TheTechGuide Forum
General Category => Tech Clinic => Topic started by: dlo8 on January 07, 2005, 06:05:04 PM
-
i have tried to scan with spybot and adaware.. everytime something come up on the programs then i would clean it, and then it would be fine
if i reboot.. then when i scan again.. the same spyware stuff pop up, so i have to clean it again..
i need help to remove these spyware on my computer permanently.. even after i reboot after scan
can someone help me please?
Logfile of HijackThis v1.99.0
Scan saved at 3:43:02 PM, on 1/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Desktop Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MyPointsPointAlert0] "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = %SystemRoot%\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clie...nts/y/st2_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/st2_x.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab\")
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab (http://\"http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab\")
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab\")
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe (file missing)
-
Can you do me a favor and the next time you reboot
Don't fix anything
Do another scan with Hijackthis and post a fresh log
I need to see completely what's infecting you
-
sure.. here you go.. please help
Logfile of HijackThis v1.99.0
Scan saved at 11:29:02 PM, on 1/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Desktop Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\HJT\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = %SystemRoot%\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clie...nts/y/st2_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/st2_x.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab\")
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab (http://\"http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab\")
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab\")
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe (file missing)
-
There's just a little cleanup to do in your log, but first can you let me know
the same spyware stuff pop up
What things are found by spybot
Can you let me know what that is, and is your version of Spybot right up to date
Can you search for updates--Download all updates--There were just recent ones and run another scan, thanks
After the scan is complete in the Results Pane
Right click in the box and save a Report
Save it to your desktop
Copy and paste the Results back here, thanks
-
i got spybot 1.3.1 tx the newest one
and i updated, and then i scan...
39 problem.. fixed them all
heres spybot log
--- Search result list ---
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)
BFast: Tracking cookie (Firefox: default) (Cookie, nothing done)
BFast: Tracking cookie (Firefox: default) (Cookie, nothing done)
BFast: Tracking cookie (Firefox: default) (Cookie, nothing done)
DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
Gator: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)
LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
ValueClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
ValueClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)
CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.3 .1TX (build: 20040801) ---
2004-05-12 blindman.exe (1.0.0.0)
2004-08-30 SpybotSD.exe (1.3.0.12)
2004-05-12 TeaTimer.exe (1.3.0.12)
2004-06-15 unins000.exe (51.15.0.0)
2004-05-12 Update.exe (1.3.0.0)
2004-10-04 advcheck.dll (1.0.1.0)
2004-05-12 borlndmm.dll (7.0.4.453)
2004-05-12 delphimm.dll (7.0.4.453)
2004-05-12 SDHelper.dll (1.3.0.12)
2004-05-12 Tools.dll (2.0.0.0)
2004-05-12 UnzDll.dll (1.73.1.1)
2004-05-12 ZipDll.dll (1.73.2.0)
2004-11-29 Includes\Cookies.sbi
2005-01-04 Includes\Dialer.sbi
2005-01-04 Includes\Hijackers.sbi
2004-12-29 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2005-01-04 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2005-01-05 Includes\Spybots.sbi
2004-11-29 Includes\Tracks.uti
2005-01-04 Includes\Trojans.sbi
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
--- Startup entries list ---
Located: HK_LM:Run, DiskeeperSystray
command: "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
file: C:\Program Files\Executive Software\Diskeeper\DkIcon.exe
size: 180312
MD5: 3d85b07308c7b968419273ef6b1dfc35
Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f
Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
file: C:\Program Files\Messenger Plus! 3\MsgPlus.exe
size: 169096
MD5: c39294d45e86155690266d05b2da6d77
Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
file: C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915a106a2fb87292cef0ad4f36adf313
Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\VPTray.exe
file: C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 124128
MD5: 5972a3384ebceaeb99f4216e77ebed59
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, MessengerPlus3
command: "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
file: C:\Program Files\Messenger Plus! 3\MsgPlus.exe
size: 169096
MD5: c39294d45e86155690266d05b2da6d77
Located: HK_CU:Run, SIDEBAR
command: "C:\Program Files\Desktop Sidebar\sidebar.exe"
file: C:\Program Files\Desktop Sidebar\sidebar.exe
size: 663552
MD5: 6daa0a08dc6e329188e03b490293e951
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1038336
MD5: 58f7e6434d285f4c98ad3621e0bd8c8d
Located: HK_CU:Run, STYLEXP
command: C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe
file: C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe
size: 25214
MD5: 850e31369379d2f915fe177d5e177f68
Located: Startup (user), AntiCrash.lnk
command: C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
file: C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
size: 2301798
MD5: d650e0bb24c1c4d796fd2e88e8fdfeff
Located: Startup (user), Hare.lnk
command: C:\Program Files\Dachshund Software\Hare\Hare.exe
file: C:\Program Files\Dachshund Software\Hare\Hare.exe
size: 1874381
MD5: a4df641cda8a91a844b1f069ca2daf4c
Located: WinLogon, crypt32chain
command: crypt32.dll
Located: WinLogon, cryptnet
command: cryptnet.dll
Located: WinLogon, cscdll
command: cscdll.dll
Located: WinLogon, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 83176
MD5: 55dc54c87fa324a4cd32b3b407307671
Located: WinLogon, ScCertProp
command: wlnotify.dll
Located: WinLogon, Schedule
command: wlnotify.dll
Located: WinLogon, sclgntfy
command: sclgntfy.dll
Located: WinLogon, SensLogn
command: WlNotify.dll
Located: WinLogon, termsrv
command: wlnotify.dll
Located: WinLogon, wlballoon
command: wlnotify.dll
--- Browser helper object list ---
{A5366673-E8CA-11D3-9CD9-0090271D075B} (IeCatch2 Class)
BHO name:
CLSID name: IeCatch2 Class
description: FlashGet
classification: Open for discussion
known filename: Jccatch.dll
info link: http://www.amazesoft.com/ (http://\"http://www.amazesoft.com/\")
info source: TonyKlein
Path: C:\PROGRA~1\FlashGet\
Long name: Jccatch.dll
Short name:
Date (created): 4/28/2004 12:55:44 PM
Date (last access): 1/8/2005 1:03:12 AM
Date (last write): 1/16/2002 6:12:18 PM
Filesize: 65536
Attributes:
MD5: F2FAFE3CB6412C89F43D88CCEBE308F3
CRC32: B1AEC78B
Version: 0.1.0.1
{C333CF63-767F-4831-94AC-E683D962C63C} (TGTSoft Explorer Toolbar Changer)
BHO name: TGTSoft Explorer Toolbar Changer
CLSID name: CoTGT_BHO Class
Path: C:\Program Files\TGTSoft\StyleXP\
Long name: TGT_BHO.dll
Short name:
Date (created): 10/25/2004 1:32:22 PM
Date (last access): 1/8/2005 1:03:04 AM
Date (last write): 10/25/2004 1:32:22 PM
Filesize: 49152
Attributes: archive
MD5: 173F42E9A3281F408807404720D41105
CRC32: 6906889A
Version: 255.255.255.255
--- ActiveX list ---
Yahoo! Spades (Yahoo! Spades)
DPF name: Yahoo! Spades
CLSID name:
{00000055-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Shockwave 10\
Long name: Download.dll
Short name:
Date (created): 9/9/2004 3:36:40 PM
Date (last access): 12/29/2004 7:22:06 PM
Date (last write): 9/9/2004 3:36:40 PM
Filesize: 79048
Attributes: archive
MD5: 88E179D4DCBFE9C9D4BF796EC3E4BF76
CRC32: E90FC00F
Version: 0.10.0.1
{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 5/29/2003 4:00:22 PM
Date (last access): 1/8/2005 1:02:52 AM
Date (last write): 5/29/2003 4:00:22 PM
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 0.7.0.1
{4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: EPUWalcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 5/15/2004 1:14:18 PM
Date (last access): 1/8/2005 1:02:52 AM
Date (last write): 5/15/2004 1:14:18 PM
Filesize: 884736
Attributes: archive
MD5: ACBDA0F01F0A678AB5E6CC9080708C7D
CRC32: B21B099F
Version: 0.1.0.0
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ()
DPF name:
CLSID name:
{4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class)
DPF name:
CLSID name: dldisplay Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ghdlctl.dll
Short name:
Date (created): 11/16/2003 10:02:40 PM
Date (last access): 1/8/2005 1:02:52 AM
Date (last write): 11/16/2003 10:02:40 PM
Filesize: 73728
Attributes: archive
MD5: 618A9D0EDB1046586B7467F9907BEB80
CRC32: C8371131
Version: 0.3.0.2
{62475759-9E84-458E-A1AB-5D2C442ADFDE} ()
DPF name:
CLSID name:
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 5/29/2003 4:00:20 PM
Date (last access): 1/8/2005 1:02:52 AM
Date (last write): 5/29/2003 4:00:20 PM
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 0.7.0.1
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} ()
DPF name:
CLSID name:
--- Process list ---
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 276 ( 864) C:\WINDOWS\system32\slserv.exe
PID: 304 ( 864) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PID: 508 ( 864) wdfmgr.exe
PID: 552 ( 864) C:\WINDOWS\System32\wltrysvc.exe
PID: 576 ( 864) C:\WINDOWS\system32\svchost.exe
PID: 584 ( 552) C:\WINDOWS\System32\bcmwltry.exe
PID: 720 ( 4) \SystemRoot\System32\smss.exe
PID: 792 ( 720) csrss.exe
PID: 820 ( 720) \??\C:\WINDOWS\SYSTEM32\winlogon.exe
PID: 864 ( 820) C:\WINDOWS\system32\services.exe
PID: 876 ( 820) C:\WINDOWS\system32\lsass.exe
PID: 1020 ( 864) C:\WINDOWS\system32\svchost.exe
PID: 1096 ( 864) svchost.exe
PID: 1136 ( 864) C:\WINDOWS\System32\svchost.exe
PID: 1164 ( 864) C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PID: 1256 ( 864) svchost.exe
PID: 1332 ( 864) svchost.exe
PID: 1348 ( 864) alg.exe
PID: 1496 (1688) C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PID: 1536 (1688) C:\Program Files\Messenger Plus! 3\MsgPlus.exe
PID: 1548 (1688) C:\PROGRA~1\SYMANT~1\VPTray.exe
PID: 1572 (1688) C:\Program Files\Desktop Sidebar\sidebar.exe
PID: 1636 (1688) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 1680 ( 864) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PID: 1688 (1660) C:\WINDOWS\Explorer.EXE
PID: 1696 (1688) C:\WINDOWS\system32\ctfmon.exe
PID: 1772 ( 864) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PID: 1892 ( 864) C:\WINDOWS\system32\spoolsv.exe
PID: 1996 ( 864) C:\Program Files\Symantec AntiVirus\DefWatch.exe
PID: 2016 ( 864) C:\Program Files\Executive Software\Diskeeper\DkService.exe
PID: 2444 (1688) C:\Program Files\Mozilla Firefox\firefox.exe
PID: 2912 (1464) C:\WINDOWS\Integrator.exe
PID: 3016 (1688) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 3252 (1572) C:\Program Files\Windows Media Player\wmplayer.exe
Spybot - Search && Destroy process list report, 1/8/2005 1:07:15 AM
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 1/8/2005 1:07:15 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\")
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com (http://\"http://www.google.com\")
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/ (http://\"http://www.google.com/\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home (http://\"http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.averatec.com (http://\"http://www.averatec.com\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/src...st/srchasst.htm (http://\"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/src...st/srchcust.htm (http://\"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm\")
--- Winsock Layered Service Provider list ---
-
Nothing too malcious at first glance, except for some Tracking cookies
and I would also Access your Add/Remove Programs and remove if found
MyPoints_PointAlert
Restart your computer if it's removed
You could install this free program
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
Check for updates every couple of weeks
after every update just simply enable all protection
You could delete all your cookies and temp folders
Or download and Install this small program
to help clean your temp folders,cookies, prefetch folder, etc...
Windows Cleanup (http://\"http://www.antispyware.nextdesigns.net/installs/cleanup.php?type=exe\")
Once installed Open the program and click the CleanUp! button
Let it Scan for files, when it's complete it will prompt you to log off
Don't do it at this time
Do another scan with Hijackthis and put a check next to these entries:
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (HKCU)
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) -
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis
RESTART your computer and delete this folder
C:\Program Files\MyPoints_PointAlert
Post back a fresh Hijackthis log afterwards
If any entries can't be removed with Hijackthis we will have to disable Spybot's Tea Timer until the fixes are complete