Jump to content

timfarley

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by timfarley

  1. Yes, there have been no noticeable problems. I ran a complete MBAM scan as well as the Spyderbot. Other than a couple cookies, nothing found. I noticed that with the new McAfee Security Center, that it would launch a warning dialog box when a suspect website was reached. (i.e. the Vario antivirus). I hope that will help some with preventing junk ending up on the computer. My daughter only uses the laptop for Nickolodeon. My wife mainly uses it for Yahoo email and messenger. Any tips for keeping it clean would be much appreciated. Again thanks very much for the help.
  2. Thanks very much. To summarize. There was the problem of the Hijacked websearches. That seems to have been rectifed after the first series of fixes. Also, some Malaware kept popping up an ad for an antivirus program. That persisted even after several scans by Spyderbot and MBAM. Those scans would delete the offending program but it kpet coming back. It was the Vario Antivirus. Following the notes above. Ran system check. I am old enough to have used DOS so no problem there. Screen flashed quickly but not much to report. I know Hard drive has some bad sectors on it. Its a Dell laptop that is ~6 years old, 2 GHz Pentium with 1 Gig RAM. The Spyderbot found and "fixed" the Vario Antivirus again. Use HJT to fix the myway.dell4me.myway line. It deleted it. Had to reset the IE program to get IE to launch. Seems okay now. Ran Spider bot and the MBAM again. All clean. Nothing found. No pop-ups today so it might be cleared. This computer is basically used by my wife and daughter. It does seem slow. Fairly long boot-up till all is loaded. Couple functions like "Search" are excruciatingly slow. Yet IE launches quickly. I recently added a new McAfee Security Center to hopefully block this sort of stuff from re-occuring. Perhaps its a drain on resources. Any other thoughts would be appreciated.
  3. Thanks for the advice. I did have Spybot so I ran it. It deleted some stuff. I ran the ATF cleaner. 700 + MB removed?. Okay. Deleted all the extra files. I did not see a Google toolbar in program tree. Ran a scan of the new HiJack version. Fixed those entries that were present as suggested in earlier thread. Ran the DSS. Below is the two reports. Thanks again Main Text from DSS Deckard's System Scanner v20071014.68 Run by Timothy on 2008-05-26 18:44:43 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Timothy.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:44:45 PM, on 5/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Timothy\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Timothy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {9E91EBFD-A710-4E6E-893A-B9B1262F751E} - C:\WINDOWS\system32\CI.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: WLANKEEPER - Intel
  4. I guess your typical malware problem. Ran MBAM anf it got rid of a bunch of stuff. But problem still persists of clicking on any search engine result end of being redirected to some useless or unwatnted webpage. THANKS in advance Here is the latest MBAM log: Malwarebytes' Anti-Malware 1.12 Database version: 743 Scan type: Full Scan (C:\|) Objects scanned: 137881 Time elapsed: 34 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The latest PandaScan: A few suspicious.... ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-05-21 17:19:03 PROTECTIONS: 0 MALWARE: 86 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00049499 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-15a5a956-40454f76.zip[Dummy.class] 00098897 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-15a5a956-40454f76.zip[insecureClassLoader.class] 00098898 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-15a5a956-40454f76.zip[installer.class] 00098899 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-15a5a956-40454f76.zip[GetAccess.class] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@trafficmp[2].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@trafficmp[2].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@trafficmp[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@casalemedia[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@casalemedia[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@doubleclick[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Local Settings\Temp\Cookies\robin@doubleclick[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Local Settings\Temp\Cookies\robin@atdmt[1].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@tradedoubler[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@247realmedia[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@247realmedia[2].txt 00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@bfast[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@fastclick[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@tribalfusion[2].txt 00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@as-eu.falkag[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@mediaplex[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@mediaplex[2].txt 00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@centrport[1].txt 00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@centrport[1].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@linksynergy[2].txt 00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@anm.co[1].txt 00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@entrepreneur[1].txt 00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@7search[1].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@clickbank[2].txt 00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@maxserving[1].txt 00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@maxserving[1].txt 00149104 Cookie/Date TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@date[3].txt 00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@belnk[1].txt 00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@belnk[1].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@revenue[2].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@revenue[2].txt 00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@findwhat[2].txt 00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@dist.belnk[2].txt 00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@dist.belnk[2].txt 00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@www.myaffiliateprogram[2].txt 00167450 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4686f087-4564367b.zip[VerifierBug.class] 00167451 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4686f087-4564367b.zip[Dummy.class] 00167452 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4686f087-4564367b.zip[blackBox.class] 00167453 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4686f087-4564367b.zip[beyond.class] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@com[2].txt 00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@stats1.clicktracks[2].txt 00167670 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@seeq[1].txt 00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@landing.domainsponsor[1].txt 00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@webpower[2].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@xiti[1].txt 00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@tickle[1].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@azjmp[2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@statcounter[1].txt 00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@counter1.sextracker[2].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@perf.overture[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@perf.overture[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@perf.overture[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@ad.yieldmanager[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@ad.yieldmanager[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@ad.yieldmanager[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@apmebf[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@apmebf[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@burstnet[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@burstnet[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@burstnet[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@bs.serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@bs.serving-sys[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@www.burstbeacon[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@www.burstbeacon[1].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@www.burstbeacon[1].txt 00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@as-us.falkag[2].txt 00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@as1.falkag[2].txt 00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@web.tickle[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@adtech[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@adtech[2].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@server.iad.liveperson[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@server.iad.liveperson[1].txt 00168111 Cookie/Servlet TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@servlet[2].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@stat.onestat[2].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@stat.onestat[1].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@stat.onestat[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Local Settings\Temp\Cookies\robin@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@advertising[1].txt 00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@sextracker[1].txt 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@adrevolver[1].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@statse.webtrendslive[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@ads.pointroll[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@ads.pointroll[3].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@ads.pointroll[1].txt 00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@hc2.humanclick[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@overture[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@overture[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@overture[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@realmedia[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@realmedia[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@realmedia[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@questionmarket[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@questionmarket[2].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@zedo[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@bluestreak[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@bluestreak[1].txt 00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@phg.hitbox[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@adrevolver[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@adrevolver[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@adrevolver[2].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@adultfriendfinder[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@go[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@go[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@go[1].txt 00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@www48.seeq[1].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@searchportal.information[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@target[2].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@target[2].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@target[1].txt 00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@ct.360i[2].txt 00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@ct.360i[1].txt 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@did-it[1].txt 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@did-it[1].txt 00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@i.screensavers[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@atwola[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@atwola[1].txt 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@ehg-dig.hitbox[2].txt 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@ehg-dig.hitbox[2].txt 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@ads.addynamix[2].txt 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@ads.addynamix[2].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@citi.bridgetrack[1].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@citi.bridgetrack[1].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@citi.bridgetrack[1].txt 01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@enhance[2].txt 01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@enhance[2].txt 01692698 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Robin\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32 01692698 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Hannah\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@advancedcleaner[2].txt 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@advancedcleaner[2].txt 02887534 Cookie/PrivacyGuard TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@yourprivacyguard[2].txt 02887534 Cookie/PrivacyGuard TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@yourprivacyguard[1].txt 02923687 Generic Trojan Virus/Trojan Yes 0 Yes No C:\WINDOWS\SYSTEM32\CI.DLL ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ] ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ] ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== And the HtJ log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:11:50 PM, on 5/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\lexpps.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Timothy\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: (no name) - rsion - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {9E91EBFD-A710-4E6E-893A-B9B1262F751E} - C:\WINDOWS\system32\CI.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Robin') O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Robin') O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'Robin') O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Robin') O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User 'Robin') O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Robin') O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Robin') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: WLANKEEPER - Intel
  5. I would appreciate any help. Wife's laptop started acting funny month or so ago. I ran Spybot and it cleared out some stuff. Problems with Search engine (Yahoo or Google) being re-directed to junk. Ran Malware remover. It got rid of Antispyware but problem with Hijacked searches still occuring. Ran a Microsoft fixer but it said no bad files found. Ran Hijack this and got this analysis. See below. Any help much appreciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:43:20 PM, on 5/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\palmOne\Hotsync.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\DOCUME~1\Timothy\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: (no name) - rsion - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {9E91EBFD-A710-4E6E-893A-B9B1262F751E} - C:\WINDOWS\system32\CI.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: WLANKEEPER - Intel
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.