed internet explorer 7 and it did the same thing....


here is that log....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:06 PM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\documents and settings\michele johnson\local settings\temp\UhW.exe
C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\michele johnson\local settings\temp\L0PRcNU0j.exe
C:\windows\system32\jzuz.exe
C:\windows\system32\DsHQa7.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\jzuz.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\?hkdsk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\LifeDriveMgrTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\palmOne\PalmOneLiveConnect.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {0C3EBCE2-0E53-04FB-2C85-2287E8F4E9BE} - C:\WINDOWS\System32\llk.dll (file missing)
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Middadle\Clicks10017.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Sunkisk2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [xzyzjvp] C:\WINDOWS\System32\ozhpqga.exe
O4 - HKLM\..\Run: [UhW] C:\documents and settings\michele johnson\local settings\temp\UhW.exe
O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\UflSN7p.exe
O4 - HKLM\..\Run: [zgzqj] C:\WINDOWS\zgzqj.exe
O4 - HKLM\..\Run: [R4pKEFsI] C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
O4 - HKLM\..\Run: [NTCACHEF] C:\WINDOWS\System32\NTCACHEF.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [033S35h] wupcp.exe
O4 - HKLM\..\Run: [L0PRcNU0j] C:\documents and settings\michele johnson\local settings\temp\L0PRcNU0j.exe
O4 - HKLM\..\Run: [LsbotYoKd] C:\documents and settings\michele johnson\local settings\temp\LsbotYoKd.exe
O4 - HKLM\..\Run: [jzuz.exe] c:\windows\system32\jzuz.exe
O4 - HKLM\..\Run: [DsHQa7] C:\windows\system32\DsHQa7.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [H0s2RRN6V] wsh3dmod.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe"
O4 - HKCU\..\Run: [Eqg] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/280281d1...p/RdxIE601.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://files.stamps.com/download/us/...ile=stamps.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 13122 bytes


Please help
chelejohnson1
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,115 posts.
 
Join Date: Mar 2001
Location: Bradford, England
18-Aug-2008, 04:57 PM #2
Hiya and welcome to TSG

Are you still having this problem? If so, can we see a fresh Hijackthis log please

Regards

eddie
Chelejohnson1's Avatar
Chelejohnson1 Chelejohnson1 is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Aug 2008
18-Aug-2008, 05:59 PM #3
Here is the new on you requested.

Thanks
Michele

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:10 PM, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\documents and settings\michele johnson\local settings\temp\UhW.exe
C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\michele johnson\local settings\temp\L0PRcNU0j.exe
C:\windows\system32\DsHQa7.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\LifeDriveMgrTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\palmOne\PalmOneLiveConnect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {0C3EBCE2-0E53-04FB-2C85-2287E8F4E9BE} - C:\WINDOWS\System32\llk.dll (file missing)
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Michele Johnson\Local Settings\Temp\jXzBAG2e.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Sunkisk2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [xzyzjvp] C:\WINDOWS\System32\ozhpqga.exe
O4 - HKLM\..\Run: [UhW] C:\documents and settings\michele johnson\local settings\temp\UhW.exe
O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\UflSN7p.exe
O4 - HKLM\..\Run: [zgzqj] C:\WINDOWS\zgzqj.exe
O4 - HKLM\..\Run: [R4pKEFsI] C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
O4 - HKLM\..\Run: [NTCACHEF] C:\WINDOWS\System32\NTCACHEF.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [033S35h] wupcp.exe
O4 - HKLM\..\Run: [L0PRcNU0j] C:\documents and settings\michele johnson\local settings\temp\L0PRcNU0j.exe
O4 - HKLM\..\Run: [DsHQa7] C:\windows\system32\DsHQa7.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [H0s2RRN6V] wsh3dmod.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11797 bytes
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,115 posts.
 
Join Date: Mar 2001
Location: Bradford, England
19-Aug-2008, 01:42 PM #4
Please read this post completely. It may make it easier for you if you print, or copy and paste this post to a new text document for reference later.

This will likely be a few steps process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Then in your next reply, post the contents of the MBAM and SAS logs, and a fresh HijackThis log

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
Chelejohnson1's Avatar
Chelejohnson1 Chelejohnson1 is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Aug 2008
19-Aug-2008, 10:19 PM #5
Wink follow up
Both would not fit at the same time:/

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2
8:33:24 PM 8/19/2008
mbam-log-08-19-2008 (20-33-24).txt
Scan type: Quick Scan
Objects scanned: 57344
Time elapsed: 9 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 74
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 74
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{e8eaeb34-f7b5-4c55-87ff-720faf53d841} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e8eaeb34-f7b5-4c55-87ff-720faf53d841} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapenvelope.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapmessage.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asaprecipients.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{adb01e80-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea2-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea3-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spamblockerconfig.application.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{00a6faf0-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWe bSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.Out lookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.Outloo kAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearc h email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions\spam blocker for ms outlook (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michele Johnson\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\jXzBAG2e.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Cache\00010838 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00594D82.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00594E7C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00594F38.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0078B9A3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\05504DAB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0A4484D1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0A448619.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0A4486D5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0A448790.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0A44883C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0A4488E8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0A448994.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\10872910.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\10872A87.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\10872B42.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\10872BEE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\10872CAA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\10872D65.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\10872E11.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\10872EDC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\~ (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\Cache\00024C61 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\Cache\00024FEB (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Cache\1082FEE6.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00021C29.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0D0FF393.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0D106D08.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0D10C4CD.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\1080C6D8.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\1082FC94.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\108309D3.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\108A7126.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\2084B146.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\208634F8.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michele Johnson\Application Data\SpamBlocker\{F30FB4C7-F5E6-4A47-B5FD-725183D965FB}.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3pssavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\!update.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Chelejohnson1's Avatar
Chelejohnson1 Chelejohnson1 is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Aug 2008
19-Aug-2008, 10:20 PM #6
Wink follow up 2
And:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/19/2008 at 08:54 PM
Application Version : 4.15.1000
Core Rules Database Version : 3541
Trace Rules Database Version: 1530
Scan type : Quick Scan
Total Scan Time : 00:08:51
Memory items scanned : 458
Memory threats detected : 4
Registry items scanned : 443
Registry threats detected : 37
File items scanned : 6755
File threats detected : 122
Adware.WildMedia/WinFetcher
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\UHW.EXE
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\UHW.EXE
C:\WINDOWS\SYSTEM32\DSHQA7.EXE
C:\WINDOWS\SYSTEM32\DSHQA7.EXE
[UhW] C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\UHW.EXE
[DsHQa7] C:\WINDOWS\SYSTEM32\DSHQA7.EXE
C:\WINDOWS\Prefetch\DSHQA7.EXE-0162133E.pf
C:\WINDOWS\Prefetch\UHW.EXE-08C5B020.pf
Adware.WildMedia/Midaddle
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\L0PRCNU0J.EXE
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\L0PRCNU0J.EXE
[L0PRcNU0j] C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\L0PRCNU0J.EXE
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\0GTF7DL.DLL
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\8TPZ5T.DLL
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\I.DLL
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\JDS0TU.DLL
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\KBA.DLL
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\LSBOTYOKD.EXE
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\MFIWDQXR.DLL
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\Y8UFYTX.DLL
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\OJUQNG.DLL
C:\WINDOWS\Prefetch\L0PRCNU0J.EXE-0E44165C.pf
C:\WINDOWS\Prefetch\LSBOTYOKD.EXE-163712F1.pf
Adware.MyWebSearch
C:\AVENGER\MWSOEMON.EXE
C:\AVENGER\MWSOEMON.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\MYWEBSEARCH EMAIL PLUGIN.LNK
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\START MENU\PROGRAMS\STARTUP\MYWEBSEARCH EMAIL PLUGIN.LNK
www.mx-targeting
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000607D-D204-42C7-8E46-216055BF9918}
Adware.Lycos/SideSearch
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32
HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32#ThreadingModel
HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\ProgID
HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\Programmable
HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\TypeLib
HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\VersionIndependentProgID
C:\PROGRAM FILES\SEP\SEP.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
HKCR\Sep.Band.1
HKCR\Sep.Band.1\CLSID
HKCR\Sep.Band
HKCR\Sep.Band\CLSID
HKCR\Sep.Band\CurVer
HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}
HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0
HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0\0
HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0\0\win32
HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0\FLAGS
HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0\HELPDIR
ESyndicate BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC378B83-9577-44D0-B4F8-0DD965E176FC}
HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}
HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}
HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\InprocServer32
HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\InprocServer32#ThreadingModel
HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\ProgID
HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\Programmable
HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\TypeLib
HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\VersionIndependentProgID
C:\PROGRAM FILES\ESYNDICATE\ESYN.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@server.iad.liveperson[2].txt
C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@stat.dealtime[2].txt
C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@doubleclick[2].txt
C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@overture[1].txt
C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@revsci[1].txt
C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@ad.yieldmanager[2].txt
C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@mywebsearch[1].txt
C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@atdmt[2].txt
C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@zedo[1].txt
C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@ads.revsci[1].txt
C:\Documents and Settings\Billy Johnson\Cookies\billy johnson@gateway.122.2o7[1].txt
C:\Documents and Settings\Billy Johnson\Cookies\billy johnson@mywebsearch[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@apmebf[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@mywebsearch[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@data.coremetrics[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@mediaplex[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@smileycentral[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@z1.adserver[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@advertising[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@maxserving[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@valueclick[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@casalemedia[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@statcounter[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@ads.op-design[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@adknowledge[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@qksrv[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@atdmt[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@media.fastclick[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@gateway.122.2o7[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@e-2dj6wjk4aidpgao.stats.esomniture[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@xtracker[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@doubleclick[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@ads.ecrush[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@dist.belnk[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@zedo[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@fastclick[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@adopt.hbmediapro[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@questionmarket[1].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@realmedia[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@ad.yieldmanager[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@belnk[2].txt
C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@webpdp.gator[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@burstnet[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@2o7[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@trafficmp[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@www.ppctracking[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@casalemedia[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@www.burstnet[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@banner[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@adknowledge[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@a.websponsors[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@questionmarket[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@edge.ru4[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@ad.yieldmanager[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@roiservice[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@fastclick[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@doubleclick[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@atwola[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@apmebf[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@interclick[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@tracking[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@adecn[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@servedby.advertising[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@atdmt[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@addynamix[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@dist.belnk[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@www.burstbeacon[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@statcounter[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@zedo[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@adrevolver[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@centralmedia[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@ads.addynamix[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@ads.pointroll[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@advertising[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@belnk[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@c5.zedo[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@jamster[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@mywebsearch[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@pathfinder[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@server.iad.liveperson[1].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@targetnet[2].txt
C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@z1.adserver[1].txt
Adware.Apropos Media
C:\WINDOWS\system32\auto_update_uninstall.log
C:\DOCUMENTS AND SETTINGS\BILLY JOHNSON\LOCAL SETTINGS\TEMP\~APROPOS0\SYSAI.EXE
C:\DOCUMENTS AND SETTINGS\BILLY JOHNSON\LOCAL SETTINGS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE
Registry Cleaner Trial
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downlo aded Program Files\Install.dll [  ]
C:\Documents and Settings\Michele Johnson\Application Data\Registry Cleaner\RegClean.ini
C:\Documents and Settings\Michele Johnson\Application Data\Registry Cleaner
Adware.IEPlugin
C:\WINDOWS\lu.dat
Calling Home
C:\DOCUMENTS AND SETTINGS\DANIELE CARPENTER\LOCAL SETTINGS\TEMP\POLMX3.EXE
Adware.Lop
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\APPLICATION DATA\RPEN.EXE
Adware.180solutions/Search Assistant
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\DELC6.TMP
Adware.180solutions/ZangoSearch
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\DEL42.TMP
eSyndicate Adware Installer
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\ESYNDICATEINST.EXE
GLB32.TMP
C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\GLB29.TMP
Adware.ABetterInternet-Installer
C:\WINDOWS\SYSTEM32\BIQ.EXE
Adware.Spyware Labs
C:\WINDOWS\SYSTEM32\BO2801040128.DLL
Adware.Sandboxer (MemoryWatcher)
C:\WINDOWS\SYSTEM32\GNY384F9.EXE
Adware.ClickSpring
C:\WINDOWS\SYSTEM32\?HKDSK.EXE
Unknown Process (DBJYED.EXE)
C:\WINDOWS\SYSTEM32\JZUZ.EXE
C:\WINDOWS\Prefetch\JZUZ.EXE-0622A9FF.pf
Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WTSSVTR.EXE

If it is any sign, I am using my once infected computer to send this message. How does everything look?

Michele Johnson
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,115 posts.
 
Join Date: Mar 2001
Location: Bradford, England
20-Aug-2008, 03:10 AM #7
Can you post a fresh Hijack Log, as we may have more to remove
Chelejohnson1's Avatar
Chelejohnson1 Chelejohnson1 is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Aug 2008
21-Aug-2008, 12:12 AM #8
Here is the log. I am able to go online but it will not let me log in to most of the sites i have tried. My AOL email account is the main one. It tells me the service is not available to try later. But i use my cell phone and can access it. Other sites did the same thing. Myspace showed i was logged on but i could not go to my home page. There are several other sites also.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:07 PM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Avenger\MWSOEMON.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\LifeDriveMgrTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\palmOne\PalmOneLiveConnect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {0C3EBCE2-0E53-04FB-2C85-2287E8F4E9BE} - C:\WINDOWS\System32\llk.dll (file missing)
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Sunkisk2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [xzyzjvp] C:\WINDOWS\System32\ozhpqga.exe
O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\UflSN7p.exe
O4 - HKLM\..\Run: [zgzqj] C:\WINDOWS\zgzqj.exe
O4 - HKLM\..\Run: [R4pKEFsI] C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
O4 - HKLM\..\Run: [NTCACHEF] C:\WINDOWS\System32\NTCACHEF.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [033S35h] wupcp.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H0s2RRN6V] wsh3dmod.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Avenger\MWSOEMON.EXE
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Avenger\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10673 bytes


It's a little better but somethings still not right. I did upgrade to internet explorer 7 before you started helping me. That is what someone suggested. Did i make a mistake with that?

Thanks so much.
Michele Johnson
Chelejohnson1's Avatar
Chelejohnson1 Chelejohnson1 is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Aug 2008
21-Aug-2008, 12:33 AM #9
I feel stupid


I had changed the privacy level on internet explorer when i was working the other day. The password thing is sold. I feel stupid.

Michele Johnson

How does everything else look?
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,115 posts.
 
Join Date: Mar 2001
Location: Bradford, England
21-Aug-2008, 04:40 PM #10
Okay, you still have some bad infections. As you have lowered your settings for passwords, I would be careful for the following reason:

Quote:
One or more of the identified infections is a backdoor Trojan and a key logger.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file path below to the clipboard by highlighting it and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    C:\WINDOWS\winlogon.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Then

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.


Logs required : OTMoveit and Combofix
Chelejohnson1's Avatar
Chelejohnson1 Chelejohnson1 is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Aug 2008
21-Aug-2008, 08:02 PM #11
otmoveits log and combofix log
Here is the otmoveit2 response i got.

File/Folder C:\WINDOWS\winlogon.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08212008_182433


Here is the combofix log:
ComboFix 08-08-21.01 - Michele Johnson 2008-08-21 18:34:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.139 [GMT -5:00]
Running from: C:\Documents and Settings\Michele Johnson\My Documents\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Billy Johnson\Application Data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1042547.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066790.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1069004.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1181239.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1240198.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\133187.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1382031.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384083.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385513.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387335.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387639.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1400989.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1420235.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\145163.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1874026.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\208623.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2299547.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2473953.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2581501.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2622365.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2643193.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2871764.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2882090.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2882579.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\385434.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\499863.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\515176.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\518969.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\547426.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\698191.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\737654.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\78828.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\863277.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\3181.dat
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10789
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11213
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13634
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1369
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1491
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\150213
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15024
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15026
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15046
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15473
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18806
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19052
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\202699
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20517
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20970
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21017
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21170
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21189
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21218
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21889
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\237613
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23850
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\24996
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25540
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25810
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26336
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27414
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27505
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28049
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29135
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29419
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29512
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30237
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30802
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30908
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33069
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33384
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34115
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34120
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34140
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34174
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34176
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\352
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35285
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35941
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36079
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\387961
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39232
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39333
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\40245
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41668
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41952
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42194
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43128
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43979
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44228
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44293
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44769
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45837
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47013
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47914
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4834
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49512
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49609
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51293
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52177
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\53062
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54189
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54984
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\56907
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\57973
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58946
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58960
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58965
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59243
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61367
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6292
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\63264
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\63930
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64500
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64703
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65419
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65502
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6552
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6556
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6558
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6562
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6565
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\657920
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6635
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67226
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67500
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67564
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6873
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\703336
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70449
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70611
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72012
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72072
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72097
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72748
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72846
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73415
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73948
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\74303
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\75045
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7518
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7521
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\75743
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\76119
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\76125
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7652
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\77468
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78403
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78600
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78918
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78920
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79596
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80201
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80670
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81504
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82098
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82106
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82292
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83216
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83706
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83733
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\84753
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85449
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85645
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86258
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86632
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87726
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87733
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87752
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\8941
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\89658
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90163
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90371
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91224
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91589
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\92886
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93899
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93913
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94430
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95645
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95678
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95704
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95825
Chelejohnson1's Avatar
Chelejohnson1 Chelejohnson1 is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Aug 2008
21-Aug-2008, 08:04 PM #12
2nd part of combo fix log
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\9665
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\9667
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\96961
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\98248
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99163
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\3181.dat
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_fastutilities.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_fastutilities.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
C:\Documents and Settings\Billy Johnson\Local Settings\Temporary Internet Files\Tvm.log
C:\Documents and Settings\Michele Johnson\Local Settings\Temporary Internet Files\Tvm.log
C:\Redemption.ECF
C:\WINDOWS\system32\uninstall.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.
2008-08-21 16:56 . 2008-08-21 16:56 <DIR> d-------- C:\_OTMoveIt
2008-08-21 16:32 . 2008-08-21 16:32 <DIR> d-------- C:\WINDOWS\LastGood
2008-08-19 21:42 . 2008-08-19 23:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-19 20:51 . 2008-05-01 09:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-19 20:50 . 2008-04-11 13:50 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-19 20:40 . 2008-08-19 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-19 20:39 . 2008-08-19 20:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-19 20:39 . 2008-08-19 20:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-19 20:39 . 2008-08-19 20:39 <DIR> d-------- C:\Documents and Settings\Michele Johnson\Application Data\SUPERAntiSpyware.com
2008-08-19 20:21 . 2008-08-19 20:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 20:21 . 2008-08-19 20:21 <DIR> d-------- C:\Documents and Settings\Michele Johnson\Application Data\Malwarebytes
2008-08-19 20:21 . 2008-08-19 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-19 20:21 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-19 20:21 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-14 17:57 . 2008-08-14 17:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-13 17:18 . 2008-06-23 11:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-13 17:18 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-13 17:18 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-13 17:18 . 2008-06-23 11:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-13 17:18 . 2008-06-23 11:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-13 17:18 . 2008-06-23 11:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-13 17:18 . 2008-06-23 11:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-13 17:18 . 2008-06-23 11:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-13 17:18 . 2008-06-23 04:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-10 17:28 . 2008-08-10 17:58 <DIR> d-------- C:\Program Files\RegistryFix7
2008-07-28 00:58 . 2008-07-28 00:58 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-27 20:33 . 2008-06-13 08:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-27 20:33 . 2008-05-08 07:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-27 20:29 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-27 20:29 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-27 20:29 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-27 20:29 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 02:02 --------- d-----w C:\Program Files\SEP
2008-08-20 02:02 --------- d-----w C:\Program Files\eSyndicate
2008-07-27 21:31 --------- d-----w C:\Program Files\BigFix
2008-07-27 20:37 --------- d-----w C:\Program Files\Common Files\midaddle
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-16 03:20 --------- d-----w C:\Documents and Settings\Michele Johnson\Application Data\AdobeUM
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2005-02-12 20:27 28 ----a-w C:\Documents and Settings\Billy Johnson\Application Data\tvmcwrd.dll
2005-02-11 04:31 34 ----a-w C:\Documents and Settings\Michele Johnson\Application Data\tvmcwrd.dll
2006-03-31 22:03 475 --sh--w C:\WINDOWS\system32\jzuz.dll
2005-01-11 14:13 401,408 --sh--r C:\WINDOWS\system32\?hkdsk.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 15:00 200704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 13:30 70816]
"Sunkisk2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-01-17 19:53 135168]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 21:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-01-09 19:01 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 15:38 319488]
"SunKistEM"="C:\Program Files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 18:18 135168]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-07-29 13:27 180269]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-12 12:24 106557]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 05:28 172032]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 23:53 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-06 23:42 659456]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-20 23:17 155648]
"CHotkey"="zHotkey.exe" [2003-06-03 14:01 496640 C:\WINDOWS\zHotkey.exe]
C:\Documents and Settings\Michele Johnson\Start Menu\Programs\Startup\
LifeDriveT Manager.lnk - C:\Program Files\palmOne\LifeDriveMgrTray.exe [2005-04-21 17:05:06 86016]
MyWebSearch Email Plugin.lnk - C:\Avenger\MWSOEMON.EXE [2004-06-14 21:03:32 28672]
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2005-04-21 19:44:32 2355200]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-03-02 03:35:34 1742384]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 15:16:08 471040]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\digital imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
MyWebSearch Email Plugin.lnk - C:\Avenger\MWSOEMON.EXE [2004-06-14 21:03:32 28672]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-09-04 22:12:38 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\palmOne\\Hotsync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S3 faeda803-a173-4004-aa1d-85c3a0855a7e;faeda803-a173-4004-aa1d-85c3a0855a7e;D:\CDS300\cds300.dll []
S3 SunkFilt92;Alcor Micro Corp - 9362;C:\WINDOWS\System32\Drivers\sunkfilt92.sys []
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-08-21 C:\WINDOWS\Tasks\HP Usg Daily FY04.job
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-06 23:53]
2008-01-19 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [2003-12-04 18:22]
2004-06-09 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-18 20:17]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0C3EBCE2-0E53-04FB-2C85-2287E8F4E9BE} - C:\WINDOWS\System32\llk.dll
WebBrowser-{F3DF2532-A2CC-48D8-8643-A033AE4FC313} - (no file)
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-H0s2RRN6V - wsh3dmod.exe
HKLM-Run-xzyzjvp - C:\WINDOWS\System32\ozhpqga.exe
HKLM-Run-2N85L533MR#GJT - C:\WINDOWS\System32\UflSN7p.exe
HKLM-Run-zgzqj - C:\WINDOWS\zgzqj.exe
HKLM-Run-R4pKEFsI - C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
HKLM-Run-NTCACHEF - C:\WINDOWS\System32\NTCACHEF.exe
HKLM-Run-033S35h - wupcp.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.comcast.net
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.emachines.com/
O8 -: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O18 -: Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 18:41:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-21 18:47:00
ComboFix-quarantined-files.txt 2008-08-21 23:46:55
Pre-Run: 107,290,640,384 bytes free
Post-Run: 107,994,001,408 bytes free
488 --- E O F --- 2008-08-21 06:30:07
Chelejohnson1's Avatar
Chelejohnson1 Chelejohnson1 is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Aug 2008
21-Aug-2008, 08:05 PM #13
part 3 of 3 hijackthis log after combofix ran
new hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:36 PM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Avenger\MWSOEMON.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\palmOne\LifeDriveMgrTray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\palmOne\PalmOneLiveConnect.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\CF19974.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Sunkisk2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Avenger\MWSOEMON.EXE
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Avenger\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9449 bytes



Michele johnson
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,115 posts.
 
Join Date: Mar 2001
Location: Bradford, England
22-Aug-2008, 01:23 PM #14
That's looking a lot better, but still some stuff to remove still.

First of all, there is a file that I want checked out, as it helps us find new malware

Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: C:\WINDOWS\system32\jzuz.dll
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

Let me know when its been uploaded.

In the meantime, do this:

Re-open HiJackThis and choose do a system scan only. Check the boxes of all the entries listed below.

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070


Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove this entry from Add/Remove Programs in the Control Panel(if present):

MyWebSearch

Please delete this folder using Windows Explorer(if present):

C:\Program Files\MyWebSearch\

Reboot to Windows, and post a fresh Hijack Log
Chelejohnson1's Avatar
Chelejohnson1 Chelejohnson1 is offline
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Aug 2008
22-Aug-2008, 04:50 PM #15
upload malware
The file was sent.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑