how to get rid of about: blank?

Computing.Net > Forums > Security and Virus > how to get rid of about: blank?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

how to get rid of about: blank?

Name: mhsf311
Date: May 7, 2006 at 23:07:19 Pacific
OS: XP Home Edition SPII
CPU/Ram: Pentium 4; 192 Ram
Product: hp pavilion zv5000

Comment:

I've somehow gotten the about: blank spyware on my computer affecting my internet explorer browswer. I've tried using adaware se 1.05, as well as pest patrol, but haven't been able to figure out to remove this off my computer. I downloaded Hijack this...and if requested, will attach a hijack this log. Would anyone be able to please offer advice on how to fix this? I much appreciate any feedback/suggestions.

Sponsored Link

Ads by Google

Response Number 1

Name: XpUser4Real
Date: May 7, 2006 at 23:39:10 Pacific

Reply:

This sounds pretty helpfull for you:
About Blank Removal
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 2

Name: XpUser4Real
Date: May 7, 2006 at 23:41:57 Pacific

Reply:

sorry, I just checked out the link for the removal and it doesn't seem to work

Hopefully my advice will help you...Please post back with your results....thanks

Response Number 3

Name: XpUser4Real
Date: May 7, 2006 at 23:44:48 Pacific

Reply:

Here's one that looks good:
http://www.securiteam.com/securityreviews/5RP0L0UD5U.html
HTH
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 4

Name: XpUser4Real
Date: May 7, 2006 at 23:46:27 Pacific

Reply:

One more:
http://www.gold-software.com/RemoveaboutblankBuddy-review6351.htm
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 5

Name: XpUser4Real
Date: May 8, 2006 at 00:07:46 Pacific

Reply:

You know what? Try winpatrol (it's free) and get it to remove the browser helper. I use it all the time and it stops anyone or anything from loading onto your PC and removes it for you. Post back your results
Hopefully my advice will help you...Please post back with your results....thanks

itune registration how to upload books to iphone HP ProtectTools Security Manager windows 7 purge icon how to override administrative rights stream.sys ati 109-49800-11 p1006clp.dll download how to update nvidia drivers how to bypass administrator password	how to Go to C:\Windows\System32 How to get color back on your computer nv-ds60 consumer ir devices how to register regcure ksuser.dll download SoundMax screenshot apple how to how to restore ibook how to open imac
See More

Response Number 6

Name: jabuck
Date: May 8, 2006 at 05:16:41 Pacific

Reply:

Or if you prefer please post you Hijack This log.
Then run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.

Response Number 7

Name: mhsf311
Date: May 9, 2006 at 22:38:39 Pacific

Reply:

First off, thank you both very much for the suggestions. I downloaded winpatrol...and it keeps locating the hp temp file that is apparently causing the problem. (And I noticed with this program, that every time I open IE, it creates a diff. temp file...but there's always only the one temp file in my WINDOWS32 folder.)
The remove About blank program, wants me to pay 30 bucks to get a registration key to use the program, so I wanted to hold off on that.
After I follow the securiteam.com steps and run the online scan from Kaspersky etc., I'll post my results. Thanks again for all your help.

Logfile of HijackThis v1.99.1
Scan saved at 10:22:09 PM, on 5/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\My Documents\download\mikey31180\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPZinw12.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp307F.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37710.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Response Number 8

Name: mhsf311
Date: May 10, 2006 at 00:48:00 Pacific

Reply:

Here are the results of my Kaspersky scan.
---------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, May 10, 2006 12:43:58 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 10/05/2006
Kaspersky Anti-Virus database records: 192736
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Z:\
Scan Statistics:
Total number of scanned objects: 77901
Number of viruses found: 18
Number of infected objects: 61
Number of suspicious objects: 0
Duration of the scan process: 01:18:33
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\Cache\FEF34E17d01/data0019/HbTools.mlp Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\Cache\FEF34E17d01/data0019 Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\Cache\FEF34E17d01 NSIS: infected - 2 skipped
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backup-20060507-134414-672.dll Infected: Trojan-Downloader.Win32.Zlob.nn skipped
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backup-20060507-134511-317.dll Infected: Trojan-Downloader.Win32.Zlob.nn skipped
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backup-20060507-140531-840.dll Infected: Trojan-Downloader.Win32.Zlob.nn skipped
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backup-20060507-151547-807.dll Infected: Trojan-Downloader.Win32.Zlob.no skipped
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backups\backup-20060507-171016-535.dll Infected: Trojan-Downloader.Win32.Zlob.no skipped
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backups\backup-20060509-222013-400.dll Infected: Trojan-Downloader.Win32.Zlob.nv skipped
C:\Program Files\Norton AntiVirus\Quarantine\00270B84/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\00270B84 NSIS: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\00270B84 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\013B2000 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\014273F8/stream/data0001 Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\014273F8/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\014273F8 NSIS: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\014273F8 CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\01451DF5/RXToolBar.dll Infected: not-a-virus:AdWare.Win32.RXBar.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\01451DF5 CAB: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\01451DF5 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\114F2DB1 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\23646696 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\2EF42295/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\2EF42295 NSIS: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2EF42295 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F916CD6 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3C950622 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3ED918BB Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Program Files\Norton AntiVirus\Quarantine\46D643B7 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\48BD7AB3 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\54E66F44 Infected: not-a-virus:AdWare.Win32.RXBar.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\57DC7C2D Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\Norton AntiVirus\Quarantine\692C4496 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\Norton AntiVirus\Quarantine\74BC0094 Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\76AC2F1C Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\76AF5918 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\76B20315 Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A2D6CF4.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A987A1B Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP158\A0058969.tlb Infected: Trojan-Downloader.Win32.Zlob.nw skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP158\A0059006.exe Infected: Trojan-Downloader.Win32.Zlob.nq skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP158\A0059011.tlb Infected: Trojan-Downloader.Win32.Zlob.nw skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059103.tlb Infected: Trojan-Downloader.Win32.Zlob.nw skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059118.tlb Infected: Trojan-Downloader.Win32.Zlob.nw skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059140.exe Infected: Trojan-Downloader.Win32.Zlob.nw skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059148.tlb Infected: Trojan-Downloader.Win32.Zlob.no skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059157.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.np skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059157.exe/stream/data0007 Infected: Trojan-Downloader.Win32.Zlob.nl skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059157.exe/stream Infected: Trojan-Downloader.Win32.Zlob.nl skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059157.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059157.exe UPX: infected - 3 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059157.exe PE_Patch.UPX: infected - 3 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059219.tlb Infected: Trojan-Downloader.Win32.Zlob.no skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP159\A0059230.exe Infected: Trojan-Downloader.Win32.Zlob.no skipped
C:\WINDOWS\system32\atmclk.exe Infected: Trojan-Downloader.Win32.Zlob.nu skipped
C:\WINDOWS\system32\dcomcfg.exe Infected: Trojan-Downloader.Win32.Zlob.nv skipped
C:\WINDOWS\system32\hp307F.tmp Infected: Trojan-Downloader.Win32.Zlob.nv skipped
C:\WINDOWS\system32\ldACE4.tmp Infected: Trojan-Downloader.Win32.Zlob.nl skipped
C:\WINDOWS\system32\reglogs.dll Infected: not-virus:Hoax.Win32.Renos.cz skipped
C:\WINDOWS\system32\regperf.exe Infected: Trojan-Downloader.Win32.Zlob.nl skipped
C:\WINDOWS\system32\simpole.tlb Infected: Trojan-Downloader.Win32.Zlob.nv skipped
Scan process completed.

Response Number 9

Name: Barrie Guy
Date: May 10, 2006 at 03:30:44 Pacific

Reply:

First of all....you have to disable
"System Restore" before getting rid of
most trojans and viruses, cos the sneaky
beggars usually hide in there. (according
to your Kaspersky report they ARE in there).
Right-click on MyComputer icon, choose
"properties", choose "System Restore" and
check the box "Turn off System Restore on all drives"......you lose all your Restore Points but they're no good anyway if you got viruses in there. DON'T FORGET TO UNCHECK THE BOX AFTER YOUR COMPUTER IS CLEAN !
Do your checks in "Safe Mode" (press F8 during boot), or at least disconnect your internet connection, to stop trojans from downloading new versions while you're checking.
You can paste your HiJack This Log into the Help2Go Detective and get an immediate reply. ( http://www.help2go.com and choose Help2go Detective from the main menu )
You can download a trial version of Ewido Security Suite from www.ewido.net/en/ and it's pretty good.
Good Luck !
Barrie.

Response Number 10

Name: jabuck
Date: May 10, 2006 at 05:50:23 Pacific

Reply:

You have smitrem/smitfruad a spyware.
You will need to turn off Norton's script blocking until you get clean.
Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
Click Options.
If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.
In the right pane, uncheck Enable Script Blocking (recommended).
Click OK.
We will need a few tools.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download Ewido Security Suite then set it up this way Ewido Setup Instructions We will need this later in safe mode
Be sure to update Ewido
Please download SmitRemFix from this link http://siri.geekstogo.com/SmitfraudFix.php Then extract the contents to your desktop.
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Next run Ewido in safe mode. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Run ATF-Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Post the Ewido log on your desktop and a new HT log.
Purge the restore folder. For instructions on how to purge system restore click Here
To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.
Navigate to and delete the contents of the quarantine folder.
Run a new Kaspersky and post its log.

Response Number 11

Name: mhsf311
Date: May 11, 2006 at 18:04:14 Pacific

Reply:

Jabuck, thank you very much for the detailed instructions etc. I followed them from top to bottom (the only thing I wasn't sure how to do was how to navigate to the new restore folder? and to delete the contents of the quarantine folder).
Nonetheless...I'll post all of the logs etc., that you requested. The about: blank is gone from my IE browser...but after the last Kaspersky scan, it still says I have some spyware (I think), viruses on my computer. But it does seem to be running much better (and faster!)Again, according the Kaspersky scan, and the second to instructions you gave me...should I delete the contents of the quarantine folder for Norton?
First SmitFraudfix log:
SmitFraudFix v2.42
Scan done at 20:52:30.93, Wed 05/10/2006
Run from C:\Documents and Settings\Mike\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\reglogs.dll FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mike\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mike\FAVORI~1
C:\DOCUME~1\Mike\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{35a88e51-b53d-43e9-b8a7-75d4c31b4676}"="Register LogWare"
[HKEY_CLASSES_ROOT\CLSID\{35a88e51-b53d-43e9-b8a7-75d4c31b4676}\InProcServer32]
@="C:\WINDOWS\system32\reglogs.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{35a88e51-b53d-43e9-b8a7-75d4c31b4676}\InProcServer32]
@="C:\WINDOWS\system32\reglogs.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
Second SmitFraud (option 2) in safe mode:
SmitFraudFix v2.42
Scan done at 22:19:01.78, Wed 05/10/2006
Run from C:\Documents and Settings\Mike\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\reglogs.dll Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Mike\FAVORI~1\Antivirus Test Online.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
Edwido scan in SAFE mode:

ewido anti-malware - Scan report

+ Created on: 11:41:18 PM, 5/10/2006
+ Report-Checksum: 6D24EE51
+ Scan result:
:mozilla.6:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\cookiesnew.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\l0meq8lv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backup-20060507-134414-672.dll -> Downloader.Zlob.nn : Cleaned with backup
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backup-20060507-134511-317.dll -> Downloader.Zlob.nn : Cleaned with backup
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backup-20060507-140531-840.dll -> Downloader.Zlob.nn : Cleaned with backup
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backup-20060507-151547-807.dll -> Downloader.Zlob.no : Cleaned with backup
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backups\backup-20060507-171016-535.dll -> Downloader.Zlob.no : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20060507125225.zip/Documents and Settings/Mike/Cookies/mike@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20060507125225.zip/Documents and Settings/Mike/Cookies/mike@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20060507125225.zip/Documents and Settings/Mike/Cookies/mike@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20060507125225.zip/Documents and Settings/Mike/Cookies/mike@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20060507133340.zip/Documents and Settings/Mike/Cookies/mike@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20060507133340.zip/Documents and Settings/Mike/Cookies/mike@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20060507133340.zip/Documents and Settings/Mike/Cookies/mike@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup

::Report End
Hijack This LOG (in SAFE mode):
Logfile of HijackThis v1.99.1
Scan saved at 11:49:26 PM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Mike\My Documents\download\mikey31180\HijackThis.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37710.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Kaspersky Log:
---------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, May 11, 2006 1:51:34 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 11/05/2006
Kaspersky Anti-Virus database records: 192975
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 58514
Number of viruses found: 10
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 01:02:44
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\Cache\FEF34E17d01/data0019/HbTools.mlp Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\Cache\FEF34E17d01/data0019 Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\4fk1inrr.default\Cache\FEF34E17d01 NSIS: infected - 2 skipped
C:\Documents and Settings\Mike\My Documents\download\mikey31180\backups\backup-20060509-222013-400.dll Infected: Trojan-Downloader.Win32.Zlob.nv skipped
C:\Program Files\Norton AntiVirus\Quarantine\00270B84/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\00270B84 NSIS: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\00270B84 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\013B2000 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\014273F8/stream/data0001 Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\014273F8/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\014273F8 NSIS: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\014273F8 CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\01451DF5/RXToolBar.dll Infected: not-a-virus:AdWare.Win32.RXBar.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\01451DF5 CAB: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\01451DF5 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\114F2DB1 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\23646696 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\2EF42295/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\2EF42295 NSIS: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2EF42295 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F916CD6 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3C950622 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3ED918BB Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Program Files\Norton AntiVirus\Quarantine\46D643B7 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\48BD7AB3 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\54E66F44 Infected: not-a-virus:AdWare.Win32.RXBar.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\57DC7C2D Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\Norton AntiVirus\Quarantine\692C4496 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\Norton AntiVirus\Quarantine\74BC0094 Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\76AC2F1C Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\76AF5918 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\76B20315 Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A2D6CF4.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A987A1B Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
Scan process completed.

Response Number 12

Name: mhsf311
Date: May 11, 2006 at 18:06:25 Pacific

Reply:

Also, after I get my comp. completely cleaned up...do you recommend a specific firewall to use (I don't have one)...and also what software to make sure that I don't get anymore viruses/spyware on my computer. Thanks again for all your help.

Response Number 13

Name: XpUser4Real
Date: May 11, 2006 at 18:23:19 Pacific

Reply:

mhsf311,
You should d/l and run Crap Cleaner as well as ATF-Cleaner, they are free and will get rid of all your cookies and temp files.
A good firewall to use is Sygate Home you can find it here...Sygate Personal Firewall
works great and is user friendly, not like Zone Alarm which is also free but has some nags in it.

Hopefully my advice will help you...Please post back with your results....thanks

Response Number 14

Name: XpUser4Real
Date: May 11, 2006 at 18:26:33 Pacific

Reply:

There are numerous free antispy progs that are good:
Spybot S&D
Spyware Blaster
Adaware SE
also Windows Defender which will work in real time. You'll have to google for those.
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 15

Name: mhsf311
Date: May 11, 2006 at 18:32:56 Pacific

Reply:

Thanks for the info XP. :)

Response Number 16

Name: XpUser4Real
Date: May 11, 2006 at 18:37:33 Pacific

Reply:

You're more than welcome, I use that stuff all the time along with Avast AV and things run great....all freebies.
Hopefully my advice will help you...Please post back with your results....thanks

Sponsored Link

Ads by Google

all hijackthis requests? ...

iworm_attck_v122.02a viru...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: how to get rid of about: blank?

Getting rid of About:Blank How ?

Summary

www.computing.net/answers/security/getting-rid-of-aboutblank-how-/12316.html

How to get rid of Wbock32.DLL

Summary

www.computing.net/answers/security/how-to-get-rid-of-wbock32dll/13887.html

How to get rid of SeekSeek?

Summary

www.computing.net/answers/security/how-to-get-rid-of-seekseek/10728.html

From the Geek Dictionary
New - 1. adj. A word describing the first 10 seconds an item or experience you co...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
wpgrade7 uindows

Network errors

Task Manager

too hot

Microphone records output!

All Awaiting Reply

Tom's News
Verizon: iPhone is Digitally Clueless Beauty Queen

Nintendo DS Flash Cards are Legal Says Judge

Go Retro: Dragon's Lair Confirmed for iPhone

Sony's PSPgo May Get External UMD Reader

Report: Teen Internet Addicts Likely to Self-Harm

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE