DaniWeb IT Discussion Community
1 2 Last »
Show 40 post(s) from this thread on one page

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   About:Blank Homepage (http://www.daniweb.com/forums/thread7361.html)

Silent Jun 22nd, 2004 9:53 pm
About:Blank Homepage
 
I keep getting this About:Blank homepage which turns out to be some sort of search engine or sumtin.. and then i get a lot of pop-ups saying adaware and u have a parasite in ur computer and things like that... so i tried changing my homepage and it went back to About:Blank ... so i kept tryin that.. and that didnt work.. i tried using Spybot SEACH & Destroy... that didn't work either... this is my hijack this log:
Logfile of HijackThis v1.97.5
Scan saved at 8:56:13 PM, on 6/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\System32\msgked.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Pop Blocker\updatedl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Salih\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.socom2battles.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
O2 - BHO: (no name) - {0B9B83D5-AF96-46A3-9224-A96944F99FF4} - C:\WINDOWS\System32\fgkohba.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msfaol.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Pop Blocker\Updated.dll
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

and also.. a die note... when i try to go to other sites.. sometimes i get redirected to some site taht is sumtin like www.flashlightsearch.com then a lot of numbers and then the site i wanted .. i.e. www.flashlightsearch.com/202348/2083234&@)Q#&#*www.google.com/

jendej Jun 22nd, 2004 10:01 pm
Re: About:Blank Homepage
 
we're in the same boat. this is a version of the coolwebsearch virus. i'm hoping to get help for the same problem, so you might want to keep an eye on that thread as well as this one.

Silent Jun 22nd, 2004 10:11 pm
Re: About:Blank Homepage
 
adaware6.0... i ran that...:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, June 22, 2004 8:58:35 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R298 20.04.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


6-22-2004 8:58:35 PM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 6-23-2004 12:24:25 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:24:32 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:24:37 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:24:37 AM
Last modified : 8/29/2002 2:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:24:37 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:24:37 AM
Last modified : 8/29/2002 2:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:24:43 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:24:43 AM
Last modified : 8/29/2002 2:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-23-2004 12:24:45 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:24:43 AM
Last modified : 8/29/2002 2:00:00 AM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:24:57 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:24:57 AM
Last modified : 8/29/2002 2:00:00 AM

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 6-23-2004 12:24:57 AM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 11/13/2002 11:44:02 PM
Last accessed : 6/23/2004 12:24:58 AM
Last modified : 11/13/2002 11:44:02 PM

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 6-23-2004 12:25:11 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:26:56 AM
Last modified : 8/29/2002 2:00:00 AM

#:10 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:25:12 AM
BasePriority : Normal
FileSize : 5 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
OriginalFilename : cisvc.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:25:12 AM
Last modified : 8/29/2002 2:00:00 AM

#:11 [hpconfig.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:25:14 AM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 3, 0, 1, 8
ProductVersion : 3, 0, 1, 8
Copyright : Hewlett-Packard Copyright (C) 1999-2002
CompanyName : Hewlett-Packard
FileDescription : HPConfig Module
InternalName : HPConfig
OriginalFilename : HPConfig.EXE
ProductName : HPConfig Module
Created on : 5/22/2003 11:24:52 PM
Last accessed : 6/23/2004 12:25:14 AM
Last modified : 8/15/2002 5:11:00 PM

#:12 [hpwirelessmgr.exe]
FilePath : C:\Program Files\HPQ\Notebook Utilities\
ThreadCreationTime : 6-23-2004 12:25:15 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
Copyright : Hewlett-Packard Copyright 2002
CompanyName : Hewlett-Packard Co.
FileDescription : HPWirelessMgr Module
InternalName : HPWirelessMgr
OriginalFilename : HPWirelessMgr.EXE
ProductName : HPWirelessMgr Module
Created on : 5/22/2003 11:25:03 PM
Last accessed : 6/23/2004 12:25:15 AM
Last modified : 1/14/2003 9:12:14 PM

#:13 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 6-23-2004 12:25:17 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 11/15/2002 2:41:26 AM
Last accessed : 6/23/2004 12:25:17 AM
Last modified : 11/15/2002 2:41:26 AM

#:14 [carpserv.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-23-2004 12:25:32 AM
BasePriority : Normal
FileSize : 4 KB
FileVersion : 5.03.09.00
ProductVersion : 5.03.09.00
Copyright : Copyright
CompanyName : Conexant Systems
FileDescription : carpserv
InternalName : carpserv
OriginalFilename : carpserv.exe
ProductName : Conexant carpserv
Created on : 5/22/2003 9:58:23 PM
Last accessed : 6/23/2004 12:25:32 AM
Last modified : 4/15/2003 1:00:02 AM

#:15 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 6-23-2004 12:25:37 AM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 8.20.0130
ProductVersion : 8.20.0130
Copyright : Copyright
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 4/30/2004 8:57:08 PM
Last accessed : 6/23/2004 12:25:37 AM
Last modified : 4/20/2004 8:50:16 PM

#:16 [onetouch.exe]
FilePath : C:\Program Files\HPQ\One-Touch\
ThreadCreationTime : 6-23-2004 12:25:38 AM
BasePriority : Normal
FileSize : 104 KB
FileVersion : 1.6.8.0
ProductVersion : 1.6.8.0
Copyright : Copyright
CompanyName : Dritek System Inc.
FileDescription : One-Touch
InternalName : OneTouch
OriginalFilename : OneTouch.exe
ProductName : Dritek System Inc. OneTouch 01.30.2003 ( VC60 )
Created on : 1/30/2003 10:53:10 PM
Last accessed : 6/23/2004 12:25:38 AM
Last modified : 1/30/2003 10:53:10 PM

#:17 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 6-23-2004 12:25:39 AM
BasePriority : Normal
FileSize : 108 KB
FileVersion : 7.4.2 13Mar03
ProductVersion : 7.4.2 13Mar03
Copyright : Copyright (C) Synaptics, Inc. 1996-2002
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
OriginalFilename : SynTPLpr.exe
ProductName : Progressive Touch
Created on : 5/22/2003 11:27:13 PM
Last accessed : 6/23/2004 12:25:39 AM
Last modified : 3/14/2003 12:56:46 PM

#:18 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 6-23-2004 12:25:39 AM
BasePriority : Normal
FileSize : 620 KB
FileVersion : 7.4.2 13Mar03
ProductVersion : 7.4.2 13Mar03
Copyright : Copyright (C) Synaptics, Inc. 1996-2002
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
OriginalFilename : SynTPEnh.exe
ProductName : Progressive Touch
Created on : 5/22/2003 11:27:13 PM
Last accessed : 6/23/2004 12:25:39 AM
Last modified : 3/14/2003 12:56:10 PM

#:19 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 6-23-2004 12:25:44 AM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 2/12/2004 9:30:48 PM
Last accessed : 6/23/2004 12:25:44 AM
Last modified : 12/2/2003 9:11:04 PM

#:20 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ThreadCreationTime : 6-23-2004 12:25:45 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 5.3.5.10
ProductVersion : 5.3.5.10
Copyright : Copyright (c) 2001-2003, Roxio, Inc.
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : Directcd.exe
ProductName : DirectCD
Created on : 3/26/2003 6:15:24 PM
Last accessed : 6/23/2004 12:25:46 AM
Last modified : 3/26/2003 6:15:24 PM

#:21 [hpztsb05.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ThreadCreationTime : 6-23-2004 12:25:46 AM
BasePriority : Normal
FileSize : 184 KB
FileVersion : 2,121,0,0
ProductVersion : 2,121,0,0
Copyright : Copyright (c) Hewlett-Packard Company 1999-2002
CompanyName : HP
ProductName : HP DeskJet
Created on : 1/6/2004 1:49:29 AM
Last accessed : 6/23/2004 12:25:46 AM
Last modified : 3/28/2002 8:50:30 AM

#:22 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 6-23-2004 12:25:46 AM
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.4
ProductVersion : QuickTime 6.4
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 1/28/2004 1:41:01 AM
Last accessed : 6/23/2004 12:25:47 AM
Last modified : 1/28/2004 1:41:01 AM

#:23 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 6-23-2004 12:25:47 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
Copyright : TODO: (c) <Company name>. All rights reserved.
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
OriginalFilename : mmtask.exe
ProductName : TODO: <Product name>
Created on : 4/30/2004 8:57:28 PM
Last accessed : 6/23/2004 12:25:47 AM
Last modified : 4/20/2004 8:50:16 PM

#:24 [aim.exe]
FilePath : C:\Program Files\AIM\
ThreadCreationTime : 6-23-2004 12:25:48 AM
BasePriority : Normal
FileSize : 60 KB
FileVersion : 5.5.3572
ProductVersion : 5.5.3572
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
OriginalFilename : AIM.EXE
ProductName : AOL Instant Messenger
Created on : 2/10/2004 2:03:32 AM
Last accessed : 6/23/2004 12:45:02 AM
Last modified : 2/4/2004 8:29:24 PM

#:25 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 6-23-2004 12:25:50 AM
BasePriority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 12/18/2003 4:02:22 AM
Last accessed : 6/23/2004 12:25:50 AM
Last modified : 3/4/2004 7:01:00 PM

#:26 [nclaunch.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 6-23-2004 12:25:51 AM
BasePriority : Normal
FileSize : 40 KB
FileVersion : 2, 2, 0, 67
ProductVersion : 2, 2, 0, 67
Copyright : Copyright
CompanyName : Northcode Inc.
FileDescription : NCLaunch
InternalName : NCLaunch
OriginalFilename : NCLaunch.exe
ProductName : Northcode NCLaunch
Created on : 3/9/2004 12:02:41 AM
Last accessed : 6/23/2004 12:25:51 AM
Last modified : 3/9/2004 12:02:41 AM

#:27 [msgked.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-23-2004 12:25:51 AM
BasePriority : Normal
FileSize : 46 KB
Created on : 6/17/2004 3:03:12 PM
Last accessed : 6/23/2004 12:25:52 AM
Last modified : 8/23/2001

#:28 [airplus.exe]
FilePath : C:\Program Files\D-Link AirPlus\
ThreadCreationTime : 6-23-2004 12:25:54 AM
BasePriority : Normal
FileSize : 256 KB
FileVersion : 3, 0, 2, 0
ProductVersion : 3, 0, 2, 0
Copyright : Copyright (C) 2002
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
OriginalFilename : AIRPLUS.EXE
ProductName : D-Link AirPlus
Created on : 9/4/2003 2:32:51 AM
Last accessed : 6/23/2004 12:21:50 AM
Last modified : 3/5/2003 10:37:06 PM

#:29 [updatedl.exe]
FilePath : C:\Program Files\Pop Blocker\
ThreadCreationTime : 6-23-2004 12:27:18 AM
BasePriority : Normal
FileSize : 108 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Global Information Technology
InternalName : UpdatedL
OriginalFilename : UpdatedL.exe
ProductName : Updated Lite
Created on : 10/28/2002 12:29:06 AM
Last accessed : 6/23/2004 12:27:18 AM
Last modified : 10/28/2002 12:29:06 AM

#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 6-23-2004 12:43:56 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:44:16 AM
Last modified : 8/29/2002 2:00:00 AM

#:31 [hijackthis.exe]
FilePath : C:\Documents and Settings\Salih\Desktop\hijackthis\
ThreadCreationTime : 6-23-2004 12:55:49 AM
BasePriority : Normal
FileSize : 156 KB
FileVersion : 1.97.0005
ProductVersion : 1.97.0005
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
OriginalFilename : HijackThis.exe
ProductName : HijackThis
Created on : 11/10/2003 1:00:22 AM
Last accessed : 6/23/2004 12:55:49 AM
Last modified : 11/10/2003 1:00:22 AM

#:32 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:56:14 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
OriginalFilename : NOTEPAD.EXE
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:56:14 AM
Last modified : 8/29/2002 2:00:00 AM

#:33 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 6-23-2004 12:56:31 AM
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 4/14/2003 11:30:14 PM
Last accessed : 6/23/2004 12:34:14 AM
Last modified : 4/14/2003 11:30:14 PM

#:34 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 6-23-2004 12:58:07 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 5/21/2004 3:06:39 AM
Last accessed : 6/23/2004 12:58:07 AM
Last modified : 7/13/2003 1:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

AdDestroyer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\app management\arpcache\addestroyer


AdDestroyer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\addestroyer


AdDestroyer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\addestroyer


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : AppID\C22A6AF2-C946-4EBF-861C-62252458827F


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : AppID\{026E4B83-1BF7-41CB-8233-4AF35341BC69}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{00A0A40C-F432-4C59-BA11-B25D142C7AB7}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0982868C-47F0-4EFB-A664-C7B0B1015808}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0BA1C6EB-D062-4E37-9DB5-B07743276324}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{25F7FA20-3FC3-11D7-B487-00D05990014C}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{94927A13-4AAA-476A-989D-392456427688}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{CC916B4B-BE44-4026-A19D-8C74BBD23361}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : dnsrep.dnsrepobj


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : dnsrep.dnsrepobj.1


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A679DB3C-6A3C-49D7-9D03-5D2F88715DB7}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A7370377-E217-4467-8448-9845270CD4A3}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\iPend


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A0A40C-F432-4C59-BA11-B25D142C7AB7}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0982868C-47F0-4EFB-A664-C7B0B1015808}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ba1c6eb-d062-4e37-9db5-b07743276324}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{25F7FA20-3FC3-11D7-B487-00D05990014C}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94927a13-4aaa-476a-989d-392456427688}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC916B4B-BE44-4026-A19D-8C74BBD23361}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{026E4B83-1BF7-41CB-8233-4AF35341BC69}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{C22A6AF2-C946-4EBF-861C-62252458827F}


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : urlcli.UrlCliObj


ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : urlcli.UrlCliObj.1


DyFuCA Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}


DyFuCA Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{cea206e8-8057-4a04-ace9-ff0d69a92297}


DyFuCA Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj


DyFuCA Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1


DyFuCA Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}


Favoriteman Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{F1616B86-9288-489D-B71A-0CCF2F1A89DA}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Handler\tpro


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Name-Space Handler\res\toolbar.ResProtocol


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbar.ResProtocol


istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ISTactivex.Installer


istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer.2


istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\IST


Jeired Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{707e6f76-9ffb-4920-a976-ea101271bc25}


VirtualBouncer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\VB and VBA Program Settings\VBouncer


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP


Favoriteman Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows
Value : Counter


Favoriteman Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows
Value : Server


Favoriteman Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows
Value : Object


IBIS Toolbar Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : {339BB23F-A864-48C0-A59F-29EA915965EC}


Omi-Update Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : msmc


Windows Object recognized!
Type : RegData
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value : Shell
Data :


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 53
Objects found so far: 53


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 53


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : salih@180solutions[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 1:39:52 PM
Last accessed : 6/23/2004 12:26:53 AM
Last modified : 6/21/2004 1:40:04 PM



Tracking Cookie Object recognized!
Type : File
Data : salih@2o7[2].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 9:56:18 PM
Last accessed : 6/23/2004 12:26:53 AM
Last modified : 6/21/2004 9:56:18 PM



Tracking Cookie Object recognized!
Type : File
Data : salih@bilbo.counted[2].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 1:40:03 PM
Last accessed : 6/23/2004 12:29:42 AM
Last modified : 6/23/2004 12:29:42 AM



Tracking Cookie Object recognized!
Type : File
Data : salih@clickbank[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 9:52:07 PM
Last accessed : 6/23/2004 12:26:54 AM
Last modified : 6/21/2004 9:52:07 PM



Tracking Cookie Object recognized!
Type : File
Data : salih@edge.ru4[2].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/22/2004 1:47:18 PM
Last accessed : 6/23/2004 12:26:54 AM
Last modified : 6/22/2004 1:47:18 PM



Tracking Cookie Object recognized!
Type : File
Data : salih@fastclick[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 9:44:36 PM
Last accessed : 6/23/2004 12:35:36 AM
Last modified : 6/23/2004 12:35:36 AM



Tracking Cookie Object recognized!
Type : File
Data : salih@qksrv[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 7:28:10 PM
Last accessed : 6/23/2004 12:26:56 AM
Last modified : 6/21/2004 7:28:10 PM



Tracking Cookie Object recognized!
Type : File
Data : salih@questionmarket[2].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/22/2004 5:16:16 PM
Last accessed : 6/23/2004 12:26:57 AM
Last modified : 6/22/2004 5:16:17 PM



Tracking Cookie Object recognized!
Type : File
Data : salih@revenue[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/22/2004 1:15:29 AM
Last accessed : 6/23/2004 12:26:57 AM
Last modified : 6/22/2004 1:15:29 AM



Tracking Cookie Object recognized!
Type : File
Data : salih@server.iad.liveperson[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 9:02:41 PM
Last accessed : 6/23/2004 12:26:57 AM
Last modified : 6/21/2004 9:02:41 PM



Tracking Cookie Object recognized!
Type : File
Data : salih@tribalfusion[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/23/2004 12:39:06 AM
Last accessed : 6/23/2004 12:39:06 AM
Last modified : 6/23/2004 12:39:06 AM



Tracking Cookie Object recognized!
Type : File
Data : salih@z1.adserver[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/23/2004 12:44:27 AM
Last accessed : 6/23/2004 12:44:27 AM
Last modified : 6/23/2004 12:44:27 AM


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Favoriteman Object recognized!
Type : File
Data : im64.dll
Object : C:\WINDOWS\System32\
FileSize : 1 KB
Created on : 6/16/2004 2:16:33 AM
Last accessed : 6/23/2004 1:03:44 AM
Last modified : 6/21/2004 12:01:47 AM



SahAgent Object recognized!
Type : File
Data : lsp.dll
Object : C:\WINDOWS\System32\
FileSize : 52 KB
FileVersion : 1, 1, 1, 20
ProductVersion : 1, 1, 1, 20
Copyright : Copyright
CompanyName : ITForum
FileDescription : LSP
InternalName : LSP
OriginalFilename : LSP.DLL
ProductName : ITForum LSP
Created on : 6/16/2004 2:16:49 AM
Last accessed : 6/23/2004 1:03:59 AM
Last modified : 11/13/2003 9:35:00 AM



SahAgent Object recognized!
Type : File
Data : sahagent1019.exe
Object : C:\WINDOWS\System32\
FileSize : 53 KB
Created on : 6/16/2004 2:16:42 AM
Last accessed : 6/23/2004 1:04:29 AM
Last modified : 6/16/2004 2:16:42 AM



SahAgent Object recognized!
Type : File
Data : sahhtml.exe
Object : C:\WINDOWS\System32\
FileSize : 54 KB
FileVersion : 1, 1, 1, 5
ProductVersion : 1, 1, 1, 5
Copyright : Copyright
CompanyName : VGroup
FileDescription : Html
InternalName : Html
OriginalFilename : Html.exe
ProductName : VGroup Html
Created on : 6/16/2004 2:16:50 AM
Last accessed : 6/23/2004 1:04:29 AM
Last modified : 1/27/2004 9:35:24 AM




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

AdDestroyer Object recognized!
Type : Folder
Object : c:\program files\AdDestroyer


AdDestroyer Object recognized!
Type : File
Data : addestroyer.wav
Object : c:\program files\addestroyer\
FileSize : 1 KB
Created on : 6/18/2004 1:54:33 AM
Last accessed : 6/23/2004 1:04:50 AM
Last modified : 7/11/1997 9:37:00 AM



AdDestroyer Object recognized!
Type : File
Data : ~glh000a.tmp
Object : c:\program files\addestroyer\

Created on : 6/18/2004 1:54:33 AM
Last accessed : 6/23/2004 1:04:50 AM
Last modified : 6/18/2004 1:54:33 AM



AdDestroyer Object recognized!
Type : File
Data : popoops.dll
Object : c:\windows\system32\
FileSize : 24 KB
FileVersion : 2, 1, 0, 3
ProductVersion : 2, 1, 0, 3
CompanyName : Shahin Gasanov
FileDescription : PopOops
InternalName : PopOops
OriginalFilename : PopOops.dll
ProductName : PopOops
Created on : 6/18/2004 1:54:31 AM
Last accessed : 6/23/2004 1:04:22 AM
Last modified : 3/18/2003 9:00:00 AM



AdDestroyer Object recognized!
Type : File
Data : popoops2.dll
Object : c:\windows\system32\
FileSize : 40 KB
FileVersion : 1.01.0001
ProductVersion : 1.01.0001
CompanyName : Shahin Gasanov
FileDescription : PopOops2
InternalName : PopOops2
OriginalFilename : PopOops2.dll
ProductName : PopOops2
Created on : 6/18/2004 1:54:30 AM
Last accessed : 6/23/2004 1:04:22 AM
Last modified : 7/30/2003 8:07:16 PM



AdDestroyer Object recognized!
Type : File
Data : swlad1.dll
Object : c:\windows\system32\
FileSize : 40 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Globes
InternalName : SWLAD1
OriginalFilename : SWLAD1.dll
ProductName : PopOops2
Created on : 6/18/2004 1:54:32 AM
Last accessed : 6/23/2004 1:04:36 AM
Last modified : 8/25/2003 6:29:50 PM



AdDestroyer Object recognized!
Type : File
Data : swlad2.dll
Object : c:\windows\system32\
FileSize : 24 KB
Created on : 6/18/2004 1:54:32 AM
Last accessed : 6/23/2004 1:04:36 AM
Last modified : 8/25/2003 6:29:26 PM



ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : AppID\dnsrep.DLL


DyFuCA Object recognized!
Type : File
Data : nem218.dll
Object : c:\windows\
FileSize : 33 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2002
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
OriginalFilename : DyFuCA_BH.DLL
ProductName : DyFuCA_BH Module
Created on : 6/21/2004 12:18:08 PM
Last accessed : 6/23/2004 1:04:50 AM
Last modified : 6/21/2004 12:18:08 PM



Favoriteman Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{EF100007-F409-426A-9E7C-CB211F2A9786}


Favoriteman Object recognized!
Type : File
Data : v.dat
Object : c:\windows\system32\
FileSize : 169 KB
Created on : 6/16/2004 2:16:50 AM
Last accessed : 6/23/2004 1:04:50 AM
Last modified : 6/16/2004 2:17:11 AM



Favoriteman Object recognized!
Type : File
Data : vg.dat
Object : c:\windows\system32\
FileSize : 2 KB
Created on : 6/16/2004 2:16:50 AM
Last accessed : 6/23/2004 1:04:50 AM
Last modified : 6/16/2004 2:17:12 AM



IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Toolbar


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Toolbar


IBIS Toolbar Object recognized!
Type : Folder
Object : c:\program files\Toolbar


IBIS Toolbar Object recognized!
Type : File
Data : cursors
Object : c:\program files\toolbar\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/22/2004 8:11:27 PM
Last modified : 6/17/2004 11:51:47 PM



IBIS Toolbar Object recognized!
Type : File
Data : iexploreskins.exe
Object : c:\program files\toolbar\
FileSize : 6 KB
Created on : 6/17/2004 11:51:44 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 3/19/2004 8:21:54 AM



IBIS Toolbar Object recognized!
Type : File
Data : rw.wzg
Object : c:\program files\toolbar\
FileSize : 6 KB
Created on : 6/17/2004 11:52:13 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/21/2004 1:40:03 PM



IBIS Toolbar Object recognized!
Type : File
Data : skins
Object : c:\program files\toolbar\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/22/2004 8:11:27 PM
Last modified : 6/17/2004 11:51:47 PM



IBIS Toolbar Object recognized!
Type : File
Data : temp
Object : c:\program files\toolbar\

Created on : 6/17/2004 11:52:09 PM
Last accessed : 6/22/2004 8:11:27 PM
Last modified : 6/17/2004 11:52:09 PM



IBIS Toolbar Object recognized!
Type : File
Data : toolbar.dll
Object : c:\program files\toolbar\
FileSize : 621 KB
Created on : 6/17/2004 11:51:46 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/8/2004 2:49:46 PM



IBIS Toolbar Object recognized!
Type : File
Data : xlmurin.wzg
Object : c:\program files\toolbar\

Created on : 6/17/2004 11:51:54 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/21/2004 1:51:32 PM



IBIS Toolbar Object recognized!
Type : File
Data : xzxsv.wzg
Object : c:\program files\toolbar\
FileSize : 22 KB
Created on : 6/17/2004 11:52:13 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/21/2004 1:40:03 PM



IBIS Toolbar Object recognized!
Type : File
Data : yildhvi.olt
Object : c:\program files\toolbar\
FileSize : 3 KB
Created on : 6/21/2004 7:32:12 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/21/2004 9:12:52 PM



IBIS Toolbar Object recognized!
Type : File
Data : frequently asked questions.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/17/2004 11:51:47 PM



IBIS Toolbar Object recognized!
Type : File
Data : home.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/17/2004 11:51:47 PM



IBIS Toolbar Object recognized!
Type : File
Data : privacy policy.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/17/2004 11:51:48 PM



IBIS Toolbar Object recognized!
Type : File
Data : terms of use.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/17/2004 11:51:47 PM



istbar Object recognized!
Type : Folder
Object : c:\documents and settings\salih\favorites\Adult Sites


istbar Object recognized!
Type : Folder
Object : c:\documents and settings\salih\favorites\Free Adult Content


istbar Object recognized!
Type : Folder
Object : c:\program files\ISTsvc


istbar Object recognized!
Type : File
Data : amateur
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:57 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:57 PM



istbar Object recognized!
Type : File
Data : anal
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:57 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:58 PM



istbar Object recognized!
Type : File
Data : asian
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM



istbar Object recognized!
Type : File
Data : bisexual
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM



istbar Object recognized!
Type : File
Data : black
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM



istbar Object recognized!
Type : File
Data : cartoon
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM



istbar Object recognized!
Type : File
Data : cumshots
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM



istbar Object recognized!
Type : File
Data : fetish
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM



istbar Object recognized!
Type : File
Data : gang bang
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:58 PM



istbar Object recognized!
Type : File
Data : gay
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:58 PM



istbar Object recognized!
Type : File
Data : hardcore
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:59 PM



istbar Object recognized!
Type : File
Data : interacial
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:59 PM



istbar Object recognized!
Type : File
Data : latin
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:17:59 PM



istbar Object recognized!
Type : File
Data : lesbian
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:17:59 PM



istbar Object recognized!
Type : File
Data : mature
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:17:59 PM



istbar Object recognized!
Type : File
Data : peeing
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:03 PM



istbar Object recognized!
Type : File
Data : reality
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:04 PM



istbar Object recognized!
Type : File
Data : teen
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:00 PM



istbar Object recognized!
Type : File
Data : teen hardcore
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:00 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:00 PM



istbar Object recognized!
Type : File
Data : tits
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:00 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:03 PM



istbar Object recognized!
Type : File
Data : transexual
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:03 PM



istbar Object recognized!
Type : File
Data : upskirt
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:03 PM



istbar Object recognized!
Type : File
Data : video
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:00 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:00 PM



istbar Object recognized!
Type : File
Data : voyeur
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:00 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:00 PM



istbar Object recognized!
Type : File
Data : daily movies
Object : c:\documents and settings\salih\favorites\free adult content\

Created on : 6/21/2004 12:18:02 PM
Last accessed : 6/22/2004 8:23:07 PM
Last modified : 6/21/2004 12:18:03 PM



istbar Object recognized!
Type : File
Data : daily pictures
Object : c:\documents and settings\salih\favorites\free adult content\

Created on : 6/21/2004 12:18:00 PM
Last accessed : 6/22/2004 8:23:06 PM
Last modified : 6/21/2004 12:18:04 PM



istbar Object recognized!
Type : File
Data : free live chat
Object : c:\documents and settings\salih\favorites\free adult content\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:04 PM
Last modified : 6/21/2004 12:18:03 PM



Jeired Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\UrlSearchHooks
Value : {707E6F76-9FFB-4920-A976-EA101271BC25}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain


Omi-Update Object recognized!
Type : File
Data : cfg.dat
Object : c:\windows\system32\

Created on : 8/23/2001
Last accessed : 6/23/2004 12:25:58 AM
Last modified : 8/23/2001



Omi-Update Object recognized!
Type : File
Data : msmc.exe
Object : c:\windows\system32\
FileSize : 46 KB
Created on : 6/16/2004 2:16:03 AM
Last accessed : 6/23/2004 1:04:07 AM
Last modified : 6/16/2004 2:16:03 AM



SahAgent Object recognized!
Type : File
Data : sahuninstall.exe
Object : c:\windows\
FileSize : 29 KB
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
Copyright : Copyright
FileDescription : SAHUninstall
InternalName : SAHUninstall
OriginalFilename : SAHUninstall.dll
ProductName : SAHUninstall
Created on : 6/16/2004 2:16:50 AM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 1/27/2004 9:34:48 AM



Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 66
Objects found so far: 135


9:04:53 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:06:16:10
Objects scanned :45720
Objects identified :135
Objects ignored :0
New objects :135

after i delted all the files... i changed my homepage... and then i watied a couple of minutes... and it went back to about:blank and i got my pop-ups please help asap

jendej Jun 22nd, 2004 10:19 pm
Re: About:Blank Homepage
 
most of the programs can't catch all of this one. i'm going to give you a thread. in it is a specific set of instructions that may help some. try it and see if it works for you. my system is better, but i still find elements of this virus lingering and i am waiting for more help to destroy the remaining hidden files.

http://daniweb.com/techtalkforums/thread5531.html

there is a post from Iced on 6/18/04 at 5:17 pm that describes in detail what to try. good luck

Silent Jun 22nd, 2004 10:20 pm
Re: About:Blank Homepage
 
cws shredder didnt find anything for me...

Silent Jun 22nd, 2004 11:10 pm
Re: About:Blank Homepage
 
i tried that site.. but cws shredder didnt pick anythng up... and then when i went to the regedit and i did all that stuff it said.. nothing was in the binary thing... it was just 0's

Silent Jun 23rd, 2004 7:58 am
Re: About:Blank Homepage
 
anyone????

Silent Jun 24th, 2004 1:15 pm
Re: About:Blank Homepage
 
somebody please help!

alc6379 Jun 24th, 2004 1:33 pm
Re: About:Blank Homepage
 
I don't normally give direct help with HJT logs, but I am in this case because I've specifically run into this one, and it is a nasty to remove. First off, I know these entries are bad:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.socom2battles.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =


And some of these look random, which would make me a little suspicious:

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
O2 - BHO: (no name) - {0B9B83D5-AF96-46A3-9224-A96944F99FF4} - C:\WINDOWS\System32\fgkohba.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msfaol.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

Now, with this information, let me ask you: Do you use any P2P programs, like Kazaa or iMesh, or Limewire? These are some of the biggest sources of this stuff. Also, make sure you're running Windows Update on a regular basis, as these hijacks are often prevented by patches available through the Windows Update service.

Silent Jun 24th, 2004 6:27 pm
Re: About:Blank Homepage
 
no i dont ahve any p2p programs... so do i have to fix all those programs listed above?


All times are GMT -4. The time now is 5:16 pm.
1 2 Last »
Show 40 post(s) from this thread on one page

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC