Here is the new hijack log... Logfile of HijackThis v1.97.7 Scan saved at 11:35:37 PM, on 3/14/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0600) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\SYSTEM\SSDPSRV.exe C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\WINDOWS\SYSTEM\HPSYSDRV.exe C:\WINDOWS\DELAYRUN.exe C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.exe C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.exe C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.exe C:\WINDOWS\LOADQM.exe C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.exe C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.exe C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.exe C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.exe C:\WINDOWS\SYSTEM\HPHMON05.exe C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.exe C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.exe C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\AIM95\AIM.exe C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.exe C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\WINDOWS\SYSTEM\RNAAPP.exe C:\WINDOWS\SYSTEM\TAPISRV.exe C:\WINDOWS\TEMP\TD_0004.DIR\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.psouth.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.psouth.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Points South R3 - Default URLSearchHook is missing F1 - win.ini: run=hpfsched O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe O4 - HKLM\..\Run: [PP6100b] C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe O9 - Extra button: AIM (HKLM) O12 - Plugin for .lpc: C:\PROGRA~1\INTERN~1\PLUGINS\npldpict.dll O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/Swdir_Alt_Pub.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37971.2531828704 IE is working great!!!! Thanks!!

0

Hi Glad it worked out good. You are still running hijackthis from a temporary directory which means we can't recover any mistakes or undesirable changes made if needed. Now that things are working well...if you want to help reduce boot time and speed things up a bit the following entries can be fixed: (first two are leftovers from the hijack) R3 - Default URLSearchHook is missing O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe <-available thru start> programs O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe <- available thru start> programs O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY <-available thru display settings in control panel O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe<- updates available within the program (logitech) O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<- huge resorce hog, available thru start> programs O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe <- available within the program Once all are checked close all windows and click fix checked. Reboot You also want to visit windows update to install any missing critical updates. I would also upgrade IE to 6.0 including sp1 and related updates. another program to help keep crap off the computer is spywareblaster (free) it disables bad active x controls from being downloaded. It will need to be updated once installed and check for updates about once a week. Spywareblaster Once installed and updated click the "select all" button then click "protect from checked items" Take care and all the best. _________________________________ I never give up! Windows Update

0

Hey, I have had the same problem with my internet home page. I ran hijackthis and here are the results, if someone could tell me what I need to delete, that would be great. Here are the results: Logfile of HijackThis v1.97.7 Scan saved at 12:27:32 PM, on 3/17/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\DEVLDR16.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.exe C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe C:\PROGRAM FILES\WINAMP\WINAMPA.exe C:\WINDOWS\SYSTEM\HIDSERV.exe C:\WINDOWS\SYSTEM\QTTASK.exe C:\WINDOWS\SYSTEM\MSBB.exe C:\PROGRAM FILES\WINZIP\WZQKPICK.exe C:\PROGRAM FILES\ABC\ABC.exe C:\WINDOWS\SYSTEM\WBEM\WINMGMT.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\WINDOWS\DESKTOP\CLRSCHP028.exe C:\WINDOWS\DESKTOP\CLRSCHP028.exe C:\WINDOWS\SYSTEM\STIMON.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe C:\WINDOWS\SYSTEM\SACM32M.exe C:\WINDOWS\TEMP\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hkcu R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\CALSDR.DLL O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Sharedll\AHQ\CTMIX32.exe /t O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.exe /LOADQUIET O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [msbb] C:\WINDOWS\SYSTEM\MSBB.exe O4 - HKLM\..\Run: [AEHKNR] C:\WINDOWS\AEHKNR.exe O4 - HKLM\..\Run: [SACM32M] C:\WINDOWS\SYSTEM\SACM32M.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: AIM (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38017.8383101852 O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4328/mcfscan.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab Thanks again.

0

Hey blender: Thanks so much for the fix to this damn clr search thing. I followed your instructions and I am back to normal. Why is this happening all of a sudden and is it from one particulat web site? Is it rampant right now? I have another issue that you might be able to help me out with, it has to do with Flash always locking/freezing up my computer. It has been going on for two years and no one can figure out why. Let me know if you want to help in this challenge as well....Thanks from Canada Patrick

0

6 icons have appeared on my desktop. They are bs5-15v.exe 0021-bdl94126.exe ClrSchP028 o o.bat calsdr.exe I have run adaware & norton. Norton detected nothing but adaware quarantined all of this:- ArchiveData(auto-quarantine- 20-03-2004 11-50-48.bckp) ====================================================== CYDOOR ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[2]=RegKey : .default\software\Cydoor obj[3]=RegKey : .default\software\Cydoor Services obj[85]=RegKey : software\cydoor obj[86]=RegKey : Software\Cydoor obj[87]=RegKey : software\cydoor services obj[154]=Folder : c:\windows\system\AdCache obj[195]=File : c:\windows\system\cd_clint.dll obj[196]=File : c:\windows\system\cd_htm.dll obj[204]=File : c:\windows\system\adcache\b_572900.htm obj[205]=File : c:\windows\system\adcache\b_759800.htm obj[206]=File : c:\windows\system\adcache\b_637800.htm obj[207]=File : c:\windows\system\adcache\b_291_0_1_734600.gif obj[208]=File : c:\windows\system\adcache\b_291_0_1_734400.gif obj[209]=File : c:\windows\system\adcache\b_291_0_1_503300.gif obj[210]=File : c:\windows\system\adcache\b_291_0_1_501200.gif obj[211]=File : c:\windows\system\adcache\b_291_0_4_629200.gif obj[212]=File : c:\windows\system\adcache\b_291_0_4_627700.gif obj[213]=File : c:\windows\system\adcache\b_291_0_4_630300.gif obj[214]=File : c:\windows\system\adcache\b_291_0_4_627600.gif obj[215]=File : c:\windows\system\adcache\b_291_0_4_628900.gif obj[216]=File : c:\windows\system\adcache\b_291_0_4_628700.gif obj[217]=File : c:\windows\system\adcache\b_291_0_4_627200.gif obj[218]=File : c:\windows\system\adcache\b_291_0_1_529400.gif obj[219]=File : c:\windows\system\adcache\b_291_0_1_502000.gif obj[220]=File : c:\windows\system\adcache\b_291_0_1_639300.gif obj[221]=File : c:\windows\system\adcache\b_291_0_1_500900.gif obj[222]=File : c:\windows\system\adcache\b_291_0_1_503800.gif obj[223]=File : c:\windows\system\adcache\b_291_0_1_502100.gif obj[224]=File : c:\windows\system\adcache\b_291_0_1_501500.gif obj[225]=File : c:\windows\system\adcache\b_291_0_1_528300.gif obj[226]=File : c:\windows\system\adcache\b_291_0_1_608500.gif obj[227]=File : c:\windows\system\adcache\b_291_0_1_535000.gif obj[228]=File : c:\windows\system\adcache\b_291_0_1_676900.gif obj[229]=File : c:\windows\system\adcache\b_291_0_1_737300.gif obj[230]=File : c:\windows\system\adcache\b_291_0_2_790100.gif obj[231]=File : c:\windows\system\adcache\b_291_0_2_707500.gif obj[232]=File : c:\windows\system\adcache\b_291_0_3_771300.gif obj[233]=File : c:\windows\system\adcache\b_291_0_3_770600.gif obj[234]=File : c:\windows\system\adcache\b_291_0_3_769900.gif obj[235]=File : c:\windows\system\adcache\b_291_0_1_625300.gif obj[236]=File : c:\windows\system\adcache\b_291_0_1_507200.gif obj[237]=File : c:\windows\system\adcache\b_291_0_4_527200.gif obj[238]=File : c:\windows\system\adcache\b_291_0_4_527400.gif obj[239]=File : c:\windows\system\adcache\b_291_0_1_598600.gif obj[240]=File : c:\windows\system\adcache\b_291_0_3_777000.gif obj[241]=File : c:\windows\system\adcache\b_620000.htm obj[242]=File : c:\windows\system\adcache\b_291_0_1_597300.gif obj[243]=File : c:\windows\system\adcache\b_291_0_1_501400.gif obj[244]=File : c:\windows\system\adcache\b_291_0_1_502200.gif obj[245]=File : c:\windows\system\adcache\b_291_0_1_505000.gif obj[246]=File : c:\windows\system\adcache\b_291_0_1_501600.gif obj[247]=File : c:\windows\system\adcache\b_291_0_2_598100.gif obj[248]=File : c:\windows\system\adcache\b_291_0_3_550300.gif obj[249]=File : c:\windows\system\adcache\b_291_0_1_598100.gif obj[250]=File : c:\windows\system\adcache\b_291_0_2_734400.gif obj[251]=File : c:\windows\system\adcache\b_291_0_2_558200.gif obj[252]=File : c:\windows\system\adcache\b_291_0_2_558700.gif obj[253]=File : c:\windows\system\adcache\b_291_0_2_505000.gif obj[254]=File : c:\windows\system\adcache\b_291_0_2_507200.gif obj[255]=File : c:\windows\system\adcache\b_291_0_2_558500.gif obj[256]=File : c:\windows\system\adcache\b_736800.htm obj[257]=File : c:\windows\system\adcache\b_291_0_2_681200.gif obj[258]=File : c:\windows\system\adcache\b_291_0_2_720000.gif obj[259]=File : c:\windows\system\adcache\b_291_0_2_681100.gif obj[260]=File : c:\windows\system\adcache\b_291_0_2_720100.gif obj[261]=File : c:\windows\system\adcache\b_291_0_4_614800.gif obj[262]=File : c:\windows\system\adcache\b_291_0_2_635700.gif obj[263]=File : c:\windows\system\adcache\b_291_0_2_622500.gif obj[264]=File : c:\windows\system\adcache\b_291_0_4_725000.gif obj[265]=File : c:\windows\system\adcache\b_291_0_4_724900.gif obj[266]=File : c:\windows\system\adcache\b_291_0_4_724800.gif obj[267]=File : c:\windows\system\adcache\b_737200.htm obj[268]=File : c:\windows\system\adcache\b_291_0_2_597300.gif obj[269]=File : c:\windows\system\adcache\b_291_0_1_585100.gif obj[270]=File : c:\windows\system\adcache\b_291_0_1_586300.gif obj[271]=File : c:\windows\system\adcache\b_291_0_1_586800.gif obj[272]=File : c:\windows\system\adcache\b_291_0_1_590200.gif E-GROUP ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[4]=RegKey : .default\Software\EGDHTML obj[16]=RegKey : CLSID\{2ABE804B-4D3A-41BF-A172-304627874B45} obj[23]=RegKey : CLSID\{94742E3F-D9A1-4780-9A87-2FFA43655DA2} obj[29]=RegKey : EGDHTML.EGDialHTML obj[30]=RegKey : EGDHTML.EGDialHTML.1 obj[31]=RegKey : EGDialObject.EGDial obj[32]=RegKey : EGDialObject.EGDial.1 obj[57]=RegKey : Interface\{2F668A6D-2EC7-4E3A-A485-819E210738D6} obj[90]=RegKey : Software\EGDHTML obj[96]=RegKey : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94742E3F-D9A1-4780-9A87-2FFA43655DA2} obj[120]=RegKey : TypeLib\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53} obj[155]=Folder : c:\program files\Instant Access obj[273]=File : c:\program files\instant access\dialer obj[274]=File : c:\program files\instant access\center obj[275]=File : c:\windows\start menu\nocreditcard.lnk obj[276]=File : c:\windows\system\egdhtml_1024.dll obj[277]=File : c:\windows\system\egdial.dll obj[278]=File : c:\windows\downloaded program files\egdhtml_pack.inf obj[279]=File : c:\windows\downloaded program files\egdhtml.inf DOWNLOADWARE ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[5]=RegKey : .default\Software\WebInstall obj[22]=RegKey : CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E} obj[88]=RegKey : SOFTWARE\DownloadWare obj[106]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E} obj[138]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run obj[147]=RegKey : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/ActiveInstall2.dll obj[148]=RegValue : Software\Microsoft\Windows\CurrentVersion\SharedDLLs obj[149]=Folder : c:\program files\DownloadWare obj[166]=File : c:\windows\downloaded program files\activeinstall2.dll obj[199]=File : c:\program files\downloadware\cfg obj[200]=File : c:\program files\downloadware\downloads obj[201]=File : c:\program files\downloadware\temp obj[202]=File : c:\windows\downloaded program files\activeinstall2.inf HOTBAR ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[6]=RegKey : AppID\{B701A705-F828-11D4-A466-00508B5BA2DF} obj[8]=RegKey : Atlnet.HbWebmailSend obj[9]=RegKey : Atlnet.HbWebmailSend.1 obj[14]=RegKey : CLSID\{1038DD23-8AE8-451B-A134-4DB8A49AA519} obj[17]=RegKey : CLSID\{4DBCFAF7-62E1-4811-8ACC-6511E7192CB4} obj[18]=RegKey : CLSID\{60F630A2-41EC-11D5-B558-00D0B77F0A6D} obj[19]=RegKey : CLSID\{69FD62B1-0216-4C31-8D55-840ED86B7C8F} obj[20]=RegKey : CLSID\{6FE00B71-7251-4E00-9186-ED89BBB946B8} obj[21]=RegKey : CLSID\{75D2080B-4857-4B96-9B7D-732634FBD01F} obj[24]=RegKey : CLSID\{954814C0-40F3-4249-8528-B4922CD2964E} obj[25]=RegKey : CLSID\{A80347E0-F757-11D4-A466-00508B5BA2DF} obj[26]=RegKey : CLSID\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} obj[27]=RegKey : CLSID\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D} obj[35]=RegKey : HbCoreSrv.HbCoreServices obj[36]=RegKey : HbCoreSrv.HbCoreServices.1 obj[37]=RegKey : HbHostIE.HbBho.1 obj[38]=RegKey : HbHostOL.HbMailAnim obj[39]=RegKey : HbHostOL.HbMailAnim.1 obj[40]=RegKey : HBInstIE.HbInstObj obj[41]=RegKey : HBInstIE.HbInstObj.1 obj[42]=RegKey : HbSrv.HbCoreServices obj[43]=RegKey : HbSrv.HbCoreServices.1 obj[44]=RegKey : HbToolbar.HbToolbarCtl obj[45]=RegKey : HbToolbar.HbToolbarCtl.1 obj[46]=RegKey : Hotbar.HbBho obj[47]=RegKey : Hotbar.HbCommBand obj[48]=RegKey : Hotbar.HbCommBand.1 obj[49]=RegKey : Hotbar.HbMain obj[50]=RegKey : Hotbar.HbMain.1 obj[54]=RegKey : Interface\{17719B53-FAD1-11D4-A466-00508B5BA2DF} obj[55]=RegKey : Interface\{17719B54-FAD1-11D4-A466-00508B5BA2DF} obj[58]=RegKey : Interface\{3103E312-E1BB-49AB-80EB-0A92FCA78746} obj[59]=RegKey : Interface\{31321312-E1BB-49AB-80EB-13212CA78746} obj[61]=RegKey : Interface\{46417AFD-7A15-4ED1-B764-CB72CD4D904F} obj[62]=RegKey : Interface\{4BF4FAFA-186E-4E36-8F74-525290438D7B} obj[64]=RegKey : Interface\{6A6EBAE8-8C66-4675-B423-95B3BA530940} obj[65]=RegKey : Interface\{6F885F52-B45F-45BC-8642-FE3D56155A3A} obj[66]=RegKey : Interface\{7E33BC81-0818-11D5-B50D-00D0B77F0A6D} obj[67]=RegKey : Interface\{8F59F897-6923-4B3B-8156-4E55D19DE99A} obj[68]=RegKey : Interface\{918E4B7A-4D80-43A4-83A7-39ADCC11841F} obj[69]=RegKey : Interface\{9EE87A26-B2C8-4130-83F6-E8511D939976} obj[71]=RegKey : Interface\{A80347DF-F757-11D4-A466-00508B5BA2DF} obj[73]=RegKey : Interface\{AD9A7B03-BE12-11D4-B493-00D0B77F0A6D} obj[74]=RegKey : Interface\{B00609A6-82AF-4C55-BBB8-ADC8593CEB86} obj[75]=RegKey : Interface\{B195B3B2-8A05-11D3-97A4-0004ACA6948E} obj[76]=RegKey : Interface\{DA603411-0593-11D5-A46B-00508B5BA2DF} obj[77]=RegKey : Interface\{DA603411-0593-11D5-A46B-10101B1B1111} obj[78]=RegKey : Interface\{DA603411-0593-11D5-A46B-10101DDD1111} obj[79]=RegKey : Interface\{F4132B7B-1576-41B6-ABD8-39C6C53047F7} obj[80]=RegKey : Interface\{F64B26C1-07DE-11D5-B50D-00D0B77F0A6D} obj[81]=RegKey : Interface\{F7A1BF21-1D7D-4F5F-A201-0CA35A5CD68F} obj[93]=RegKey : Software\Hotbar obj[94]=RegKey : SOFTWARE\Hotbar obj[99]=RegKey : Software\Microsoft\Internet Explorer\Explorer Bars\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D} obj[102]=RegKey : SOFTWARE\Microsoft\Office\Outlook\Addins\HbHostOL.HbMailAnim.1 obj[107]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} obj[109]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotbar Uninstall obj[117]=RegKey : TypeLib\{60F63095-41EC-11D5-B558-00D0B77F0A6D} obj[119]=RegKey : TypeLib\{6D6D1580-5B74-40EA-97F4-3C2B46C5ABDD} obj[121]=RegKey : TypeLib\{94BEB7A2-36B7-46DC-8AD1-81A8332409C0} obj[122]=RegKey : TypeLib\{A80347D3-F757-11D4-A466-00508B5BA2DF} obj[123]=RegKey : TypeLib\{B195B3A5-8A05-11D3-97A4-0004ACA6948E} obj[124]=RegKey : TypeLib\{B701A704-F828-11D4-A466-00508B5BA2DF} obj[132]=RegValue : SOFTWARE\Microsoft\Internet Explorer\Toolbar obj[133]=RegValue : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser obj[137]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform obj[139]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run obj[150]=RegKey : AppID\HbSrv.exe obj[151]=RegKey : CLSID\{A54814C0-40F3-4249-8528-B4922CD2964E} obj[152]=Folder : c:\windows\application data\Hotbar obj[153]=Folder : c:\program files\Hotbar obj[197]=File : c:\windows\system\hbinst.exe obj[203]=File : c:\program files\hotbar\hotbar.log NETWORKESSENTIALS ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[7]=RegKey : AppID\{C81CFF28-6DF1-402F-B78C-D9493EF59882} obj[28]=RegKey : CLSID\{E79061BA-B6E7-4A9D-A07C-C3CB561013B4} obj[51]=RegKey : HP.Hopper obj[52]=RegKey : HP.Hopper.1 obj[53]=RegKey : Interface\{1423903E-86CC-4470-8AB0-257C10D77D45} obj[63]=RegKey : Interface\{4DEA7CA1-3372-4204-937C-2DD4A6ED6562} obj[70]=RegKey : Interface\{A42DC659-33B5-409E-A433-650AC42ECCA4} obj[72]=RegKey : Interface\{A8516F49-8046-4295-8EE9-C59D5041C9E2} obj[82]=RegKey : Interface\{FB82CCD5-174B-4379-BC37-72D9B5ADAEDA} obj[83]=RegKey : Software\ActiveInstall obj[89]=RegKey : Software\DownloadWare obj[92]=RegKey : Software\Hopper obj[108]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownloadWare obj[111]=RegKey : Software\WebInstall obj[113]=RegKey : SP.SmartPops obj[114]=RegKey : SP.SmartPops.1 obj[115]=RegKey : TypeLib\{47350D97-09E9-4590-864E-3431DA53BF37} obj[127]=RegKey : TypeLib\{FA777197-4BF7-4AA9-A088-A0D803198DE0} obj[156]=Folder : c:\program files\MediaLoads Enhanced obj[280]=File : c:\program files\medialoads enhanced\install.exe obj[281]=File : c:\program files\medialoads enhanced\me2.dll VX2.BETTERINTERNET ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[10]=RegKey : bidll.bidllobj.1 obj[11]=RegKey : CLSID\{000006b1-19b5-414a-849f-2a3c64ae6939} obj[103]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000006b1-19b5-414a-849f-2a3c64ae6939} obj[157]=RegKey : Software\Dbi obj[158]=RegKey : Software\Microsoft\Windows\CurrentVersion\Uninstall\Dbi obj[282]=File : c:\windows\temp\bi.dll obj[283]=File : c:\windows\temp\biprep.exe obj[284]=File : c:\windows\bi.dll obj[285]=File : c:\windows\biprep.exe LYCOS SIDESEARCH ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[12]=RegKey : CLSID\{00000762-3965-4A1A-98CE-3D4BF457D4C8} obj[95]=RegKey : SOFTWARE\Lycos\Sidesearch obj[98]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{000007AB-7059-463E-BD44-101A1750D732} obj[100]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{000007C6-17DF-4438-92A4-DE5537471BA3} obj[104]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000762-3965-4A1A-98CE-3D4BF457D4C8} obj[159]=Folder : c:\program files\lycos\Sidesearch obj[286]=File : c:\program files\lycos\sidesearch\temp obj[287]=File : c:\program files\lycos\sidesearch\offline.htm obj[288]=File : c:\program files\lycos\sidesearch\uninst.exe obj[289]=File : c:\program files\lycos\sidesearch\sidesearch1311.dll TOPPICKS ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[13]=RegKey : CLSID\{00000EF1-0786-4633-87C6-1AA7A44296DA} obj[105]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-0786-4633-87C6-1AA7A44296DA} GATOR ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[15]=RegKey : CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} obj[91]=RegKey : SOFTWARE\Gator.com obj[290]=File : c:\windows\gatorplugin.log FAVORITEMAN ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[33]=RegKey : F1.Organizer obj[34]=RegKey : F1.Organizer.1 obj[116]=RegKey : TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF} obj[126]=RegKey : TypeLib\{EF100007-F409-426A-9E7C-CB211F2A9786} obj[134]=RegValue : Software\Microsoft\Windows obj[135]=RegValue : Software\Microsoft\Windows obj[136]=RegValue : Software\Microsoft\Windows obj[198]=File : c:\windows\system\im64.dll XUPITER ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[56]=RegKey : INTERFACE\{1A8B567B-BD3F-44A1-8B94-F50D37A1914E} obj[125]=RegKey : TypeLib\{C6C2871F-7467-4A35-90FA-9E9894BC1916} obj[130]=RegKey : XTUpdate.XT obj[131]=RegKey : XTUpdate.XT.1 obj[142]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run obj[143]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run obj[160]=RegKey : CLSID\{2662BDD7-05D6-408F-B241-FF98FACE6054} STOPPOP ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[60]=RegKey : Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A} CLEARSEARCH ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[84]=RegKey : SOFTWARE\CLRSCH obj[161]=Folder : c:\program files\ClearSearch obj[162]=Folder : c:\windows\temp\ClrSch obj[291]=File : c:\program files\clearsearch\loader.exe obj[292]=File : c:\program files\clearsearch\csieinst.dll obj[293]=File : c:\program files\clearsearch\csssinst.dll obj[294]=File : c:\program files\clearsearch\csbiinst.dll obj[295]=File : c:\program files\clearsearch\control.dat obj[296]=File : c:\program files\clearsearch\csie.dll MEDIACHARGER ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[97]=RegKey : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EB6AFDAB-E16D-430B-A5EE-0408A12289DC} ALEXA ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[101]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} SAVENOW ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[110]=RegKey : Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow obj[112]=RegKey : Software\WhenUSave obj[129]=RegKey : WUSN.1 obj[141]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run obj[163]=Folder : c:\program files\Save obj[297]=File : c:\program files\save\save.db obj[298]=File : c:\program files\save\save.exe obj[299]=File : c:\program files\save\save.htm obj[300]=File : c:\program files\save\saveuninst.exe obj[301]=File : c:\program files\save\readme.txt obj[302]=File : c:\program files\save\extra.exe MSVIEW ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[118]=RegKey : TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC} obj[128]=RegKey : VX2.VX2Obj IGETNET ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[140]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run obj[164]=RegValue : Software\Microsoft\Internet Explorer\URLSearchHooks WINDOWS ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[144]=RegData : .DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings obj[145]=RegData : Software\Microsoft\MediaPlayer\Player\Settings POSSIBLE BROWSER HIJACK ATTEMPT ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[146]=RegKey : Software\SQ obj[165]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run TRACKING COOKIE ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[167]=File : c:\windows\cookies\fijolek@targetnet[2].txt obj[168]=File : c:\windows\cookies\fijolek@z1.adserver[2].txt obj[170]=File : c:\windows\cookies\fijolek@centrport[1].txt obj[171]=File : c:\windows\cookies\fijolek@doubleclick[2].txt obj[172]=File : c:\windows\cookies\fijolek@advertising[1].txt obj[173]=File : c:\windows\cookies\fijolek@valueclick[1].txt obj[174]=File : c:\windows\cookies\fijolek@atdmt[2].txt obj[175]=File : c:\windows\cookies\fijolek@qksrv[1].txt obj[176]=File : c:\windows\cookies\fijolek@as1.falkag[2].txt obj[177]=File : c:\windows\cookies\fijolek@ehg-cbs.hitbox[2].txt obj[178]=File : c:\windows\cookies\fijolek@hitbox[1].txt obj[179]=File : c:\windows\cookies\fijolek@gator[1].txt obj[180]=File : c:\windows\cookies\fijolek@fortunecity[1].txt obj[181]=File : c:\windows\cookies\fijolek@zedo[1].txt obj[182]=File : c:\windows\cookies\fijolek@fastclick[2].txt obj[183]=File : c:\windows\cookies\fijolek@tribalfusion[2].txt obj[184]=File : c:\windows\cookies\fijolek@a.as-us.falkag[2].txt obj[185]=File : c:\windows\cookies\fijolek@ads.addynamix[1].txt obj[186]=File : c:\windows\cookies\fijolek@ads.specificpop[1].txt obj[187]=File : c:\windows\cookies\fijolek@adserver.news.com[2].txt obj[188]=File : c:\windows\cookies\fijolek@mediaplex[1].txt obj[189]=File : c:\windows\cookies\fijolek@etype.adbureau[2].txt obj[190]=File : c:\windows\cookies\fijolek@internetfuel[2].txt obj[191]=File : c:\windows\cookies\fijolek@bravenet[2].txt obj[192]=File : c:\windows\cookies\fijolek@servedby.valuead[1].txt obj[193]=File : c:\windows\cookies\fijolek@servedby.advertising[2].txt obj[194]=File : c:\windows\cookies\fijolek@commission-junction[1].txt OTHER ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[169]=File : c:\windows\cookies\fijolek@cgi-bin[1].txt Can anyone tell me is it safe to delete the icons on my desktop and what do I do with all the quarantined stuff??? Please help me !!!

0

patrick I have seen clearsearch get installed with some free programs, it can also be installed if IE security settings are not right. I have also seen it install as part of cool web search...there are so many sourses of clearsearch infection... I use spywareblaster as well as ad-aware and spybot to keep clean. Spywareblaster should block clearsearch download as well as the immunize feature in spybot. About your Flash freezing up....Not too familiar with flash as right now I am just using the web based flash...but interested in the challange just the same...email me if you like as this thread may carry on for a mile...lol. (put "flash problems" in subject matter...or I think spam and delete). Click my name for email. _____________________________________________ jillgf Yes those icons can safely go to the trash. To get rid of stuff in ad-aware quarentine: Start ad-aware In main ad-aware window click "open quarentine list" Right click in window and select "Delete all archives" Yes at the prompt. **note** I would wait a bit before doing that in case there are programs you really want that need the spyware to run. Some of those programs detected by ad-aware are better off first being removed through add/remove programs in the control panel first then cleaning out remanents with ad-aware...such as: Downloadware..it would take you to a website during uninstall. WhenUsave or Save Lycos sidesearch Clearsearch Network essentials (if I remember right this one pops up a window that you have to type in the number it displays...says something like "to make sure a human is removing this program and not a computer script type in the number in the window" Hotbar. But usually ad-aware kills it effectively if using the recommended tweak settings described here: http://www.lavahelp.com/howto/fullscan/index.html Also most effective running the scan while offline and in safe mode (tapf8 at boot) or you may notice some of the items returning again. ___________________________________ I never give up! Windows Update

0

hey everyody. i've been having the same problems with specificPop and lycos sidesearch that the original poster was having. so i've followed all the instructions on installing and running hijackthis, and this is the logfile that it generated. can someone please tell me what files i can safely tell hijackthis to fix? Thanks. Logfile of HijackThis v1.97.7 Scan saved at 16:26:49, on 04/10/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\System32\carpserv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HPQ\One-Touch\OneTouch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Zone Labs\ZoneAlarm\zapid.exe C:\Program Files\PictureShare\PSClient.exe C:\WINDOWS\System32\sfsipca.exe C:\WINDOWS\System32\tis.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated) R3 - Default URLSearchHook is missing O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.1.8P.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.exe TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [sfsipca] C:\WINDOWS\System32\sfsipca.exe O4 - HKLM\..\Run: [tis] C:\WINDOWS\System32\tis.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [HelioBarXP] C:\Program Files\HelioBar XP\HelioBarXP.exe start O4 - Startup: PictureShare.net Startup.lnk = C:\Program Files\PictureShare\PSClient.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Global Startup: ZoneAlarm Pro - Integrity Desktop.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapid.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: AIM (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/LocalExec.CAB O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/26156ff5a61d1e9a8e00/netzip/RdxIE601.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

0

I found this site when looking for help with this stupid Newspynotice problem. I've downloaded and run HijackThis, thanks to your advice. I have the log file. May I post it for your advice please.

0