1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Invalid syntax error

Discussion in 'Virus & Other Malware Removal' started by Blwnblue, Sep 13, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Blwnblue

    Blwnblue Thread Starter

    Joined:
    Sep 8, 2006
    Messages:
    22
    From this website is bombarding my computer..please assist....maybe I'm trying to jump the gun but I included the logs for both HJT and SFF


    Logfile of HijackThis v1.99.1
    Scan saved at 10:51:06 AM, on 9/13/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\RunServices: [] p2pnetworking.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\jtjq0715e.dll (file missing)
    O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\MPOEACCT.DLL
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe





    SmitFraudFix v2.87

    Scan done at 10:53:46.82, Wed 09/13/2006
    Run from C:\Program Files\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Joe Casas Jr\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOECAS~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    http://www.atribune.org/ccount/click.php?id=7 to download Look2Me-Destroyer.exe and save it to your desktop.
    · Close all windows before continuing.
    · Double-click Look2Me-Destroyer.exe to run it.
    · click the Scan for L2M button, your desktop icons will disappear, this is normal.
    · Once it's done scanning, click the Remove L2M button.
    · You will receive a Done Scanning message, click OK.
    · When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    · Your computer will then shutdown.
    · Turn your computer back on.
    · Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
    If Look2Me-Destroyer does not reopen automatically, reboot and try again.

    If you receive a message from your firewall about this program accessing the internet please allow it.

    If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
    =====================

    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · Run the application
    · Clickon scanner
    · then select the "Settings" tab.
    · Once in the Settings screen click on "Recommended actions" and then select "Delete".
    · Select "Automatically generate report after every scan"
    · Un-Select "Only if threats were found"
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Apply all actions
    · look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    RE-Boot
    Post that log and a new HiJack log
     
  3. Blwnblue

    Blwnblue Thread Starter

    Joined:
    Sep 8, 2006
    Messages:
    22
    downloaded look2me but it's action buttons are grey'd out...they are not selectable to run the application
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download L2mfix from one of these two locations:

    http://www.atribune.org/downloads/l2mfix.exe
    http://www.downloads.subratam.org/l2mfix.exe

    Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

    * Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exe
    C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:

    1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.
    2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there to fix it manually.
    Do not run the fix portion without fixing the error first.
    After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.
     
  5. Blwnblue

    Blwnblue Thread Starter

    Joined:
    Sep 8, 2006
    Messages:
    22
    Ok so I downloaded the above l2mfix and did as you instructed got BOTH errors that you named...so then I proceeded to click #5 and got another error "Windows cannot find 'http://tech-forums.net/computer/topic/29806.html'.Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click Search. no matter which of the above two ways I go, I'm guessing that thread no longer exists...
     
  6. Blwnblue

    Blwnblue Thread Starter

    Joined:
    Sep 8, 2006
    Messages:
    22
    I was able to run ewido and this is what it came back w/.

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 9:24:17 PM 9/14/2006

    + Scan result:



    C:\WINDOWS\Sm9lIENhc2FzIEpy\asappsrv.dll -> Adware.CommAd : Cleaned.
    C:\WINDOWS\Sm9lIENhc2FzIEpy\command.exe -> Adware.CommAd : Cleaned.
    HKLM\SOFTWARE\DelFin -> Adware.Delfin : Cleaned.
    HKLM\SOFTWARE\DelFin\PromulGate -> Adware.Delfin : Cleaned.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Adware.Delfin : Cleaned.
    HKU\S-1-5-21-1076701036-1763861373-763332537-1006\Software\DelFin -> Adware.Delfin : Cleaned.
    HKU\S-1-5-21-1076701036-1763861373-763332537-1006\Software\DelFin\PromulGate -> Adware.Delfin : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc137.exe -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP116\A0002378.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP116\A0002379.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP118\A0002395.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP118\A0002396.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP118\A0002405.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP118\A0002406.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP118\A0002411.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP118\A0002412.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP118\A0002418.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP118\A0002422.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP118\A0002425.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP118\A0002429.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP123\A0002508.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP123\A0002513.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP124\A0002541.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP124\A0002543.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP134\A0003543.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP141\A0003614.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP141\A0003629.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP144\A0003670.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP144\A0003671.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP149\A0003779.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP149\A0003784.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0003807.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP152\A0003826.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP152\A0003827.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP158\A0003840.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP158\A0003890.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP158\A0003891.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP158\A0003898.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP159\A0003930.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP159\A0003934.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP170\A0004026.DLL -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP170\A0004039.dll -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\BEMDMMOH.dll -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\DISENH.DLL -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\DMAUTH.DLL -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\DVSENH.DLL -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\SXTUPAPI.DLL -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\WWHEXT.DLL -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\__delete_on_reboot__g_u_a_r_d_._t_m_p_ -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\dl3j.dll -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\e602lgdo160c.dll -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\en4ul1h91.dll -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\en6ml1j11.dll -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\g6400ghme64a0.dll -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\m482lelo1hqc.dll -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\mpvcp71.dll -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\SYSTEM32\wjvdmod.dll -> Adware.Look2Me : Cleaned.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer -> Adware.Look2Me : Cleaned.
    [192] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Error during cleaning.
    [244] C:\WINDOWS\system32\svell32.dll -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\HLInstaller3.exe -> Adware.MDH : Cleaned.
    C:\WINDOWS\SYSTEM32\HyperLinker3.exe -> Adware.MDH : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> Adware.NewDotNet : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc138.EXE -> Adware.NewDotNet : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP158\A0003922.exe -> Adware.NewDotNet : Cleaned.
    C:\WINDOWS\NDNuninstall4_94.exe -> Adware.NewDotNet : Cleaned.
    C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc74\SearchRelevant.dll -> Adware.Relevance : Cleaned.
    HKU\S-1-5-21-1076701036-1763861373-763332537-1006\Software\DNS -> Adware.Shorty : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\20050714215723.zip/WINDOWS/system32/PreUninstall.exe -> Adware.Suggestor : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\20050714215723.zip/WINDOWS/system32/lmf32v.dll -> Adware.Suggestor : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\temp.fr5052\Ssk.exe -> Adware.Surfside : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\temp.frCC12\Ssk.exe -> Adware.SurfSide : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\temp.frCC12\SskCore.dll -> Adware.Surfside : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc112\Ssk.exe -> Adware.Surfside : Cleaned.
    C:\Program Files\Common Files\mmqw\mmqwd\mmqwc.dll -> Adware.TargetServer : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc40.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc40.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc40.exe/empty_00000001 -> Adware.Ucmore : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc60.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc60.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc60.exe/empty_00000001 -> Adware.Ucmore : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq671.tmp -> Adware.ZenoSearch : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc43.exe -> Adware.ZenoSearch : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc54.exe -> Adware.ZenoSearch : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP158\A0003923.exe -> Adware.ZenoSearch : Cleaned.
    C:\WINDOWS\SYSTEM32\fsysediz.exe -> Adware.ZenoSearch : Cleaned.
    C:\WINDOWS\SYSTEM32\mwinsrag.exe -> Adware.ZenoSearch : Cleaned.
    C:\WINDOWS\SYSTEM32\mwinsrez.exe -> Adware.ZenoSearch : Cleaned.
    C:\WINDOWS\SYSTEM32\qrdsregs.exe -> Adware.ZenoSearch : Cleaned.
    C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Cleaned.
    C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc33.exe -> Downloader.Adload.u : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC2A.tmp -> Downloader.IstBar.dv : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc30.exe -> Downloader.IstBar.er : Cleaned.
    C:\WINDOWS\mgrsts.exe -> Downloader.IstBar.er : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\temp.fr229E\istbarcm.dll -> Downloader.IstBar.ik : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc64.exe -> Downloader.Small : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc36.exe -> Downloader.Small.buy : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc56.exe -> Downloader.Small.buy : Cleaned.
    C:\Program Files\Common Files\mmqw\mmqwp.exe -> Downloader.TSUpdate.f : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc38.exe -> Downloader.TSUpdate.o : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc59.exe -> Downloader.TSUpdate.o : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc34.exe -> Downloader.VB.xu : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc62.exe -> Downloader.VB.xv : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc65.exe -> Downloader.VB.ys : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc31.exe -> Dropper.Small.sc : Cleaned.
    C:\WINDOWS\SYSTEM32\t0ccy3.exe -> Dropper.Small.sc : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc63.exe -> Hijacker.VB.li : Cleaned.
    C:\RECYCLER\S-1-5-21-1076701036-1763861373-763332537-1006\Dc127.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> TrackingCookie.2o7 : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6306.tmp -> TrackingCookie.2o7 : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> TrackingCookie.Adserver : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Advertising : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Advertising : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6307.tmp -> TrackingCookie.Advertising : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> TrackingCookie.Advertising : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> TrackingCookie.Atdmt : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6EF.tmp -> TrackingCookie.Atdmt : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrackingCookie.Bluestreak : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6308.tmp -> TrackingCookie.Bluestreak : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Bridgetrack : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq673.tmp -> TrackingCookie.Bridgetrack : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.Burstnet : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq630A.tmp -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> TrackingCookie.Casalemedia : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq672.tmp -> TrackingCookie.Casalemedia : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> TrackingCookie.Centrport : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq630B.tmp -> TrackingCookie.Centrport : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1503.tmp -> TrackingCookie.Clickzs : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp -> TrackingCookie.Com : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Com : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Coremetrics : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Doubleclick : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Epilot : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq630C.tmp -> TrackingCookie.Falkag : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6EE.tmp -> TrackingCookie.Falkag : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp -> TrackingCookie.Falkag : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Fastclick : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq630D.tmp -> TrackingCookie.Fastclick : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> TrackingCookie.Findwhat : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Goclick : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Hypertracker : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq674.tmp -> TrackingCookie.Hypertracker : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7D.tmp -> TrackingCookie.Linksynergy : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Mediaplex : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Paypopup : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Paypopup : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> TrackingCookie.Questionmarket : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Questionmarket : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp -> TrackingCookie.Realtracker : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F1.tmp -> TrackingCookie.Revenue : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrackingCookie.Ru4 : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> TrackingCookie.Ru4 : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp -> TrackingCookie.Serving-sys : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrackingCookie.Serving-sys : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6309.tmp -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Specificpop : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> TrackingCookie.Tacoda : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq630F.tmp -> TrackingCookie.Targetnet : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F2.tmp -> TrackingCookie.Targetnet : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq675.tmp -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Trafficmp : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6310.tmp -> TrackingCookie.Trafficmp : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp -> TrackingCookie.Tribalfusion : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> TrackingCookie.Valueclick : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6311.tmp -> TrackingCookie.Valueclick : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6312.tmp -> TrackingCookie.Webtrendslive : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\Cookies\joe casas [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp -> TrackingCookie.Yieldmanager : Cleaned.
    C:\WINDOWS\Temp\Cookies\joe casas [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6313.tmp -> TrackingCookie.Zedo : Cleaned.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Joe Casas Jr\Local Settings\Temp\NI.UWA6P_0001_N69M0303\setup.exe -> Trojan.Fakealert : Cleaned.


    ::Report end
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  8. Blwnblue

    Blwnblue Thread Starter

    Joined:
    Sep 8, 2006
    Messages:
    22
    Logfile of HijackThis v1.99.1
    Scan saved at 6:20:37 AM, on 9/16/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunServices: [] p2pnetworking.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You didn't post the log from Combo


    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O4 - HKLM\..\RunServices: [] p2pnetworking.exe

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\System32\p2pnetworking.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/500805

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice