Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Just another "Best Offer" Need for Help!

Reply
1 2 Last »

Join Date: Mar 2006
Posts: 16
Reputation: deb_sully62 is an unknown quantity at this point 
Solved Threads: 0
deb_sully62 deb_sully62 is offline Offline
Newbie Poster

Just another "Best Offer" Need for Help!

 
0
  #1
Mar 11th, 2006
I know this is the same ole same ole but please help me!!!!
I do not have RXToolbar, or several of the other programs but I cannot for the life of me get rid of tbon.exe (The Best Offers). I truly hate it and am ready to take a hammer to this pc. Here is my HJT log: (Can you help) And also, I am slightly illiterate when it comes to the computer so talk slowly and in simple terms!! Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 2:50:22 PM, on 3/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ACCELE~1\SCRIPT~1\scan.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe
C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\ACCELE~1\VELOZD~1\velozsys.exe
C:\PROGRA~1\ACCELE~1\VELOZD~1\veloz.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\Wave Wireless\Client Manager\cm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\System32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\System32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ipnb.exe] C:\WINDOWS\system32\ipnb.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
O4 - HKLM\..\Run: [37372al0] C:\WINDOWS\System32\37372al0.exe
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1\sginst.exe /upd
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [bO²ùðY×y-¯Œ] C:\WINDOWS\yqyxxsx.exe
O4 - HKLM\..\Run: [Bc6w] C:\WINDOWS\yqyxxsx.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\Acceleration Software\StopSignProducts\Firewall\ssfwmon.dll",VerifyStatus
O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoopService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
O4 - HKLM\..\RunOnce: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\Acceleration Software\StopSignProducts\Firewall\ssfwmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Client Manager.lnk = C:\Program Files\Wave Wireless\Client Manager\cm.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_it.dll (file missing)
O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra 'Tools' menuitem: Block This Page - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\System32\c_10230.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Microsoft® JavaScript® Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_it.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\System32\c_10230.dll (file missing) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Home Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Mosaic Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - FTP Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Gopher Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/stop-sign_stp.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131749754187
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.bigfishgames.com/online/feedingfrenzy/Game/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup141.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4713/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CD2AF26-8872-48A6-84A7-7BD36CD9ED4C}: NameServer = 204.117.214.10,216.163.120.19
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FWService - eAcceleration Corp. - C:\Program Files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Always,
~Debbie
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 244
Reputation: D3m3nt3d is an unknown quantity at this point 
Solved Threads: 13
D3m3nt3d's Avatar
D3m3nt3d D3m3nt3d is offline Offline
Posting Whiz in Training

Re: Just another "Best Offer" Need for Help!

 
0
  #2
Mar 11th, 2006
Alright - you have several problems with that log just to let you know. It will more than likely take several passes to get it all.

First place I need you to start is download the following tools for me

You can actually use Best Offers Uninstaller here
http://www.bestoffersnetworks.com/uninstall/

CWShredder
http://malwareteks.com/dload.php?act...oad&file_id=36

CCleaner
http://www.filehippo.com/download/51.../download.html

Ad-Aware SE Personal
http://www.download.com/Ad-Aware-SE-...ml?tag=lst-0-2

Spybot Search and Destroy
http://www.download.com/Spybot-Searc...ml?tag=lst-0-1

Ewido
http://www.download.com/Ewido-Securi...ml?tag=lst-0-1

Spysweeper
http://www.malwareteks.com/dload.php...load&file_id=5

Pocket Killbox
http://bleepingcomputer.com/files/spyware/KillBox.zip
-Unzip to its own folder

Now since you have Windows XP - I want us to start in Safe Mode with Networking
-Restart your PC
-Repeatedly tap F8 before the "Loading Windows" screen appears
-Choose Safe Mode with Networking
-You will see the screen scroll down - this is normal

Now on to the cleaning...

Open up CCleaner first
-run ONLY the default scan (Windows Tab). Do Not “Scan For Issues� unless specifically asked to do so!
-Simply open it and choose Run Cleaner

Open CWShedder
-Run it and let it remove anything it finds

Open Ad-Aware
-Allow it to update to the latest definitions
-Run it and remove everything it finds

Open Spybot
-Allow it to update
-Run it and fix what it finds

Open Ewido
-Click Update>Start Update
-Run it and remove everything it finds
-Save the report at the end and attach it for me when you return

Now Reboot back into Normal Mode

Open Spysweeper
-Allow it to update then run a Sweep
-Let it remove everything it finds
-Please save this log for me and attach it

Now run Kaspersky Online Scanner
http://www.kaspersky.com/scanforvirus.html

Save the log and attach it for me as well.

If you can not get these logs in one post that is fine, use as many posts as necessary.

I need the following
  • Ewido Scan Report
  • Spysweepers log
  • Kaspersky's log
  • New HijackThis log

If you run into trouble with a particular step, just skip it and move on. Let me know when you return any problems you may have encountered

Good Luck
Proud Member of ASAP (Alliance of Security Analysis Professionals)
Reply With Quote Quick reply to this message  
Join Date: Mar 2006
Posts: 16
Reputation: deb_sully62 is an unknown quantity at this point 
Solved Threads: 0
deb_sully62 deb_sully62 is offline Offline
Newbie Poster

Re: Just another "Best Offer" Need for Help!

 
0
  #3
Mar 16th, 2006
So this has been a very long process but here are the first two logs for you:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:52:31 PM, 3/15/2006
+ Report-Checksum: 8312C154

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{0DB27B81-1712-7464-869A-0E16A2436BED} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3ADF6E21-B4FD-8BC8-10C3-A9846D3FEC69} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cliks[4].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cliks[5].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cliks[7].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cliks[8].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cliks[9].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Program Files\mozilla.org\Mozilla\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup
C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\TBONBin\tbon.exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\TBONBin\TBONInst.cfg -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\TBONBin\TBONUnst.htm -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\TBONBin\TBONWnd.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\TBONBin\Uninstall.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP498\A0136819.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP498\A0136820.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP498\A0136823.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP499\A0137807.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP500\A0138807.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP502\A0141806.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP503\A0141830.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP503\A0145420.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP503\A0145645.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP503\A0145649.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP503\A0145787.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP503\A0145789.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP503\A0145790.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP504\A0145952.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP504\A0145954.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP504\A0145957.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP504\A0149001.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP504\A0149004.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP504\A0149009.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP505\A0149140.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP505\A0149143.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP505\A0152114.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP505\A0152116.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP505\A0152117.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP505\A0152120.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP505\A0152122.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP505\A0152124.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP505\A0153906.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP505\A0153919.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP505\A0153922.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0154150.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0157682.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0157685.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0157687.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0157688.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0159718.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0159720.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0159721.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0161705.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0161707.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0161708.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0161709.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0161711.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0161713.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0164064.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0164074.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0165104.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0165155.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0166151.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP507\A0167151.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP508\A0168151.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP509\A0169151.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP510\A0169501.dll -> Adware.Ihbo : Cleaned with backup
C:\WINDOWS\SYSTEM32\evziw.dll -> Adware.WurldMedia : Cleaned with backup


::Report End

And the Spysweepers:

********
9:59 PM: | Start of Session, Wednesday, March 15, 2006 |
9:59 PM: Spy Sweeper started
9:59 PM: Sweep initiated using definitions version 556
9:59 PM: Starting Memory Sweep
10:02 PM: Memory Sweep Complete, Elapsed Time: 00:03:35
10:02 PM: Starting Registry Sweep
10:02 PM: Found Adware: clipgenie
10:02 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\clipgenie\ (2 subtraces) (ID = 105921)
10:02 PM: Found Adware: coolwebsearch (cws)
10:02 PM: HKCR\interface\{c19eb5b1-fc58-456e-8793-384532ed5970}\ (8 subtraces) (ID = 108398)
10:02 PM: HKLM\software\classes\interface\{c19eb5b1-fc58-456e-8793-384532ed5970}\ (8 subtraces) (ID = 109776)
10:02 PM: Found Adware: cws mastersearch hijacker
10:02 PM: HKCR\clsid\{869ee607-5376-486d-8dac-edc8e239ad5f}\ (2 subtraces) (ID = 117459)
10:02 PM: HKLM\software\classes\clsid\{869ee607-5376-486d-8dac-edc8e239ad5f}\ (2 subtraces) (ID = 117461)
10:02 PM: HKLM\software\microsoft\internet explorer\extensions\{869ee607-5376-486d-8dac-edc8e239ad5f}\ (1 subtraces) (ID = 117462)
10:02 PM: Found Adware: cws_ns3
10:02 PM: HKCR\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (2 subtraces) (ID = 118189)
10:02 PM: HKLM\software\classes\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (2 subtraces) (ID = 120046)
10:02 PM: Found Adware: cws searchpage.html hijack
10:02 PM: HKLM\software\microsoft\internet explorer\ || search (ID = 123515)
10:03 PM: Found Adware: heretofind
10:03 PM: HKCR\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (2 subtraces) (ID = 127065)
10:03 PM: Found Adware: spad
10:03 PM: HKCR\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (2 subtraces) (ID = 127065)
10:03 PM: HKLM\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (1 subtraces) (ID = 127105)
10:03 PM: HKLM\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (1 subtraces) (ID = 127105)
10:03 PM: HKLM\software\classes\clsid\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (2 subtraces) (ID = 127120)
10:03 PM: Found Adware: instant access
10:03 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\egdial.dll (ID = 128823)
10:03 PM: Found Adware: safesurf
10:03 PM: HKLM\software\microsoft\windows\currentversion\ || np (ID = 140392)
10:03 PM: Found Adware: scbar
10:03 PM: HKLM\software\microsoft\windows\currentversion\uninstall\data compiler\ (2 subtraces) (ID = 140509)
10:03 PM: HKLM\software\microsoft\windows\currentversion\uninstall\indexing function\ (2 subtraces) (ID = 140510)
10:03 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sbm os\ (2 subtraces) (ID = 140511)
10:03 PM: Found Adware: screensavers
10:03 PM: HKLM\software\screensavers.com\ (ID = 140569)
10:03 PM: Found Adware: websearch toolbar
10:03 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wintools_esies\ (4 subtraces) (ID = 146511)
10:03 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
10:03 PM: Found Adware: wurldmedia
10:03 PM: HKCR\appid\sostatatl.exe\ (1 subtraces) (ID = 147535)
10:03 PM: HKCR\appid\{dee5d795-a276-43b5-a04a-511149a354f0}\ (1 subtraces) (ID = 147536)
10:03 PM: HKCR\interface\{9603a736-05b9-4d78-bdd5-bdcb0914e522}\ (8 subtraces) (ID = 147565)
10:03 PM: Found Adware: rx toolbar
10:03 PM: HKCR\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 subtraces) (ID = 729573)
10:03 PM: HKLM\software\classes\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 subtraces) (ID = 729652)
10:03 PM: Found Adware: cws-aboutblank
10:03 PM: HKU\S-1-5-21-2885428501-3646499915-426764551-1003\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
10:03 PM: HKU\S-1-5-21-2885428501-3646499915-426764551-1003\software\microsoft\internet explorer\extensions\{869ee607-5376-486d-8dac-edc8e239ad5f}\ (1 subtraces) (ID = 117460)
10:03 PM: HKU\S-1-5-21-2885428501-3646499915-426764551-1003\software\microsoft\internet explorer\ || search (ID = 123514)
10:03 PM: HKU\S-1-5-21-2885428501-3646499915-426764551-1003\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (1 subtraces) (ID = 127080)
10:03 PM: HKU\S-1-5-21-2885428501-3646499915-426764551-1003\software\microsoft\internet explorer\extensions\{237aa178-c3bc-4f67-a8bb-d8bc14ba0b89}\ (1 subtraces) (ID = 127080)
10:03 PM: Registry Sweep Complete, Elapsed Time:00:00:46
10:03 PM: Starting Cookie Sweep
10:03 PM: Found Spy Cookie: advertising cookie
10:03 PM: owner@advertising[1].txt (ID = 2175)
10:03 PM: Found Spy Cookie: atlas dmt cookie
10:03 PM: owner@atdmt[2].txt (ID = 2253)
10:03 PM: Found Spy Cookie: a cookie
10:03 PM: owner@a[1].txt (ID = 2027)
10:03 PM: owner@a[4].txt (ID = 2027)
10:03 PM: Found Spy Cookie: offeroptimizer cookie
10:03 PM: owner@offeroptimizer[2].txt (ID = 3087)
10:03 PM: owner@offeroptimizer[3].txt (ID = 3087)
10:03 PM: owner@offeroptimizer[4].txt (ID = 3087)
10:03 PM: owner@offeroptimizer[7].txt (ID = 3087)
10:03 PM: Found Spy Cookie: realmedia cookie
10:03 PM: owner@realmedia[2].txt (ID = 3235)
10:03 PM: Found Spy Cookie: trafficmp cookie
10:03 PM: owner@trafficmp[1].txt (ID = 3581)
10:03 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
10:03 PM: Starting File Sweep
10:04 PM: Found Adware: apropos
10:04 PM: wingenerics.dll (ID = 50187)
10:05 PM: Found Adware: cws_tiny0
10:05 PM: tmupdate.ini:rjteb (ID = 56904)
10:05 PM: ~glh0000.tmp:egqly (ID = 56904)
10:05 PM: ~glh0000.tmp:oewrc (ID = 56904)
10:05 PM: ~glh0000.tmp:rygqah (ID = 56887)
10:06 PM: Found Adware: abetterinternet
10:06 PM: bii.inf (ID = 83197)
10:16 PM: File Sweep Complete, Elapsed Time: 00:12:49
10:16 PM: Full Sweep has completed. Elapsed time 00:17:20
10:16 PM: Traces Found: 132
********
9:56 PM: | Start of Session, Wednesday, March 15, 2006 |
9:56 PM: Spy Sweeper started
9:58 PM: Updating spyware definitions
9:58 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
9:59 PM: Updating spyware definitions
9:59 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
9:59 PM: | End of Session, Wednesday, March 15, 2006 |

The Kaspersky scan is just finishing up and then I will send it as well as the new HiJackThis log.
Reply With Quote Quick reply to this message  
Join Date: Mar 2006
Posts: 16
Reputation: deb_sully62 is an unknown quantity at this point 
Solved Threads: 0
deb_sully62 deb_sully62 is offline Offline
Newbie Poster

Re: Just another "Best Offer" Need for Help!

 
0
  #4
Mar 16th, 2006
Oh...also:
I was unable to do CWShredder. For some reason it did not download right.
Reply With Quote Quick reply to this message  
Join Date: Mar 2006
Posts: 16
Reputation: deb_sully62 is an unknown quantity at this point 
Solved Threads: 0
deb_sully62 deb_sully62 is offline Offline
Newbie Poster

Re: Just another "Best Offer" Need for Help!

 
0
  #5
Mar 16th, 2006
Here are the Kaspersky Logs and the final HijackThis log:
(A couple problems-- When it was complete, I had lost almost all the icons off my desktop. Also, I pay for Acceleration Anti-virus Software every month and the scans that you suggested wiped that off my programs.)
KASPERSKY ON-LINE SCANNER REPORT
Thursday, March 16, 2006 12:47:51 AM
Operating System: Microsoft Windows XP Home Edition, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 16/03/2006
Kaspersky Anti-Virus database records: 171674


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 87788
Number of viruses found 4
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 02:11:38

Infected Object Name Virus Name Last Action
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP510\A0169659.ini:rjtebDATA Infected: Trojan-Downloader.Win32.Agent.an skipped

C:\WINDOWS\SYSTEM32\cnbsasn1.exe Infected: Trojan.Win32.Crypt.t skipped

C:\WINDOWS\SYSTEM32\nmerprof.dll Infected: Trojan.Win32.Crypt.t skipped

C:\WINDOWS\SYSTEM32\remove_it.dll Infected: Trojan.Win32.StartPage.ld skipped

C:\WINDOWS\~GLH0000.TMP:jzyvuDATA Infected: Trojan-Downloader.Win32.Agent.an skipped

C:\WINDOWS\~GLH0000.TMP:zorxkrDATA Infected: Trojan.Win32.Agent.bi skipped

Scan process completed.

HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 12:49:47 AM, on 3/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wave Wireless\Client Manager\cm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\System32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\System32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ipnb.exe] C:\WINDOWS\system32\ipnb.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
O4 - HKLM\..\Run: [37372al0] C:\WINDOWS\System32\37372al0.exe
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1\sginst.exe /upd
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [bO²ùðY×y-¯Œ] C:\WINDOWS\yqyxxsx.exe
O4 - HKLM\..\Run: [Bc6w] C:\WINDOWS\yqyxxsx.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\Acceleration Software\StopSignProducts\Firewall\ssfwmon.dll",VerifyStatus
O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoopService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Client Manager.lnk = C:\Program Files\Wave Wireless\Client Manager\cm.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Microsoft® JavaScript® Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft® JavaScript® Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131749754187
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.bigfishgames.com/online/feedingfrenzy/Game/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup141.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4713/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CD2AF26-8872-48A6-84A7-7BD36CD9ED4C}: NameServer = 204.117.214.10,216.163.120.19
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FWService - Unknown owner - C:\Program Files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Now what?
Thanks,
Debbie
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 244
Reputation: D3m3nt3d is an unknown quantity at this point 
Solved Threads: 13
D3m3nt3d's Avatar
D3m3nt3d D3m3nt3d is offline Offline
Posting Whiz in Training

Re: Just another "Best Offer" Need for Help!

 
0
  #6
Mar 16th, 2006
Did you not let Spysweeper remove what it found? It does not show any signs of quarantining any files...have you used the trial period before?

If you did not get an option to remove, uninstall Spysweeper and reinstall from here
http://www.ianag.com/files/14/SpySwe...MajorGeeks.exe

Also...try and download CWShredder again from here
http://www.intermute.com/products/cwshredder.html

Afterwards please attach
-CWShredder log
-New Spysweeper log
-New HijackThis log
Proud Member of ASAP (Alliance of Security Analysis Professionals)
Reply With Quote Quick reply to this message  
Join Date: Mar 2006
Posts: 16
Reputation: deb_sully62 is an unknown quantity at this point 
Solved Threads: 0
deb_sully62 deb_sully62 is offline Offline
Newbie Poster

Re: Just another "Best Offer" Need for Help!

 
0
  #7
Mar 16th, 2006
Okay, I hope this is right.
CWShredder log ( I don't think this is what you want...):
CWShredder Log:

**** Run Keys ****

RUN: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
RUN: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
RUN: [ipnb.exe] C:\WINDOWS\system32\ipnb.exe
RUN: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
RUN: [hpsysdrv] c:\windows\system\hpsysdrv.exe
RUN: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
RUN: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
RUN: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
RUN: [37372al0] C:\WINDOWS\System32\37372al0.exe
RUN: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
RUN: [bO²ùðY×y-¯Œ] C:\WINDOWS\yqyxxsx.exe
RUN: [Bc6w] C:\WINDOWS\yqyxxsx.exe
RUN: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
RUN: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
RUN: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
RUN: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
RUN: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
RUN: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
RUN: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe


**** Browser Helper Objects ****

BHO: [] C:\Program Files\Spybot - Search & Destroy\SDHelper.dll


**** IE Toolbars ****

TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx


**** IE Extensions ****

IEExt: []
IEExt: [MoneySide]
IEExt: [Microsoft® JavaScript® Console]
IEExt: [Messenger] C:\Program Files\Messenger\MSMSGS.EXE


**** Hosts File Entries ****



**** IE Settings ****

IEBypass: localhost
Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: C:\WINDOWS\System32\search.html
Local Page: C:\WINDOWS\System32\blank.htm
Search Bar: http://home.microsoft.com/search/lobby/search.asp
Search Page: http://home.microsoft.com/access/allinone.asp


**** IE Context Menu (Right click) ****

IEContext: [Save with Download Manager...] C:\Program Files\J River\Media Jukebox\DMDownload.htm


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4CD2AF26-8872-48A6-84A7-7BD36CD9ED4C}] SEQPACKET 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4CD2AF26-8872-48A6-84A7-7BD36CD9ED4C}] DATAGRAM 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2328847D-FF56-408B-857B-441E804EC2BD}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2328847D-FF56-408B-857B-441E804EC2BD}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01D1C6CD-6D44-46B6-BA89-10155A459FBE}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01D1C6CD-6D44-46B6-BA89-10155A459FBE}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF20E463-EBE1-48F3-995E-7BAA1D7E296D}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF20E463-EBE1-48F3-995E-7BAA1D7E296D}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{874F9E79-A321-42A3-B363-99109DF254C5}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{874F9E79-A321-42A3-B363-99109DF254C5}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A4DEE6B5-1EB7-428F-BFE9-A53E98895B7C}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A4DEE6B5-1EB7-428F-BFE9-A53E98895B7C}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{66ED3BFB-C405-4F02-97E9-68673A390962}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{66ED3BFB-C405-4F02-97E9-68673A390962}] DATAGRAM 5


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [http://www.apple.com/qtactivex/qtplugin.cab]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab]
{166B1BCA-3F9C-11CF-8075-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab]
{205FF73B-CA67-11D5-99DD-444553540013} [http://adserver.sharewareonline.com/adserver/Install.cab] C:\WINDOWS\Downloaded Program Files\Install.dll
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [C:\Program Files\Yahoo!\Common\yinsthelper.dll] C:\Program Files\Yahoo!\Common\yinsthelper.dll
{33564D57-0000-0010-8000-00AA00389B71} [http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB]
{49232000-16E4-426C-A231-62846947304B} [http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab] C:\WINDOWS\Downloaded Program Files\SysInfo.dll
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab]
{6414512B-B978-451D-A0D8-FCFDF33E833C} [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131749754187]
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} [http://zone.msn.com/bingame/luxr/default/mjolauncher.cab]
{B8BE5E93-A60C-4D26-A2DC-220313175592} [http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
{D54160C3-DB7B-4534-9B65-190EE4A9C7F7} [http://www.bigfishgames.com/online/feedingfrenzy/Game/SproutLauncher.cab]
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab]
{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} [http://download.abacast.com/download/files/abasetup141.cab]
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4713/mcfscan.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[Autodesk Licensing Service] "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[ewido security suite control] C:\Program Files\ewido anti-malware\ewidoctrl.exe
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[Fax] %systemroot%\system32\fxssvc.exe
[FWService] C:\Program Files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe -Service
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[ImapiService] C:\WINDOWS\System32\imapi.exe
[iPodService] C:\Program Files\iPod\bin\iPodService.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[Pml Driver HPZ12] C:\WINDOWS\System32\HPZipm12.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{9BC5B651-952C-4947-AC46-563D2749C8A0}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe -k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\System32\wdfmgr.exe
[uploadmgr] %SystemRoot%\System32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[svcWRSSSDK] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://www.microsoft.com/isapi/redir.dll?
SEARCH: [CustomizeSearch] http://ie.search.msn.com/en-us/srchasst/srchcust.htm
SEARCH: [] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CU] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\System32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.msn.com/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://home.microsoft.com/access/allinone.asp
IEOPT: [Check_Associations] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] no
IEOPT: [Use FormSuggest] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open]
IEOPT: [Use Search Assistant] no
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [NscSingleExpand]
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [FavIntelliMenus] no
IEOPT: [UseThemes]
IEOPT: [Force Offscreen Composition]
IEOPT: [AllowWindowReuse]
IEOPT: [Friendly http errors] yes
IEOPT: [ShowGoButton] yes
IEOPT: [SmoothScroll]
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Show image placeholders]
IEOPT: [Print_Background] no
IEOPT: [LastCheckedHi] `2Æ
IEOPT: [Use Search Asst]
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [WindowPosition]
IEOPT: [Default_Search_URL] http://search.msn.com
IEOPT: [FormSuggest Passwords] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [AutoSearch]
IEOPT: [SearchURL]
IEOPT: [HistoryViewType]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [Default_Page_URL]
IEOPT: [CustomizeSearch]
IEOPT: [SearchAssistant]
IEOPT: [SearchBar]
IEOPT: [Start Page_bak]
IEOPT: [Search Bar] http://home.microsoft.com/search/lobby/search.asp
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] C:\WINDOWS\System32\search.html
IEOPT: [Search Page] C:\WINDOWS\System32\search.html
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] C:\WINDOWS\System32\search.html
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.00.2800.1106
IEOPT: [Search Bar] http://ie.search.msn.com/en-us/srchasst/srchasst.htm
IEOPT: [FullScreen] no
IEOPT: [Use Custom Search URL]
IEOPT: [Use Search Assistant] yes
IEOPT: [] yes
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [CustomizeSearch] yes
IEOPT: [SearchAssistant] http://ie.search.msn.com/en-us/srchasst/srchasst.htm
IEOPT: [IEWatsonEnabled]
IEOPT: [Check_Associations] yes

Next (Spysweeper log) Swept and Removed:
********
4:12 PM: | Start of Session, Thursday, March 16, 2006 |
4:12 PM: Spy Sweeper started
4:12 PM: Sweep initiated using definitions version 635
4:12 PM: Starting Memory Sweep
4:18 PM: Memory Sweep Complete, Elapsed Time: 00:06:08
4:18 PM: Starting Registry Sweep
4:19 PM: Found Adware: directrevenue-thebestoffersnetwork
4:19 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tbon\ (7 subtraces) (ID = 826503)
4:19 PM: Found Trojan Horse: trojan-downloader-2pursuit
4:19 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {1b68470c-2def-493b-8a4a-8e2d81be4ea5} (ID = 910513)
4:19 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\st3\ (10 subtraces) (ID = 910519)
4:19 PM: Found Adware: highdialer hijack
4:19 PM: HKLM\software\microsoft\internet explorer\main\ || default_search_url (ID = 1057101)
4:19 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 1057102)
4:19 PM: HKLM\software\microsoft\internet explorer\main\ || local page (ID = 1057453)
4:19 PM: HKLM\software\microsoft\internet explorer\main\ || local page (ID = 1134875)
4:19 PM: HKU\S-1-5-21-2885428501-3646499915-426764551-1003\software\tbon\ (43 subtraces) (ID = 826461)
4:19 PM: HKU\S-1-5-21-2885428501-3646499915-426764551-1003\software\microsoft\st3\ (11 subtraces) (ID = 910473)
4:19 PM: Found Adware: big fish games toolbar
4:19 PM: HKU\S-1-5-21-2885428501-3646499915-426764551-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (ID = 941730)
4:19 PM: HKU\S-1-5-21-2885428501-3646499915-426764551-1003\software\microsoft\gsgs\ (131 subtraces) (ID = 1032011)
4:19 PM: Registry Sweep Complete, Elapsed Time:00:00:46
4:19 PM: Starting Cookie Sweep
4:19 PM: Found Spy Cookie: yieldmanager cookie
4:19 PM: owner@ad.yieldmanager[1].txt (ID = 3751)
4:19 PM: Found Spy Cookie: pointroll cookie
4:19 PM: owner@ads.pointroll[2].txt (ID = 3148)
4:19 PM: Found Spy Cookie: advertising cookie
4:19 PM: owner@advertising[2].txt (ID = 2175)
4:19 PM: Found Spy Cookie: atlas dmt cookie
4:19 PM: owner@atdmt[1].txt (ID = 2253)
4:19 PM: Found Spy Cookie: burstnet cookie
4:19 PM: owner@burstnet[2].txt (ID = 2336)
4:19 PM: Found Spy Cookie: casalemedia cookie
4:19 PM: owner@casalemedia[1].txt (ID = 2354)
4:19 PM: Found Spy Cookie: mediaplex cookie
4:19 PM: owner@mediaplex[2].txt (ID = 6442)
4:19 PM: Found Spy Cookie: 2o7.net cookie
4:19 PM: owner@msnportal.112.2o7[1].txt (ID = 1958)
4:19 PM: Found Spy Cookie: realmedia cookie
4:19 PM: owner@realmedia[1].txt (ID = 3235)
4:19 PM: Found Spy Cookie: adjuggler cookie
4:19 PM: owner@rotator.adjuggler[1].txt (ID = 2071)
4:19 PM: Found Spy Cookie: serving-sys cookie
4:19 PM: owner@serving-sys[2].txt (ID = 3343)
4:19 PM: Found Spy Cookie: tradedoubler cookie
4:19 PM: owner@tradedoubler[1].txt (ID = 3575)
4:19 PM: Found Spy Cookie: trafficmp cookie
4:19 PM: owner@trafficmp[1].txt (ID = 3581)
4:19 PM: Found Spy Cookie: burstbeacon cookie
4:19 PM: owner@www.burstbeacon[1].txt (ID = 2335)
4:19 PM: Found Spy Cookie: myaffiliateprogram.com cookie
4:19 PM: owner@www.myaffiliateprogram[1].txt (ID = 3032)
4:19 PM: Found Spy Cookie: adserver cookie
4:19 PM: owner@z1.adserver[1].txt (ID = 2142)
4:19 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
4:19 PM: Starting File Sweep
4:28 PM: Found Adware: cws_tiny0
4:28 PM: ~glh0000.tmp:zorxkr (ID = 204)
5:08 PM: tboninst.cfg (ID = 211835)
5:08 PM: File Sweep Complete, Elapsed Time: 00:49:01
5:08 PM: Full Sweep has completed. Elapsed time 00:56:05
5:08 PM: Traces Found: 231
5:10 PM: Removal process initiated
5:11 PM: Quarantining All Traces: trojan-downloader-2pursuit
5:11 PM: Quarantining All Traces: cws_tiny0
5:11 PM: Quarantining All Traces: big fish games toolbar
5:11 PM: Quarantining All Traces: highdialer hijack
5:11 PM: Quarantining All Traces: 2o7.net cookie
5:11 PM: Quarantining All Traces: adjuggler cookie
5:11 PM: Quarantining All Traces: adserver cookie
5:11 PM: Quarantining All Traces: advertising cookie
5:11 PM: Quarantining All Traces: atlas dmt cookie
5:11 PM: Quarantining All Traces: burstbeacon cookie
5:11 PM: Quarantining All Traces: burstnet cookie
5:11 PM: Quarantining All Traces: casalemedia cookie
5:11 PM: Quarantining All Traces: directrevenue-thebestoffersnetwork
5:11 PM: Quarantining All Traces: mediaplex cookie
5:11 PM: Quarantining All Traces: myaffiliateprogram.com cookie
5:11 PM: Quarantining All Traces: pointroll cookie
5:11 PM: Quarantining All Traces: realmedia cookie
5:11 PM: Quarantining All Traces: serving-sys cookie
5:11 PM: Quarantining All Traces: tradedoubler cookie
5:11 PM: Quarantining All Traces: trafficmp cookie
5:11 PM: Quarantining All Traces: yieldmanager cookie
5:11 PM: Removal process completed. Elapsed time 00:00:33
********
4:08 PM: | Start of Session, Thursday, March 16, 2006 |
4:08 PM: Spy Sweeper started
4:12 PM: Your spyware definitions have been updated.
4:12 PM: | End of Session, Thursday, March 16, 2006 |
And the new HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:16:42 PM, on 3/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Wave Wireless\Client Manager\cm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ipnb.exe] C:\WINDOWS\system32\ipnb.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [37372al0] C:\WINDOWS\System32\37372al0.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [bO²ùðY×y-¯Œ] C:\WINDOWS\yqyxxsx.exe
O4 - HKLM\..\Run: [Bc6w] C:\WINDOWS\yqyxxsx.exe
O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Client Manager.lnk = C:\Program Files\Wave Wireless\Client Manager\cm.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Microsoft® JavaScript® Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft® JavaScript® Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {F35D6916-F6D0-49FA-AFB1-0E6BE8E96308} - C:\WINDOWS\System32\comdlg32.ocx (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131749754187
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.bigfishgames.com/online/feedingfrenzy/Game/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup141.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4713/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CD2AF26-8872-48A6-84A7-7BD36CD9ED4C}: NameServer = 204.117.214.10,216.163.120.19
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FWService - Unknown owner - C:\Program Files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

PC is running much better already. What do I need to remove on HijackThis?
Thanks.
Debbie
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 244
Reputation: D3m3nt3d is an unknown quantity at this point 
Solved Threads: 13
D3m3nt3d's Avatar
D3m3nt3d D3m3nt3d is offline Offline
Posting Whiz in Training

Re: Just another "Best Offer" Need for Help!

 
0
  #8
Mar 16th, 2006
Hey Debbie

Did CWShredder say it removed anything? It may not produce a log it's been a while...

I am going to go ahead and work up a fix, but I still want to see a few more logs please

Let's get going...
-
FIRST
Please relocate HijackThis to a permanent location such as C:\Program Files\HJT

NEXT
Scan with HijackThis and place a check next to each of these:
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O4 - HKLM\..\Run: [ipnb.exe] C:\WINDOWS\system32\ipnb.exe
O4 - HKLM\..\Run: [37372al0] C:\WINDOWS\System32\37372al0.exe
O4 - HKLM\..\Run: [bO²ùðY×y-¯Œ] C:\WINDOWS\yqyxxsx.exe
O4 - HKLM\..\Run: [Bc6w] C:\WINDOWS\yqyxxsx.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Now open Pocket Killbox
-Copy and Paste the following one at a time
-Do not reboot until you have entered them all
-Check the Delete on Reboot options
-After entering each one click the Red X to confirm
C:\WINDOWS\system32\ipnb.exe
C:\WINDOWS\System32\37372al0.exe
C:\WINDOWS\yqyxxsx.exe

After entering the last one allow your PC to reboot
-If it does not reboot on it's own, reboot it manually

Download the following two tools
AproposFix
http://swandog46.geekstogo.com/aproposfix.exe
-Save to your desktop for right now

ISeeYou
http://forum.networktechs.com/attach...6&d=1142141622
-Save it to your desktop but do NOT run it yet.

Now reboot to Safe Mode

-Double-click aproposfix.exe and unzip it to the desktop. -Open the aproposfix folder on your desktop and run RunThis.bat.
- Follow the prompts.
-There will be an attachment log.txt in the Apropos folder
-Please attach this for me

-Now double click ISeeYou.bat and let it run
-Save and attach the log when you return

So when returning please provide the following
Apropos log
ISeeYou log
New HijackThis log
Hang in there
Proud Member of ASAP (Alliance of Security Analysis Professionals)
Reply With Quote Quick reply to this message  
Join Date: Mar 2006
Posts: 16
Reputation: deb_sully62 is an unknown quantity at this point 
Solved Threads: 0
deb_sully62 deb_sully62 is offline Offline
Newbie Poster

Re: Just another "Best Offer" Need for Help!

 
0
  #9
Mar 17th, 2006
C:\WINDOWS\system32\ipnb.exe
C:\WINDOWS\System32\37372al0.exe
C:\WINDOWS\yqyxxsx.exe

In my hijackThis log the above are only listed after the "04-HKLM\..\Run..." Are those the ones I copy and paste into my killbox because they are not listed in the top WINDOWS\system tools at the top of the log?
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 244
Reputation: D3m3nt3d is an unknown quantity at this point 
Solved Threads: 13
D3m3nt3d's Avatar
D3m3nt3d D3m3nt3d is offline Offline
Posting Whiz in Training

Re: Just another "Best Offer" Need for Help!

 
0
  #10
Mar 17th, 2006
Originally Posted by deb_sully62
C:\WINDOWS\system32\ipnb.exe
C:\WINDOWS\System32\37372al0.exe
C:\WINDOWS\yqyxxsx.exe

In my hijackThis log the above are only listed after the "04-HKLM\..\Run..." Are those the ones I copy and paste into my killbox because they are not listed in the top WINDOWS\system tools at the top of the log?
You just copy and paste it exactly as I have here one at a time:
C:\WINDOWS\system32\ipnb.exe
C:\WINDOWS\System32\37372al0.exe
C:\WINDOWS\yqyxxsx.exe
It will show up in blue if it exists.
Proud Member of ASAP (Alliance of Security Analysis Professionals)
Reply With Quote Quick reply to this message  
Reply
1 2 Last »

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm yahoo
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC