Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - karnage

Pages: [1] 2
1
Tech Clinic / check up need IE acting strange
« on: December 09, 2005, 06:39:40 PM »
my FIrefox  is on Direct Connetion.     IE seems to b workin ok now..     but i cannot login to yahoo mail on IE.. but i CAN with Firefox.  let me know wat u think. THanks


here is wat u requested:


# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

2
Tech Clinic / check up need IE acting strange
« on: December 08, 2005, 12:07:16 AM »
bump http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> 2nd check as requested http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />  thanks

3
Tech Clinic / check up need IE acting strange
« on: December 06, 2005, 05:57:23 AM »
Here is a fresh   report. from after i followed ur instructions.  IE is still having trouble displaying some pages, (like yahoo.com)   it takes a few refreshes for some pages to show up.   i am using FIrefox atm which is fine.
any other advice would b greatly appreciated. Thank you for ur help.




Logfile of HijackThis v1.99.1
Scan saved at 9:51:12 PM, on 6/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Navnt\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1043fm.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local>
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Navnt\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C524245-1E41-4470-BE3B-ED5273702536}: NameServer = 203.9.148.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\PROGRA~1\Navnt\rtvscan.exe

4
Tech Clinic / check up need IE acting strange
« on: December 06, 2005, 12:42:43 AM »
bump. any help plz http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

5
Tech Clinic / check up need IE acting strange
« on: December 04, 2005, 05:27:49 AM »
bump  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

6
Tech Clinic / check up need IE acting strange
« on: December 03, 2005, 06:16:22 AM »
a few days ago.. my IE  aften showing    "PAGE CANNOT BE DISPLAYED"   and pictures were often not showing up.
i have since installed Firefox,        and it looks ok.. but can sum1 plz check my log to see if my IE got bugged.  Thanks for all ur help

Logfile of HijackThis v1.99.1
Scan saved at 9:56:59 PM, on 3/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Navnt\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1043fm.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local>
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Navnt\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C524245-1E41-4470-BE3B-ED5273702536}: NameServer = 203.9.148.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\PROGRA~1\Navnt\rtvscan.exe

7
Tech Clinic / Guestolo plz Help. Malware
« on: July 08, 2005, 01:20:00 AM »
THANKS A LOT, Guestolo.    Your time and effort is TRULY APPRECIATED.            i have installed Ie-Spyad...   so hopefully i can stay clean.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> THANKS

8
Tech Clinic / Guestolo plz Help. Malware
« on: July 07, 2005, 01:38:20 AM »
i have deleted AVGOLD from the UNINSTALL list in HIjack Manager..            HERe is a fresh hijack log. I HAVE NOT put any spaces in it. THEY are all direct CUt and paste jobs http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
-------
YES i did find and delete the shortcut:  BUT is was in another user folder, NOT the ADMINISTRATOR.    like u told me to do

 [Could you also delete this entry if found, in bold
Let me know if you found it
C:\Documents and Settings\Administrator\Start Menu\Programs\antivirusgold]
----------- THANKS A LOT.. any more info for me???

Logfile of HijackThis v1.99.1
Scan saved at 4:49:20 PM, on 7/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Navnt\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1043fm.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local>
O4 - HKLM\..\Run: [vptray] C:\Program Files\Navnt\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C524245-1E41-4470-BE3B-ED5273702536}: NameServer = 203.9.148.7
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\PROGRA~1\Navnt\rtvscan.exe

9
Tech Clinic / Guestolo plz Help. Malware
« on: July 06, 2005, 01:23:10 AM »
sorry..  i missed this bit:     and accidently BLOCKED the change
------
"Remember, don't let Microsoft Anti-Spyware interfere with any fixes
If I didn't warn you before
If MAS prompts about any changes
Allow them, so it won't interfere"
--------------

BUT then i REPEATED the Smitfraud.reg step and the Cleanup!  scan.
THen i ALLOWED the changes in  Microsoft Anti-Spyware .

THe MSN DOES NOT appear any more and the flashing yellow ! sign has not appeared.       ONE MORE thing tho...: there is still   AVGOLD, ONLINE DATING and REMOVE SPYWARE   icons on my desktop. WHAT is the best way to remove those ?? THANKS

Here is a fresh Hijack this log:            and a REPORT from Ewido suite 3.5.  THANKS A LOT FOR ALL UR HELP http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />


Logfile of HijackThis v1.99.1
Scan saved at 4:23:13 PM, on 6/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Navnt\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://mail.yahoo.com/?.intl=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = proxy.ozemail.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local>
O4 - HKLM\..\Run: [vptray] C:\Program Files\Navnt\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch

Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program

Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -

C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet -

{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack -

http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Poker -

http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio

Conferencing) -

http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -

http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{9C524245-1E41-4470-BE3B-ED5273702536}:

NameServer = 203.9.148.7
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation -

C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) -

Unknown owner - C:\PROGRA~1\Navnt\rtvscan.exe



AND HERE is the EWIDO report.. THANKS


---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         7:03:35 PM, 6/07/2005
 + Report-Checksum:      F54D3D14

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{CDC6E08A-2B2E-4A7F-9AFF-78D55FCB2591} -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{69FD62B1-0216-4C31-8D55-840ED86B7C8F} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75D2080B-4857-4B96-9B7D-732634FBD01F} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69FD62B1-0216-4C31-8D55-840ED86B7C8F} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75D2080B-4857-4B96-9B7D-732634FBD01F} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Cleaned with backup
   HKU\S-1-5-21-329068152-1757981266-725345543-1004\Software\SCom -> Dialer.Generic : Cleaned with backup
   C:\Program Files\Microsoft AntiSpyware\Quarantine\42C3BD9C-F333-4EDF-94D2-C90591\4A176CB4-B7EA-4A61-8811-E3379C -> Spyware.180Solutions.b : Cleaned with backup


::Report End

10
Tech Clinic / Guestolo plz Help. Malware
« on: July 06, 2005, 12:18:16 AM »
ok.. i will now try this.     I have just downloaded the new Ewido Suite and new definitons..  SO i can tyr those if u need me to later.. THANKS


I will giveu a new LOG from hijack... in my next log. THANKS

11
Tech Clinic / Guestolo plz Help. Malware
« on: July 05, 2005, 11:45:00 PM »
bump.  
SO, i still get MSN popping up.. and A FLASHING !  alert icon pops up in the icon tray.. the link is to various ANTI-SPYWARE sites. DO i need to run some other scan... or should i try re-installing the Ewido software... tho i am still having trouble accessing their site.

There are my logs. I keep forgetting to log-in. THANKS

12
Tech Clinic / Guestolo plz Help. Malware
« on: July 05, 2005, 08:52:59 PM »
my Ewido will is have troble connecting to  to its AUTO Update site..  my  last update was 2/7/05.  WIll this be ok?  i will now foloow ur instrucitons.. THANKS

13
Tech Clinic / Guestolo plz Help. Malware
« on: July 05, 2005, 02:04:04 AM »
ON THE desktop wallpaper; there is blue screen with white text which reads:
"SECURITY WARNING                  A FATAL ERROR IN IE HAS OCCURED.......    ERROR WAS CAUSED BY TROJAN-SPY.HTML.SMITFRAUD.C......."


when i start my IE browser:        oneclicksearches.com  appears.

ALSO  here is a Uninstall list form HiJackThis.  Another strange thing is.. when i turn on the PC.. a different  version of MSN Messenger starts up automatically.. EVEN THO the options settings have this feature DISABLED..


Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Adobe Reader 7.0
AntivirusGold 2.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVI Joiner version 1.0
Basketball Playbook 008
CleanUp!
Codec Pack - All In 1 6.0.2.3
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
DivX Player
DivxToDVD 0.5.2b
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Dynalink RTA100+ USB
EA Network Play System
EA SPORTS online 2005
EasyCleaner
ES C41 Problem Solver
ESPNMotion
e-tax 2005
ewido security suite
Express Setup
FlashGet(JetCar)
GTA San Andreas
HijackThis 1.99.1
HJ-Split 2.2
hp deskjet 3500
hp deskjet 3500 series
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
HP Software Update
ICQ 4.1
InCD (Ahead Software)
Internet Update
Java 2 Runtime Environment Standard Edition v1.3.0_01
LimeWire
LiveUpdate
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
MSN Messenger 7.0
Musicmatch® Jukebox
Mustek 1200 UB Plus v1.3
Nero 6 Ultra Edition
NeroVision Express 3
Norton AntiVirus Corporate Edition 7.0 for Windows NT
NVIDIA Drivers
NVIDIA Windows 2000/XP nForce Drivers
PowerDVD
QuickTime
ReNamer 1.80
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Spybot - Search & Destroy 1.4
SpywareBlaster v3.4
Texas Hold 'Em
Update for Windows XP (KB898461)
VSO CopyToDVD 3
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Series TweakMP PowerToy
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver

14
Tech Clinic / Guestolo plz Help. Malware
« on: July 05, 2005, 01:01:10 AM »
bump

15
Tech Clinic / Guestolo plz Help. Malware
« on: July 04, 2005, 06:33:51 AM »
Malware has put itself on my pc.   Antivirus Gold and Online Dating as well as a fake Spyware Remover program have taken over. My desktop wallpaper has been taken over...  and temporarily was not able to use Internet Explorer.
   Here is a HiJack THis log and a Microsoft Antispware report.              I had SpySHeriff  on my pc a few weeks ago, and was able to erase that. But this is different.  ANy help would be appreciated... THANKS
------------------------------
I ran a Microsoft ANtispyware scan.. and it showed the following detections.. SO i removed and quarantined them. THen did another HiJack THis log (Below)             Then i did another Antivirus scan.. which came up clean...       CAN U plz help with the removal of the malware and return my desktop to normal.. THANKS


-----------
AND HERE IS A MICROSOFT AntiSpyware report:
-----------------
Spyware Scan Details
Start Date: 4/07/2005 9:18:29 PM
End Date: 4/07/2005 9:36:30 PM
Total Time: 18 mins 1 secs

Detected Threats

EGroup Dialer Dialer  more information...
Details: EGroup Dialer is an ActiveX control for premium-rate dialers, usually for adult content sites.
Status: Ignored
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\windows\tmlpcert2005

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\BD8400524261DF1ADBD8860F22C9CE2B97471448
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\BD8400524261DF1ADBD8860F22C9CE2B97471448


Messenger.VirusWarning Trojan  more information...
Details: Messenger.VirusWarning runs approximately every 10 minutes and displays a pop-up message telling you that the computer is infected with a virus.
Status: Ignored
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\windows\system32\msmsgs.exe


Hotbar Adware  more information...
Details: Hotbar adds graphical skins to Internet Explorer, Outlook, and Outlook Express, and also adds its own toolbar. Hotbar monitors all Web sites the user visits and displays pop-up ads.
Status: Ignored
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.

Infected files detected
c:\windows\downloaded program files\hotbar.inf

Infected folders detected
c:\program files\hotbar
c:\program files\hotbar\bin
c:\program files\hotbar\bin\4.5.1.0

Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}
HKEY_CLASSES_ROOT\clsid\{a54814c0-40f3-4249-8528-b4922cd2964e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}\InprocServer32 C:\Program Files\Hotbar\bin\4.3.2.0\HbHostOL.dll
HKEY_LOCAL_MACHINE\software\classes\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}\ProgID HbHostOL.HbCmndbarESink.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}\TypeLib {6D6D1580-5B74-40EA-97F4-3C2B46C5ABDD}
HKEY_LOCAL_MACHINE\software\classes\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}\VersionIndependentProgID HbHostOL.HbCmndbarESink
HKEY_LOCAL_MACHINE\software\classes\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b} HbCmndbarESink Class
HKEY_CLASSES_ROOT\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}\InprocServer32 C:\Program Files\Hotbar\bin\4.3.2.0\HbHostOL.dll
HKEY_CLASSES_ROOT\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}\ProgID HbHostOL.HbCmndbarESink.1
HKEY_CLASSES_ROOT\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}\TypeLib {6D6D1580-5B74-40EA-97F4-3C2B46C5ABDD}
HKEY_CLASSES_ROOT\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b}\VersionIndependentProgID HbHostOL.HbCmndbarESink
HKEY_CLASSES_ROOT\clsid\{1e24f8a0-5965-4902-90d4-08534e9adf3b} HbCmndbarESink Class
HKEY_CLASSES_ROOT\clsid\{6fb2639a-4ba3-4531-8db8-fab03e0a8ffd}
HKEY_CLASSES_ROOT\clsid\{954814c0-40f3-4249-8528-b4922cd2964e}


Detected Spyware Cookies
No spyware cookies were found during this scan.

-------------------
HIJACK THIS LOG
---------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:50:45 PM, on 4/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\shnlog.exe
C:\Program Files\Navnt\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\hookdump.exe
C:\WINDOWS\system32\intmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

http://www.oneclicksearches.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

proxy.ozemail.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

192.168.1.1;192.168.1.2;<local>
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} -

C:\WINDOWS\system32\hp935C.tmp
O4 - HKLM\..\Run: [vptray] C:\Program Files\Navnt\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\system32\intel32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft

AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -

http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C524245-1E41-4470-BE3B-ED5273702536}: NameServer =

203.9.148.7
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner -

C:\PROGRA~1\Navnt\rtvscan.exe


_________________

16
Tech Clinic / spysheriff removal plz? Log is there.
« on: June 22, 2005, 01:11:00 AM »
a BIG THANKS for your help, Guestolo.    i appreciate all the help... time and effort!  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />    THANKS

17
Tech Clinic / spysheriff removal plz? Log is there.
« on: June 22, 2005, 12:39:06 AM »
bump

18
Tech Clinic / spysheriff removal plz? Log is there.
« on: June 21, 2005, 02:10:18 AM »
thanks for your help http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Ewido was also giving me a msg about finding a trojan. I used the block and  clean feature..  i hope your instructions got rid of this too.

I followed your guide and   everything came up clean.  i was able to delete everything u checked in CleanUp!   Fxitbar.exe  was CLEAN. and Spybot 1.4 was CLEAN.   I have posted a fresh, HiJackThis  log.   so u can check. And then i did another Ewido scan , WHich is also posted.    ALSO, can u suggest anything to give me the best chance of been virus and Malware free.    THANKS A LOT
------------
Logfile of HijackThis v1.99.1
Scan saved at 4:59:27 PM, on 21/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Navnt\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1043fm.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Navnt\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C524245-1E41-4470-BE3B-ED5273702536}: NameServer = 203.9.148.7
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\PROGRA~1\Navnt\rtvscan.exe

AND:  Ewido Scan

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         6:58:06 PM, 21/06/2005
 + Report-Checksum:      AAC693BF

 + Date of database:      20/06/2005
 + Version of scan engine:   v3.0

 + Duration:            40 min
 + Scanned Files:         73234
 + Speed:            30.17 Files/Second
 + Infected files:         3
 + Removed files:         3
 + Files put in quarantine:      3
 + Files that could not be opened:   0
 + Files that could not be cleaned:   0

 + Binder:      Yes
 + Crypter:      Yes
 + Archives:      Yes

 + Scanned items:
   C:\
   G:\

 + Scan result:
   C:\Documents and Settings\vas.VAS-YTESNNF1SB8\Cookies\vas@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
   C:\Documents and Settings\vas.VAS-YTESNNF1SB8\Cookies\vas@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
   C:\Documents and Settings\vas.VAS-YTESNNF1SB8\Cookies\vas@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End

19
Tech Clinic / spysheriff removal plz? Log is there.
« on: June 20, 2005, 07:02:17 AM »
ANd another    Ewido  STARTUP SCAN:  thanks for taking the time to look  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />


---------------------------------------------------------
 ewido security suite - Startup report
---------------------------------------------------------

 + Created on:         6:50:23 PM, 20/06/2005
 + Report-Checksum:      8CA1C82

Reg\HKLM\Run         vptray                                   C:\Program Files\Navnt\vptray.exe                                                                  
Reg\HKLM\Run         HPDJ Taskbar Utility                     C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe                                            
Reg\HKLM\Run         DIGStream                                C:\Program Files\DIGStream\digstream.exe                                                            
Reg\HKLM\Run         gcasServ                                 "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"                                              
Reg\HKLM\Run         Parallel Tasking                         C:\Program Files\Parallel Tasking\ptask.exe                                                        
Reg\HKLM\Run         QuickTime Task                           "C:\Program Files\QuickTime\qttask.exe" -atboottime                                                
Reg\HKLM\Run         ATIPTA                                   C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe                                    
Reg\HKLM\Run         EkMV÷h$vùõš/‚²‘ÆßfC:\Program Files\ISTsvc\istsvc.exe C:\WINDOWS\lgpqslwi.exe                                                                            
Reg\HKLM\Run         Á³#  L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe C:\WINDOWS\lgpqslwi.exe                                                                            
Reg\HKLM\Run         mmtask                                   "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"                                        
Reg\HKLM\Run         NeroFilterCheck                          C:\WINDOWS\system32\NeroCheck.exe                                                                  
Shell\CommonStartup  Adobe Reader Speed Launch.lnk            C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
Shell\CommonStartup  Microsoft Office.lnk                     C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk

20
Tech Clinic / spysheriff removal plz? Log is there.
« on: June 20, 2005, 03:28:42 AM »
thanks for your help.. i'll be eagerly waiting... thanks Guestolo
here is more info:

Ewido Full PC Scan:

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         7:39:04 PM, 20/06/2005
 + Report-Checksum:      9F53940

 + Date of database:      19/06/2005
 + Version of scan engine:   v3.0

 + Duration:            40 min
 + Scanned Files:         75045
 + Speed:            30.56 Files/Second
 + Infected files:         9
 + Removed files:         9
 + Files put in quarantine:      9
 + Files that could not be opened:   0
 + Files that could not be cleaned:   0

 + Binder:      Yes
 + Crypter:      Yes
 + Archives:      Yes

 + Scanned items:
   C:\
   G:\

 + Scan result:
   C:\Documents and Settings\vas.VAS-YTESNNF1SB8\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
   C:\Documents and Settings\vas.VAS-YTESNNF1SB8\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
   C:\Documents and Settings\vas.VAS-YTESNNF1SB8\Cookies\vas@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
   C:\Documents and Settings\vas.VAS-YTESNNF1SB8\Cookies\vas@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
   C:\Documents and Settings\vas.VAS-YTESNNF1SB8\Cookies\vas@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
   C:\Documents and Settings\vas.VAS-YTESNNF1SB8\Cookies\vas@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
   C:\Documents and Settings\vas.VAS-YTESNNF1SB8\Cookies\vas@S002-00-7-6-156149-16089[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
   C:\WINDOWS\Temp\APQ23.tmp -> TrojanDownloader.IstBar.is -> Cleaned with backup
   C:\WINDOWS\Temp\APQ24.tmp -> Trojan.Patcher.a -> Cleaned with backup


::Report End

AND:   Uninstal list  from HiJack THis:

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Adobe Reader 7.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVI Joiner version 1.0
Basketball Playbook 008
CleanUp!
CloneCD
ClonyXXL
Codec Pack - All In 1 6.0.2.3
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
DivX Player
DivxToDVD 0.5.2b
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Dynalink RTA100+ USB
EA Network Play System
EA SPORTS online 2005
EasyCleaner
ES C41 Problem Solver
ESPNMotion
ewido security suite
Express Setup
FlashGet(JetCar)
HijackThis 1.99.1
HJ-Split 2.2
hp deskjet 3500
hp deskjet 3500 series
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
HP Software Update
ICQ 4.1
InCD (Ahead Software)
Java 2 Runtime Environment Standard Edition v1.3.0_01
LimeWire
LiveUpdate
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
MSN Messenger 7.0
Musicmatch® Jukebox
Mustek 1200 UB Plus v1.3
Nero 6 Ultra Edition
NeroVision Express 3
Norton AntiVirus Corporate Edition 7.0 for Windows NT
NVIDIA Drivers
NVIDIA Windows 2000/XP nForce Drivers
PowerDVD
QuickTime
ReNamer 1.80
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Texas Hold 'Em
VSO CopyToDVD 3
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Series TweakMP PowerToy
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Zero Hour : Reloaded

Pages: [1] 2