Viruses, Spyware and...

Viruses, Spyware and other Nasties RSS

About:Blank Homepage

Thread Solved

Last »

•

Join Date: Jun 2004

Posts: 26

Reputation: Silent is an unknown quantity at this point

Solved Threads: 1

Silent

Offline

Light Poster

About:Blank Homepage

Jun 22nd, 2004

I keep getting this About:Blank homepage which turns out to be some sort of search engine or sumtin.. and then i get a lot of pop-ups saying adaware and u have a parasite in ur computer and things like that... so i tried changing my homepage and it went back to About:Blank ... so i kept tryin that.. and that didnt work.. i tried using Spybot SEACH & Destroy... that didn't work either... this is my hijack this log:
Logfile of HijackThis v1.97.5
Scan saved at 8:56:13 PM, on 6/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\System32\msgked.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Pop Blocker\updatedl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Salih\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.socom2battles.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
O2 - BHO: (no name) - {0B9B83D5-AF96-46A3-9224-A96944F99FF4} - C:\WINDOWS\System32\fgkohba.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msfaol.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Pop Blocker\Updated.dll
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

and also.. a die note... when i try to go to other sites.. sometimes i get redirected to some site taht is sumtin like www.flashlightsearch.com then a lot of numbers and then the site i wanted .. i.e. www.flashlightsearch.com/202348/2083234&@)Q#&#*www.google.com/

•

Join Date: Jun 2004

Posts: 21

Reputation: jendej is an unknown quantity at this point

Solved Threads: 1

jendej

Offline

Newbie Poster

Re: About:Blank Homepage

Jun 22nd, 2004

we're in the same boat. this is a version of the coolwebsearch virus. i'm hoping to get help for the same problem, so you might want to keep an eye on that thread as well as this one.

•

Join Date: Jun 2004

Posts: 26

Reputation: Silent is an unknown quantity at this point

Solved Threads: 1

Silent

Offline

Light Poster

Re: About:Blank Homepage

Jun 22nd, 2004

adaware6.0... i ran that...:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, June 22, 2004 8:58:35 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R298 20.04.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry

6-22-2004 8:58:35 PM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 6-23-2004 12:24:25 AM
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:24:32 AM
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:24:37 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:24:37 AM
Last modified : 8/29/2002 2:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:24:37 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:24:37 AM
Last modified : 8/29/2002 2:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:24:43 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:24:43 AM
Last modified : 8/29/2002 2:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-23-2004 12:24:45 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:24:43 AM
Last modified : 8/29/2002 2:00:00 AM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:24:57 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:24:57 AM
Last modified : 8/29/2002 2:00:00 AM

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 6-23-2004 12:24:57 AM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 11/13/2002 11:44:02 PM
Last accessed : 6/23/2004 12:24:58 AM
Last modified : 11/13/2002 11:44:02 PM

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 6-23-2004 12:25:11 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:26:56 AM
Last modified : 8/29/2002 2:00:00 AM

#:10 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:25:12 AM
BasePriority : Normal
FileSize : 5 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
OriginalFilename : cisvc.exe
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:25:12 AM
Last modified : 8/29/2002 2:00:00 AM

#:11 [hpconfig.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:25:14 AM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 3, 0, 1, 8
ProductVersion : 3, 0, 1, 8
Copyright : Hewlett-Packard Copyright (C) 1999-2002
CompanyName : Hewlett-Packard
FileDescription : HPConfig Module
InternalName : HPConfig
OriginalFilename : HPConfig.EXE
ProductName : HPConfig Module
Created on : 5/22/2003 11:24:52 PM
Last accessed : 6/23/2004 12:25:14 AM
Last modified : 8/15/2002 5:11:00 PM

#:12 [hpwirelessmgr.exe]
FilePath : C:\Program Files\HPQ\Notebook Utilities\
ThreadCreationTime : 6-23-2004 12:25:15 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
Copyright : Hewlett-Packard Copyright 2002
CompanyName : Hewlett-Packard Co.
FileDescription : HPWirelessMgr Module
InternalName : HPWirelessMgr
OriginalFilename : HPWirelessMgr.EXE
ProductName : HPWirelessMgr Module
Created on : 5/22/2003 11:25:03 PM
Last accessed : 6/23/2004 12:25:15 AM
Last modified : 1/14/2003 9:12:14 PM

#:13 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 6-23-2004 12:25:17 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 11/15/2002 2:41:26 AM
Last accessed : 6/23/2004 12:25:17 AM
Last modified : 11/15/2002 2:41:26 AM

#:14 [carpserv.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-23-2004 12:25:32 AM
BasePriority : Normal
FileSize : 4 KB
FileVersion : 5.03.09.00
ProductVersion : 5.03.09.00
Copyright : Copyright
CompanyName : Conexant Systems
FileDescription : carpserv
InternalName : carpserv
OriginalFilename : carpserv.exe
ProductName : Conexant carpserv
Created on : 5/22/2003 9:58:23 PM
Last accessed : 6/23/2004 12:25:32 AM
Last modified : 4/15/2003 1:00:02 AM

#:15 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 6-23-2004 12:25:37 AM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 8.20.0130
ProductVersion : 8.20.0130
Copyright : Copyright
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 4/30/2004 8:57:08 PM
Last accessed : 6/23/2004 12:25:37 AM
Last modified : 4/20/2004 8:50:16 PM

#:16 [onetouch.exe]
FilePath : C:\Program Files\HPQ\One-Touch\
ThreadCreationTime : 6-23-2004 12:25:38 AM
BasePriority : Normal
FileSize : 104 KB
FileVersion : 1.6.8.0
ProductVersion : 1.6.8.0
Copyright : Copyright
CompanyName : Dritek System Inc.
FileDescription : One-Touch
InternalName : OneTouch
OriginalFilename : OneTouch.exe
ProductName : Dritek System Inc. OneTouch 01.30.2003 ( VC60 )
Created on : 1/30/2003 10:53:10 PM
Last accessed : 6/23/2004 12:25:38 AM
Last modified : 1/30/2003 10:53:10 PM

#:17 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 6-23-2004 12:25:39 AM
BasePriority : Normal
FileSize : 108 KB
FileVersion : 7.4.2 13Mar03
ProductVersion : 7.4.2 13Mar03
Copyright : Copyright (C) Synaptics, Inc. 1996-2002
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
OriginalFilename : SynTPLpr.exe
ProductName : Progressive Touch
Created on : 5/22/2003 11:27:13 PM
Last accessed : 6/23/2004 12:25:39 AM
Last modified : 3/14/2003 12:56:46 PM

#:18 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 6-23-2004 12:25:39 AM
BasePriority : Normal
FileSize : 620 KB
FileVersion : 7.4.2 13Mar03
ProductVersion : 7.4.2 13Mar03
Copyright : Copyright (C) Synaptics, Inc. 1996-2002
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
OriginalFilename : SynTPEnh.exe
ProductName : Progressive Touch
Created on : 5/22/2003 11:27:13 PM
Last accessed : 6/23/2004 12:25:39 AM
Last modified : 3/14/2003 12:56:10 PM

#:19 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 6-23-2004 12:25:44 AM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 2/12/2004 9:30:48 PM
Last accessed : 6/23/2004 12:25:44 AM
Last modified : 12/2/2003 9:11:04 PM

#:20 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ThreadCreationTime : 6-23-2004 12:25:45 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 5.3.5.10
ProductVersion : 5.3.5.10
Copyright : Copyright (c) 2001-2003, Roxio, Inc.
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : Directcd.exe
ProductName : DirectCD
Created on : 3/26/2003 6:15:24 PM
Last accessed : 6/23/2004 12:25:46 AM
Last modified : 3/26/2003 6:15:24 PM

#:21 [hpztsb05.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ThreadCreationTime : 6-23-2004 12:25:46 AM
BasePriority : Normal
FileSize : 184 KB
FileVersion : 2,121,0,0
ProductVersion : 2,121,0,0
Copyright : Copyright (c) Hewlett-Packard Company 1999-2002
CompanyName : HP
ProductName : HP DeskJet
Created on : 1/6/2004 1:49:29 AM
Last accessed : 6/23/2004 12:25:46 AM
Last modified : 3/28/2002 8:50:30 AM

#:22 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 6-23-2004 12:25:46 AM
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.4
ProductVersion : QuickTime 6.4
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 1/28/2004 1:41:01 AM
Last accessed : 6/23/2004 12:25:47 AM
Last modified : 1/28/2004 1:41:01 AM

#:23 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 6-23-2004 12:25:47 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
Copyright : TODO: (c) <Company name>. All rights reserved.
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
OriginalFilename : mmtask.exe
ProductName : TODO: <Product name>
Created on : 4/30/2004 8:57:28 PM
Last accessed : 6/23/2004 12:25:47 AM
Last modified : 4/20/2004 8:50:16 PM

#:24 [aim.exe]
FilePath : C:\Program Files\AIM\
ThreadCreationTime : 6-23-2004 12:25:48 AM
BasePriority : Normal
FileSize : 60 KB
FileVersion : 5.5.3572
ProductVersion : 5.5.3572
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
OriginalFilename : AIM.EXE
ProductName : AOL Instant Messenger
Created on : 2/10/2004 2:03:32 AM
Last accessed : 6/23/2004 12:45:02 AM
Last modified : 2/4/2004 8:29:24 PM

#:25 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 6-23-2004 12:25:50 AM
BasePriority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 12/18/2003 4:02:22 AM
Last accessed : 6/23/2004 12:25:50 AM
Last modified : 3/4/2004 7:01:00 PM

#:26 [nclaunch.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 6-23-2004 12:25:51 AM
BasePriority : Normal
FileSize : 40 KB
FileVersion : 2, 2, 0, 67
ProductVersion : 2, 2, 0, 67
Copyright : Copyright
CompanyName : Northcode Inc.
FileDescription : NCLaunch
InternalName : NCLaunch
OriginalFilename : NCLaunch.exe
ProductName : Northcode NCLaunch
Created on : 3/9/2004 12:02:41 AM
Last accessed : 6/23/2004 12:25:51 AM
Last modified : 3/9/2004 12:02:41 AM

#:27 [msgked.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-23-2004 12:25:51 AM
BasePriority : Normal
FileSize : 46 KB
Created on : 6/17/2004 3:03:12 PM
Last accessed : 6/23/2004 12:25:52 AM
Last modified : 8/23/2001

#:28 [airplus.exe]
FilePath : C:\Program Files\D-Link AirPlus\
ThreadCreationTime : 6-23-2004 12:25:54 AM
BasePriority : Normal
FileSize : 256 KB
FileVersion : 3, 0, 2, 0
ProductVersion : 3, 0, 2, 0
Copyright : Copyright (C) 2002
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
OriginalFilename : AIRPLUS.EXE
ProductName : D-Link AirPlus
Created on : 9/4/2003 2:32:51 AM
Last accessed : 6/23/2004 12:21:50 AM
Last modified : 3/5/2003 10:37:06 PM

#:29 [updatedl.exe]
FilePath : C:\Program Files\Pop Blocker\
ThreadCreationTime : 6-23-2004 12:27:18 AM
BasePriority : Normal
FileSize : 108 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Global Information Technology
InternalName : UpdatedL
OriginalFilename : UpdatedL.exe
ProductName : Updated Lite
Created on : 10/28/2002 12:29:06 AM
Last accessed : 6/23/2004 12:27:18 AM
Last modified : 10/28/2002 12:29:06 AM

#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 6-23-2004 12:43:56 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:44:16 AM
Last modified : 8/29/2002 2:00:00 AM

#:31 [hijackthis.exe]
FilePath : C:\Documents and Settings\Salih\Desktop\hijackthis\
ThreadCreationTime : 6-23-2004 12:55:49 AM
BasePriority : Normal
FileSize : 156 KB
FileVersion : 1.97.0005
ProductVersion : 1.97.0005
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
OriginalFilename : HijackThis.exe
ProductName : HijackThis
Created on : 11/10/2003 1:00:22 AM
Last accessed : 6/23/2004 12:55:49 AM
Last modified : 11/10/2003 1:00:22 AM

#:32 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-23-2004 12:56:14 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
OriginalFilename : NOTEPAD.EXE
ProductName : Microsoft
Created on : 8/29/2002 2:00:00 AM
Last accessed : 6/23/2004 12:56:14 AM
Last modified : 8/29/2002 2:00:00 AM

#:33 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 6-23-2004 12:56:31 AM
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 4/14/2003 11:30:14 PM
Last accessed : 6/23/2004 12:34:14 AM
Last modified : 4/14/2003 11:30:14 PM

#:34 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 6-23-2004 12:58:07 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 5/21/2004 3:06:39 AM
Last accessed : 6/23/2004 12:58:07 AM
Last modified : 7/13/2003 1:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

AdDestroyer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\app management\arpcache\addestroyer

AdDestroyer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\addestroyer

AdDestroyer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\addestroyer

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : AppID\C22A6AF2-C946-4EBF-861C-62252458827F

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : AppID\{026E4B83-1BF7-41CB-8233-4AF35341BC69}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{00A0A40C-F432-4C59-BA11-B25D142C7AB7}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0982868C-47F0-4EFB-A664-C7B0B1015808}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0BA1C6EB-D062-4E37-9DB5-B07743276324}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{25F7FA20-3FC3-11D7-B487-00D05990014C}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{94927A13-4AAA-476A-989D-392456427688}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{CC916B4B-BE44-4026-A19D-8C74BBD23361}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : dnsrep.dnsrepobj

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : dnsrep.dnsrepobj.1

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A679DB3C-6A3C-49D7-9D03-5D2F88715DB7}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A7370377-E217-4467-8448-9845270CD4A3}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\iPend

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A0A40C-F432-4C59-BA11-B25D142C7AB7}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0982868C-47F0-4EFB-A664-C7B0B1015808}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ba1c6eb-d062-4e37-9db5-b07743276324}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{25F7FA20-3FC3-11D7-B487-00D05990014C}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94927a13-4aaa-476a-989d-392456427688}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC916B4B-BE44-4026-A19D-8C74BBD23361}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{026E4B83-1BF7-41CB-8233-4AF35341BC69}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{C22A6AF2-C946-4EBF-861C-62252458827F}

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : urlcli.UrlCliObj

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : urlcli.UrlCliObj.1

DyFuCA Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

DyFuCA Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{cea206e8-8057-4a04-ace9-ff0d69a92297}

DyFuCA Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj

DyFuCA Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1

DyFuCA Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}

Favoriteman Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972}

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{F1616B86-9288-489D-B71A-0CCF2F1A89DA}

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C}

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Handler\tpro

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Name-Space Handler\res\toolbar.ResProtocol

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbar.ResProtocol

istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ISTactivex.Installer

istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer.2

istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\IST

Jeired Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{707e6f76-9ffb-4920-a976-ea101271bc25}

VirtualBouncer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\VB and VBA Program Settings\VBouncer

CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

Favoriteman Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows
Value : Counter

Favoriteman Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows
Value : Server

Favoriteman Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows
Value : Object

IBIS Toolbar Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : {339BB23F-A864-48C0-A59F-29EA915965EC}

Omi-Update Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : msmc

Windows Object recognized!
Type : RegData
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value : Shell
Data :

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 53
Objects found so far: 53

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 53

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : salih@180solutions[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 1:39:52 PM
Last accessed : 6/23/2004 12:26:53 AM
Last modified : 6/21/2004 1:40:04 PM

Tracking Cookie Object recognized!
Type : File
Data : salih@2o7[2].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 9:56:18 PM
Last accessed : 6/23/2004 12:26:53 AM
Last modified : 6/21/2004 9:56:18 PM

Tracking Cookie Object recognized!
Type : File
Data : salih@bilbo.counted[2].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 1:40:03 PM
Last accessed : 6/23/2004 12:29:42 AM
Last modified : 6/23/2004 12:29:42 AM

Tracking Cookie Object recognized!
Type : File
Data : salih@clickbank[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 9:52:07 PM
Last accessed : 6/23/2004 12:26:54 AM
Last modified : 6/21/2004 9:52:07 PM

Tracking Cookie Object recognized!
Type : File
Data : salih@edge.ru4[2].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/22/2004 1:47:18 PM
Last accessed : 6/23/2004 12:26:54 AM
Last modified : 6/22/2004 1:47:18 PM

Tracking Cookie Object recognized!
Type : File
Data : salih@fastclick[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 9:44:36 PM
Last accessed : 6/23/2004 12:35:36 AM
Last modified : 6/23/2004 12:35:36 AM

Tracking Cookie Object recognized!
Type : File
Data : salih@qksrv[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 7:28:10 PM
Last accessed : 6/23/2004 12:26:56 AM
Last modified : 6/21/2004 7:28:10 PM

Tracking Cookie Object recognized!
Type : File
Data : salih@questionmarket[2].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/22/2004 5:16:16 PM
Last accessed : 6/23/2004 12:26:57 AM
Last modified : 6/22/2004 5:16:17 PM

Tracking Cookie Object recognized!
Type : File
Data : salih@revenue[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/22/2004 1:15:29 AM
Last accessed : 6/23/2004 12:26:57 AM
Last modified : 6/22/2004 1:15:29 AM

Tracking Cookie Object recognized!
Type : File
Data : salih@server.iad.liveperson[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/21/2004 9:02:41 PM
Last accessed : 6/23/2004 12:26:57 AM
Last modified : 6/21/2004 9:02:41 PM

Tracking Cookie Object recognized!
Type : File
Data : salih@tribalfusion[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/23/2004 12:39:06 AM
Last accessed : 6/23/2004 12:39:06 AM
Last modified : 6/23/2004 12:39:06 AM

Tracking Cookie Object recognized!
Type : File
Data : salih@z1.adserver[1].txt
Object : C:\Documents and Settings\Salih\Cookies\

Created on : 6/23/2004 12:44:27 AM
Last accessed : 6/23/2004 12:44:27 AM
Last modified : 6/23/2004 12:44:27 AM

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep scanning and examining files (C

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Favoriteman Object recognized!
Type : File
Data : im64.dll
Object : C:\WINDOWS\System32\
FileSize : 1 KB
Created on : 6/16/2004 2:16:33 AM
Last accessed : 6/23/2004 1:03:44 AM
Last modified : 6/21/2004 12:01:47 AM

SahAgent Object recognized!
Type : File
Data : lsp.dll
Object : C:\WINDOWS\System32\
FileSize : 52 KB
FileVersion : 1, 1, 1, 20
ProductVersion : 1, 1, 1, 20
Copyright : Copyright
CompanyName : ITForum
FileDescription : LSP
InternalName : LSP
OriginalFilename : LSP.DLL
ProductName : ITForum LSP
Created on : 6/16/2004 2:16:49 AM
Last accessed : 6/23/2004 1:03:59 AM
Last modified : 11/13/2003 9:35:00 AM

SahAgent Object recognized!
Type : File
Data : sahagent1019.exe
Object : C:\WINDOWS\System32\
FileSize : 53 KB
Created on : 6/16/2004 2:16:42 AM
Last accessed : 6/23/2004 1:04:29 AM
Last modified : 6/16/2004 2:16:42 AM

SahAgent Object recognized!
Type : File
Data : sahhtml.exe
Object : C:\WINDOWS\System32\
FileSize : 54 KB
FileVersion : 1, 1, 1, 5
ProductVersion : 1, 1, 1, 5
Copyright : Copyright
CompanyName : VGroup
FileDescription : Html
InternalName : Html
OriginalFilename : Html.exe
ProductName : VGroup Html
Created on : 6/16/2004 2:16:50 AM
Last accessed : 6/23/2004 1:04:29 AM
Last modified : 1/27/2004 9:35:24 AM

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

AdDestroyer Object recognized!
Type : Folder
Object : c:\program files\AdDestroyer

AdDestroyer Object recognized!
Type : File
Data : addestroyer.wav
Object : c:\program files\addestroyer\
FileSize : 1 KB
Created on : 6/18/2004 1:54:33 AM
Last accessed : 6/23/2004 1:04:50 AM
Last modified : 7/11/1997 9:37:00 AM

AdDestroyer Object recognized!
Type : File
Data : ~glh000a.tmp
Object : c:\program files\addestroyer\

Created on : 6/18/2004 1:54:33 AM
Last accessed : 6/23/2004 1:04:50 AM
Last modified : 6/18/2004 1:54:33 AM

AdDestroyer Object recognized!
Type : File
Data : popoops.dll
Object : c:\windows\system32\
FileSize : 24 KB
FileVersion : 2, 1, 0, 3
ProductVersion : 2, 1, 0, 3
CompanyName : Shahin Gasanov
FileDescription : PopOops
InternalName : PopOops
OriginalFilename : PopOops.dll
ProductName : PopOops
Created on : 6/18/2004 1:54:31 AM
Last accessed : 6/23/2004 1:04:22 AM
Last modified : 3/18/2003 9:00:00 AM

AdDestroyer Object recognized!
Type : File
Data : popoops2.dll
Object : c:\windows\system32\
FileSize : 40 KB
FileVersion : 1.01.0001
ProductVersion : 1.01.0001
CompanyName : Shahin Gasanov
FileDescription : PopOops2
InternalName : PopOops2
OriginalFilename : PopOops2.dll
ProductName : PopOops2
Created on : 6/18/2004 1:54:30 AM
Last accessed : 6/23/2004 1:04:22 AM
Last modified : 7/30/2003 8:07:16 PM

AdDestroyer Object recognized!
Type : File
Data : swlad1.dll
Object : c:\windows\system32\
FileSize : 40 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Globes
InternalName : SWLAD1
OriginalFilename : SWLAD1.dll
ProductName : PopOops2
Created on : 6/18/2004 1:54:32 AM
Last accessed : 6/23/2004 1:04:36 AM
Last modified : 8/25/2003 6:29:50 PM

AdDestroyer Object recognized!
Type : File
Data : swlad2.dll
Object : c:\windows\system32\
FileSize : 24 KB
Created on : 6/18/2004 1:54:32 AM
Last accessed : 6/23/2004 1:04:36 AM
Last modified : 8/25/2003 6:29:26 PM

ClientMan Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : AppID\dnsrep.DLL

DyFuCA Object recognized!
Type : File
Data : nem218.dll
Object : c:\windows\
FileSize : 33 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2002
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
OriginalFilename : DyFuCA_BH.DLL
ProductName : DyFuCA_BH Module
Created on : 6/21/2004 12:18:08 PM
Last accessed : 6/23/2004 1:04:50 AM
Last modified : 6/21/2004 12:18:08 PM

Favoriteman Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{EF100007-F409-426A-9E7C-CB211F2A9786}

Favoriteman Object recognized!
Type : File
Data : v.dat
Object : c:\windows\system32\
FileSize : 169 KB
Created on : 6/16/2004 2:16:50 AM
Last accessed : 6/23/2004 1:04:50 AM
Last modified : 6/16/2004 2:17:11 AM

Favoriteman Object recognized!
Type : File
Data : vg.dat
Object : c:\windows\system32\
FileSize : 2 KB
Created on : 6/16/2004 2:16:50 AM
Last accessed : 6/23/2004 1:04:50 AM
Last modified : 6/16/2004 2:17:12 AM

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Toolbar

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Toolbar

IBIS Toolbar Object recognized!
Type : Folder
Object : c:\program files\Toolbar

IBIS Toolbar Object recognized!
Type : File
Data : cursors
Object : c:\program files\toolbar\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/22/2004 8:11:27 PM
Last modified : 6/17/2004 11:51:47 PM

IBIS Toolbar Object recognized!
Type : File
Data : iexploreskins.exe
Object : c:\program files\toolbar\
FileSize : 6 KB
Created on : 6/17/2004 11:51:44 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 3/19/2004 8:21:54 AM

IBIS Toolbar Object recognized!
Type : File
Data : rw.wzg
Object : c:\program files\toolbar\
FileSize : 6 KB
Created on : 6/17/2004 11:52:13 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/21/2004 1:40:03 PM

IBIS Toolbar Object recognized!
Type : File
Data : skins
Object : c:\program files\toolbar\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/22/2004 8:11:27 PM
Last modified : 6/17/2004 11:51:47 PM

IBIS Toolbar Object recognized!
Type : File
Data : temp
Object : c:\program files\toolbar\

Created on : 6/17/2004 11:52:09 PM
Last accessed : 6/22/2004 8:11:27 PM
Last modified : 6/17/2004 11:52:09 PM

IBIS Toolbar Object recognized!
Type : File
Data : toolbar.dll
Object : c:\program files\toolbar\
FileSize : 621 KB
Created on : 6/17/2004 11:51:46 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/8/2004 2:49:46 PM

IBIS Toolbar Object recognized!
Type : File
Data : xlmurin.wzg
Object : c:\program files\toolbar\

Created on : 6/17/2004 11:51:54 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/21/2004 1:51:32 PM

IBIS Toolbar Object recognized!
Type : File
Data : xzxsv.wzg
Object : c:\program files\toolbar\
FileSize : 22 KB
Created on : 6/17/2004 11:52:13 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/21/2004 1:40:03 PM

IBIS Toolbar Object recognized!
Type : File
Data : yildhvi.olt
Object : c:\program files\toolbar\
FileSize : 3 KB
Created on : 6/21/2004 7:32:12 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/21/2004 9:12:52 PM

IBIS Toolbar Object recognized!
Type : File
Data : frequently asked questions.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/17/2004 11:51:47 PM

IBIS Toolbar Object recognized!
Type : File
Data : home.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/17/2004 11:51:47 PM

IBIS Toolbar Object recognized!
Type : File
Data : privacy policy.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/17/2004 11:51:48 PM

IBIS Toolbar Object recognized!
Type : File
Data : terms of use.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 6/17/2004 11:51:47 PM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 6/17/2004 11:51:47 PM

istbar Object recognized!
Type : Folder
Object : c:\documents and settings\salih\favorites\Adult Sites

istbar Object recognized!
Type : Folder
Object : c:\documents and settings\salih\favorites\Free Adult Content

istbar Object recognized!
Type : Folder
Object : c:\program files\ISTsvc

istbar Object recognized!
Type : File
Data : amateur
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:57 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:57 PM

istbar Object recognized!
Type : File
Data : anal
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:57 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:58 PM

istbar Object recognized!
Type : File
Data : asian
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM

istbar Object recognized!
Type : File
Data : bisexual
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM

istbar Object recognized!
Type : File
Data : black
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM

istbar Object recognized!
Type : File
Data : cartoon
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM

istbar Object recognized!
Type : File
Data : cumshots
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM

istbar Object recognized!
Type : File
Data : fetish
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:18:03 PM

istbar Object recognized!
Type : File
Data : gang bang
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:58 PM

istbar Object recognized!
Type : File
Data : gay
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:58 PM

istbar Object recognized!
Type : File
Data : hardcore
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:58 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:59 PM

istbar Object recognized!
Type : File
Data : interacial
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:10 PM
Last modified : 6/21/2004 12:17:59 PM

istbar Object recognized!
Type : File
Data : latin
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:17:59 PM

istbar Object recognized!
Type : File
Data : lesbian
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:17:59 PM

istbar Object recognized!
Type : File
Data : mature
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:17:59 PM

istbar Object recognized!
Type : File
Data : peeing
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:03 PM

istbar Object recognized!
Type : File
Data : reality
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:04 PM

istbar Object recognized!
Type : File
Data : teen
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:17:59 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:00 PM

istbar Object recognized!
Type : File
Data : teen hardcore
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:00 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:00 PM

istbar Object recognized!
Type : File
Data : tits
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:00 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:03 PM

istbar Object recognized!
Type : File
Data : transexual
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:03 PM

istbar Object recognized!
Type : File
Data : upskirt
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:03 PM

istbar Object recognized!
Type : File
Data : video
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:00 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:00 PM

istbar Object recognized!
Type : File
Data : voyeur
Object : c:\documents and settings\salih\favorites\adult sites\

Created on : 6/21/2004 12:18:00 PM
Last accessed : 6/22/2004 8:23:09 PM
Last modified : 6/21/2004 12:18:00 PM

istbar Object recognized!
Type : File
Data : daily movies
Object : c:\documents and settings\salih\favorites\free adult content\

Created on : 6/21/2004 12:18:02 PM
Last accessed : 6/22/2004 8:23:07 PM
Last modified : 6/21/2004 12:18:03 PM

istbar Object recognized!
Type : File
Data : daily pictures
Object : c:\documents and settings\salih\favorites\free adult content\

Created on : 6/21/2004 12:18:00 PM
Last accessed : 6/22/2004 8:23:06 PM
Last modified : 6/21/2004 12:18:04 PM

istbar Object recognized!
Type : File
Data : free live chat
Object : c:\documents and settings\salih\favorites\free adult content\

Created on : 6/21/2004 12:18:03 PM
Last accessed : 6/22/2004 8:23:04 PM
Last modified : 6/21/2004 12:18:03 PM

Jeired Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\UrlSearchHooks
Value : {707E6F76-9FFB-4920-A976-EA101271BC25}

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain

Omi-Update Object recognized!
Type : File
Data : cfg.dat
Object : c:\windows\system32\

Created on : 8/23/2001
Last accessed : 6/23/2004 12:25:58 AM
Last modified : 8/23/2001

Omi-Update Object recognized!
Type : File
Data : msmc.exe
Object : c:\windows\system32\
FileSize : 46 KB
Created on : 6/16/2004 2:16:03 AM
Last accessed : 6/23/2004 1:04:07 AM
Last modified : 6/16/2004 2:16:03 AM

SahAgent Object recognized!
Type : File
Data : sahuninstall.exe
Object : c:\windows\
FileSize : 29 KB
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
Copyright : Copyright
FileDescription : SAHUninstall
InternalName : SAHUninstall
OriginalFilename : SAHUninstall.dll
ProductName : SAHUninstall
Created on : 6/16/2004 2:16:50 AM
Last accessed : 6/23/2004 1:04:51 AM
Last modified : 1/27/2004 9:34:48 AM

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 66
Objects found so far: 135

9:04:53 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:06:16:10
Objects scanned :45720
Objects identified :135
Objects ignored :0
New objects :135

after i delted all the files... i changed my homepage... and then i watied a couple of minutes... and it went back to about:blank and i got my pop-ups please help asap

•

Join Date: Jun 2004

Posts: 21

Reputation: jendej is an unknown quantity at this point

Solved Threads: 1

jendej

Offline

Newbie Poster

Re: About:Blank Homepage

Jun 22nd, 2004

most of the programs can't catch all of this one. i'm going to give you a thread. in it is a specific set of instructions that may help some. try it and see if it works for you. my system is better, but i still find elements of this virus lingering and i am waiting for more help to destroy the remaining hidden files.

http://daniweb.com/techtalkforums/thread5531.html

there is a post from Iced on 6/18/04 at 5:17 pm that describes in detail what to try. good luck

•

Join Date: Jun 2004

Posts: 26

Reputation: Silent is an unknown quantity at this point

Solved Threads: 1

Silent

Offline

Light Poster

Re: About:Blank Homepage

Jun 22nd, 2004

cws shredder didnt find anything for me...

•

Join Date: Jun 2004

Posts: 26

Reputation: Silent is an unknown quantity at this point

Solved Threads: 1

Silent

Offline

Light Poster

Re: About:Blank Homepage

Jun 22nd, 2004

i tried that site.. but cws shredder didnt pick anythng up... and then when i went to the regedit and i did all that stuff it said.. nothing was in the binary thing... it was just 0's

•

Join Date: Jun 2004

Posts: 26

Reputation: Silent is an unknown quantity at this point

Solved Threads: 1

Silent

Offline

Light Poster

Re: About:Blank Homepage

Jun 23rd, 2004

anyone????

•

Join Date: Jun 2004

Posts: 26

Reputation: Silent is an unknown quantity at this point

Solved Threads: 1

Silent

Offline

Light Poster

Re: About:Blank Homepage

Jun 24th, 2004

somebody please help!

•

Join Date: Dec 2003

Posts: 2,414

Reputation: alc6379 has a spectacular aura about

Solved Threads: 123

alc6379

Offline

Cookie... That's it

Re: About:Blank Homepage

Jun 24th, 2004

I don't normally give direct help with HJT logs, but I am in this case because I've specifically run into this one, and it is a nasty to remove. First off, I know these entries are bad:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Salih\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.socom2battles.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

And some of these look random, which would make me a little suspicious:

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
O2 - BHO: (no name) - {0B9B83D5-AF96-46A3-9224-A96944F99FF4} - C:\WINDOWS\System32\fgkohba.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msfaol.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

Now, with this information, let me ask you: Do you use any P2P programs, like Kazaa or iMesh, or Limewire? These are some of the biggest sources of this stuff. Also, make sure you're running Windows Update on a regular basis, as these hijacks are often prevented by patches available through the Windows Update service.

Alex Cavnar, aka alc6379