a-search.biz start page IE?!!?

Computing.Net > Forums > Windows Me > a-search.biz start page IE?!!?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

a-search.biz start page IE?!!?

Name: Nick_Relf
Date: September 24, 2004 at 15:10:20 Pacific
OS: WIN ME
CPU/Ram: 256MB

Comment:

Ok this is REALLY REALLY PISSING ME OFF and I need some help.
When I open Internet explorer, an "action cancelled" page comes up and it diverts to - http://a-search.biz/?wmid=3305 - this page. I cannot press the "Back" and "Forward" buttons and something has seriously infected my computer and I don't know what.
The title of the page is "about:blank Trusted Start Page Microsoft Internet Explorer".
I've searched on the internet search engines for a solution and there is NOTHING. I'm hoping someone will know.
Thanks.
Nick

Sponsored Link

Ads by Google

Response Number 1

Name: jubalsams
Date: September 24, 2004 at 23:45:04 Pacific

Reply:

You been hijacked. Ever tried SpyBot Search and Distroy, AdAware or hijackthis ?
Stop gap : run msconfig and uncheck anything in startup that looks odd (don't uncheck systray of scandisk), then set your homepage back in internet options.
Best

Response Number 2

Name: JackG
Date: September 24, 2004 at 23:47:29 Pacific

Reply:

What did you search for? There are plenty of hits on the About:Blank Browser Hijacker?
Hum.. maybe you are trying to use the infected system to do the search. Dumb idea, as a Browser Hijacker installed that redirects you to their search engine would of course NOT find any "bad" entries about itself.
Some versions of the CoolWebSearch Browser Hijacker (CWS) and other others also block your access to the SypwareInfo.com web sites and sites that deal with Browser Hijackers.
Start with page and see if you can access the links on About:Buster and Browser Hijacker removals.

Response Number 3

Name: Nick_Relf
Date: September 25, 2004 at 00:47:54 Pacific

Reply:

Thanks for replying. I've used spybot, and it picked up nothing. the others I have not but will give them a go.
It happens everytime I open a new window, whether it's clicking on a link in the browser, or just opening a new window.I 'll try the rest but I don't think they'll work. If anyone has any other suggestions, i'd appreciate it.
Does anyone know how to edit the registry? Could this be a solution? Thanks!

Response Number 4

Name: Viking
Date: September 25, 2004 at 02:53:58 Pacific

Reply:

Run the programs mentioned first and make sure they are all fully up to date.

See the iDiOt walk
See the idiot TaLk
WaLk IdIoT WaLk

Response Number 5

Name: Nick_Relf
Date: September 25, 2004 at 15:42:07 Pacific

Reply:

Done, Done and Done...
No luck :(

www.compaqpresario.biz how can i make a searching option inahtml page? start page ie http://dell.msn.com/	group policy start page ie http://www.google.com/search?q=error+code+6003&start=0&ie=utf-8&oe=utf-8&cl ie start page registry
See More

Response Number 6

Name: Viking
Date: September 25, 2004 at 16:18:26 Pacific

Reply:

Follow the advice in the post directly under yours -- 44075.
Especially from 2/3 down onwards. End up posting a HijackThis log file on this thread after you've completed the steps in the post.

See the iDiOt walk
See the idiot TaLk
WaLk IdIoT WaLk

Response Number 7

Name: SamZee
Date: September 26, 2004 at 07:08:10 Pacific

Reply:

"http://a-search.biz/?wmid=3305" I know that HAS to be a spyware/adware issue...... And it would surprise me if Spybot and Ad-Aware couldnt get rid of it........ And I know your smart enough to update both of those programs with new definitions..... I would try scanning with both of those programs in "Safe Mode"
If you have no luck at all..... which you should.... Re-Install IE. And then after you do that.............. GET MOZILLA FIREFOX! Best internet Browswer there is.... lemme tell ya. It looks just like IE so theres no getting used to, except the fact that it loads pages a lot faster.
__________-SamZee-__________

Response Number 8

Name: Nick_Relf
Date: September 26, 2004 at 10:46:01 Pacific

Reply:

HERE IS THE AD-ADARE LOG-FILE
Ad-Aware SE Build 1.05
Logfile Created on:26 September 2004 17:38:43
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R8 13.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):10 total references
Alexa(TAC index:5):8 total references
BargainBuddy(TAC index:8):2 total references
BlazeFind(TAC index:5):2 total references
CoolWebSearch(TAC index:10):2 total references
Cydoor(TAC index:7):1 total references
eUniverse(TAC index:10):1 total references
Tracking Cookie(TAC index:3):12 total references
VX2(TAC index:10):24 total references
WinAD(TAC index:7):1 total references
WinFavorites(TAC index:6):21 total references
Winpup32(TAC index:6):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

26-09-2004 17:38:43 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291781557
Threads : 6
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294944085
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.exe
#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294952281
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294954473
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.exe
#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294838365
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:6 [MSGPLUS.EXE]
FilePath : C:\PROGRAM FILES\MESSENGER PLUS! 3\
ProcessID : 4294859353
Threads : 1
Priority : Normal

#:7 [SMC.EXE]
FilePath : C:\PROGRAM FILES\SYGATE\SPF\
ProcessID : 4294851921
Threads : 15
Priority : Normal
FileVersion : 5.5.00.2525
ProductVersion : 5.5.00.2525
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2003 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.exe
#:8 [GPLLOGDO.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294781369
Threads : 4
Priority : Normal

#:9 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294863785
Threads : 33
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.exe
#:10 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294737421
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.exe
#:11 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294745585
Threads : 5
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows(TM) Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright (C) Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.exe
#:12 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294665733
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.exe
#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294660553
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.exe
#:14 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294679185
Threads : 5
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft (r) PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:15 [SCTRAY.EXE]
FilePath : C:\PQSC\PROGRAM\
ProcessID : 4294689017
Threads : 2
Priority : Normal

#:16 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294583329
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.exe
#:17 [HPZTSB05.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294589385
Threads : 1
Priority : Normal
FileVersion : 2,121,0,0
ProductVersion : 2,121,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2002
#:18 [DRAGDIAG.EXE]
FilePath : C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\
ProcessID : 4294615865
Threads : 2
Priority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch
#:19 [SYNCROAD.EXE]
FilePath : C:\PROGRAM FILES\WINDOWS SYNCROAD\
ProcessID : 4294619229
Threads : 4
Priority : Normal

#:20 [WINSYNC.EXE]
FilePath : C:\PROGRAM FILES\WINDOWS SYNCROAD\
ProcessID : 4294634509
Threads : 2
Priority : Normal

#:21 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294587857
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:22 [SONYTRAY.EXE]
FilePath : C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\
ProcessID : 4294654861
Threads : 1
Priority : Normal

#:23 [MSNMSGR.EXE]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294673321
Threads : 15
Priority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:24 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294551685
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:25 [STIMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294402637
Threads : 5
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : STIMON.exe
#:26 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294312869
Threads : 6
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe
#:27 [WMPLAYER.EXE]
FilePath : C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\
ProcessID : 4294273065
Threads : 16
Priority : Normal
FileVersion : 9.00.00.2980
ProductVersion : 9.00.00.2980
ProductName : Microsoft(R) Windows Media Player
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player
InternalName : WMPLAYER.exe
LegalCopyright : (C) Microsoft Corporation. All rights reserved.
OriginalFilename : WMPLAYER.exe
#:28 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294264829
Threads : 4
Priority : Normal
FileVersion : 5.00.2133.2
ProductVersion : 5.00.2133.2
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : Protected storage server
#:29 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 3874972341
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions\msbb
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions\msbb
Value : did
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions\msbb
Value : duid
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions\msbb
Value : partner_id
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions\msbb
Value : product_id
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions\msbb
Value : boom
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions\msbb
Value : smt
Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}
Value :
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao
Value :
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao.1
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao.1
Value :
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 22
Objects found so far: 22

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/bridge.dll
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/bridge.dll
Value : .Owner
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/bridge.dll
Value : {9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
WinFavorites Object Recognized!
Type : File
Data : /windows/downloaded program files/bridge.dll
Category : Malware
Comment :
Object : c:\
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/a.exe
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/a.exe
Value : .Owner
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/a.exe
Value : {9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
WinFavorites Object Recognized!
Type : File
Data : /windows/system/a.exe
Category : Malware
Comment :
Object : c:\
WinFavorites Object Recognized!
Type : RegValue
Data : C:\WINDOWS\Downloaded Program Files\bridge.dll
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\bridge.dll
WinFavorites Object Recognized!
Type : RegValue
Data : C:\WINDOWS\SYSTEM\a.exe
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\SYSTEM\a.exe
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 32

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@gator[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:test@gator.com/
Expires : 24-11-2004 20:15:34
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@276[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:test@jkazaa.cjt1.net/HTM/276
Expires : 26-09-2005 17:23:00
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@tripod[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:test@tripod.com/
Expires : 26-09-2005 17:26:50
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@versiontracker[1].txt
Category : Data Miner
Comment : Hits:73
Value : Cookie:test@versiontracker.com/
Expires : 26-09-2006 10:35:10
LastSync : Hits:73
UseCount : 0
Hits : 73
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@0[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:test@jkazaa.cjt1.net/HTM/500/0
Expires : 26-09-2005 17:13:08
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@0[3].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:test@jkazaa.cjt1.net/HTM/276/0
Expires : 26-09-2005 17:23:00
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 38
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Winpup32 Object Recognized!
Type : File
Data : AG_HOOKM.exe
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1.00.0009
ProductVersion : 1.00.0009
ProductName : werule
CompanyName : totempole
InternalName : pup
OriginalFilename : pup.exe

WinFavorites Object Recognized!
Type : File
Data : a.exe
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright © 2003
OriginalFilename : a.exe

WinAD Object Recognized!
Type : File
Data : ide21201.vxd
Category : Data Miner
Comment :
Object : c:\WINDOWS\SYSTEM\
eUniverse Object Recognized!
Type : File
Data : PerfectNav150c.dll
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\PerfectNav\BHO\
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : BHO Module
FileDescription : BHO Module
InternalName : BHO
LegalCopyright : Copyright 2003
OriginalFilename : BHO.DLL

Cydoor Object Recognized!
Type : File
Data : cd_clint.dll
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\
FileVersion : 3, 2, 1, 6
ProductVersion : 3, 2, 1, 6
ProductName : cd_clint
FileDescription : cd_clint
InternalName : cd_clint
LegalCopyright : Copyright © 2003
OriginalFilename : cd_clint.dll

180Solutions Object Recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\FLEOK\
FileVersion : 5, 9, 0, 7
ProductVersion : 5, 9, 0, 7
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.

VX2 Object Recognized!
Type : File
Data : twaintec.dll
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\THI1235.TMP\
FileVersion : 0, 1, 4, 19
ProductVersion : 0, 1, 4, 19
ProductName : Twaintec
CompanyName : Twain Tech
FileDescription : www.twain-tech.com
InternalName : Twaintec
LegalCopyright : Copyright © 2003
OriginalFilename : Twaintec.dll
Comments : www.twain-tech.com

VX2 Object Recognized!
Type : File
Data : preInsTT.exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\THI1235.TMP\
VX2 Object Recognized!
Type : File
Data : twtini.cab
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\
VX2 Object Recognized!
Type : File
Data : twaintec.ini
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\
BargainBuddy Object Recognized!
Type : File
Data : cdt_bbi8016.exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\
180Solutions Object Recognized!
Type : File
Data : ncmyb.dll
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\

Object "mxTarget.dll" found in this archive.
VX2 Object Recognized!
Type : File
Data : mxTarget.cab
Category : Data Miner
Comment : Object "mxTarget.dll" found in this archive.
Object : c:\WINDOWS\TEMP\THI2773.TMP\
VX2 Object Recognized!
Type : File
Data : mxTarget.dll
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\THI2773.TMP\
FileVersion : 0, 2, 4, 27
ProductVersion : 0, 2, 4, 27
ProductName : mxtarget
CompanyName : MX-Targeting
FileDescription : www.mx-targeting.com
InternalName : mxtarget
LegalCopyright : Copyright © 2003
OriginalFilename : mxtarget.dll
Comments : www.mx-targeting.com
Object "mxTarget.dll" found in this archive.
VX2 Object Recognized!
Type : File
Data : mxTarget.cab
Category : Data Miner
Comment : Object "mxTarget.dll" found in this archive.
Object : c:\WINDOWS\TEMP\THI3A70.TMP\
VX2 Object Recognized!
Type : File
Data : mxTarget.dll
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\THI3A70.TMP\
FileVersion : 0, 2, 4, 27
ProductVersion : 0, 2, 4, 27
ProductName : mxtarget
CompanyName : MX-Targeting
FileDescription : www.mx-targeting.com
InternalName : mxtarget
LegalCopyright : Copyright © 2003
OriginalFilename : mxtarget.dll
Comments : www.mx-targeting.com
Object "mxTarget.dll" found in this archive.
VX2 Object Recognized!
Type : File
Data : mxTarget.cab
Category : Data Miner
Comment : Object "mxTarget.dll" found in this archive.
Object : c:\WINDOWS\TEMP\THI41CD.TMP\
VX2 Object Recognized!
Type : File
Data : mxTarget.dll
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\THI41CD.TMP\
FileVersion : 0, 2, 4, 30
ProductVersion : 0, 2, 4, 30
ProductName : mxtarget
CompanyName : MX-Targeting
FileDescription : www.mx-targeting.com
InternalName : mxtarget
LegalCopyright : Copyright © 2003
OriginalFilename : mxtarget.dll
Comments : www.mx-targeting.com

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@gator[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\test@gator[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@0[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\test@0[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@tripod[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\test@tripod[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@0[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\test@0[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@versiontracker[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\test@versiontracker[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@276[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\test@276[1].txt
WinFavorites Object Recognized!
Type : File
Data : bridge.dll
Category : Malware
Comment :
Object : c:\WINDOWS\Downloaded Program Files\
FileVersion : 1, 0, 0, 117
ProductVersion : 1, 0, 0, 117
ProductName : bridge Module
FileDescription : bridge Module
InternalName : bridge
LegalCopyright : Copyright 2003
OriginalFilename : bridge.DLL

VX2 Object Recognized!
Type : File
Data : TWAINTEC.INI
Category : Data Miner
Comment :
Object : c:\WINDOWS\
VX2 Object Recognized!
Type : File
Data : PREINSTT.exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\
VX2 Object Recognized!
Type : File
Data : TWAINTEC.DLL
Category : Data Miner
Comment :
Object : c:\WINDOWS\
FileVersion : 0, 1, 4, 19
ProductVersion : 0, 1, 4, 19
ProductName : Twaintec
CompanyName : Twain Tech
FileDescription : www.twain-tech.com
InternalName : Twaintec
LegalCopyright : Copyright © 2003
OriginalFilename : Twaintec.dll
Comments : www.twain-tech.com

Winpup32 Object Recognized!
Type : File
Data : pup.exe
Category : Malware
Comment :
Object : c:\WINDOWS\
FileVersion : 1.00.0009
ProductVersion : 1.00.0009
ProductName : werule
CompanyName : totempole
InternalName : pup
OriginalFilename : pup.exe

BlazeFind Object Recognized!
Type : File
Data : 2_0_1browserhelper2.dll
Category : Malware
Comment :
Object : c:\WINDOWS\
BlazeFind Object Recognized!
Type : File
Data : UnstSA2.exe
Category : Malware
Comment :
Object : c:\WINDOWS\
FileVersion : 1.0.0.15
ProductVersion : 1.0.0.0
CompanyName : Kalptaru Infotech Ltd.

180Solutions Object Recognized!
Type : File
Data : nul.exe.tmp
Category : Data Miner
Comment :
Object : c:\WINDOWS\

Object "W0030127.CPY" found in this archive.
VX2 Object Recognized!
Type : File
Data : FS98.CAB
Category : Data Miner
Comment : Object "W0030127.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\

Object "W0034189.CPY" found in this archive.
BargainBuddy Object Recognized!
Type : File
Data : FS115.CAB
Category : Data Miner
Comment : Object "W0034189.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\

Object "W0016410.CPY" found in this archive.
VX2 Object Recognized!
Type : File
Data : FS261.CAB
Category : Data Miner
Comment : Object "W0016410.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\

Object "W0100477.CPY" found in this archive.
VX2 Object Recognized!
Type : File
Data : FS449.CAB
Category : Data Miner
Comment : Object "W0100477.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\
VX2 Object Recognized!
Type : File
Data : 0641C4.DAT
Category : Data Miner
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe

VX2 Object Recognized!
Type : File
Data : 0639DE.DAT
Category : Malware
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 0, 2, 1, 3
ProductVersion : 0, 2, 1, 3
CompanyName : ClickAlchemy
FileDescription : www.clickalchemy.com
LegalCopyright : Copyright © 2004

VX2 Object Recognized!
Type : File
Data : 0639F3.DAT
Category : Data Miner
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe

CoolWebSearch Object Recognized!
Type : File
Data : 064AFB.DAT
Category : Malware
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 78

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1610 entries scanned.
New critical objects:0
Objects found so far: 78

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b88a3af1-4f1b-4400-8ffb-3fcb108ce115}
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b88a3af1-4f1b-4400-8ffb-3fcb108ce115}
Value :
VX2 Object Recognized!
Type : File
Data : dummy.htm
Category : Malware
Comment :
Object : C:\WINDOWS\TEMP\
VX2 Object Recognized!
Type : File
Data : twtini.inf
Category : Malware
Comment :
Object : C:\WINDOWS\TEMP\
VX2 Object Recognized!
Type : File
Data : TWTINI.INF
Category : Malware
Comment :
Object : C:\WINDOWS\inf\
VX2 Object Recognized!
Type : File
Data : polmx3.inf
Category : Malware
Comment :
Object : C:\WINDOWS\TEMP\
VX2 Object Recognized!
Type : File
Data : POLMX3.INF
Category : Malware
Comment :
Object : C:\WINDOWS\inf\
CoolWebSearch Object Recognized!
Type : File
Data : HOSTS
Category : Malware
Comment :
Object : C:\WINDOWS\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 86
17:45:40 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:57.320
Objects scanned:75115
Objects identified:86
Objects ignored:0
New critical objects:86

Response Number 9

Name: Viking
Date: September 26, 2004 at 11:10:07 Pacific

Reply:

Now post a HijackThis log file like you were sposed to :)
And while your online download the VX2 plugin for Ad-Aware and run that too. I would also download About:Buster in readiness -- THEN post the HJT log file.
Ad-Aware plugins you usually get from ....
Lavasoft Ad-Aware SE -- Add-Ons.
But you may, or may not have to wait a little while as the site can sometimes dip out for a while.

See the iDiOt walk
See the idiot TaLk
WaLk IdIoT WaLk

Response Number 10

Name: Nick_Relf
Date: September 26, 2004 at 11:33:38 Pacific

Reply:

SORRY...I DIDN'T READ IT PROPERLY :)
Logfile of HijackThis v1.98.2
Scan saved at 19:30:02, on 26/09/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.exe
C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
C:\WINDOWS\SYSTEM\GPLLOGDO.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PQSC\PROGRAM\SCTRAY.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\HPZTSB05.exe
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.exe
C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.exe
C:\PROGRAM FILES\WINDOWS SYNCROAD\WINSYNC.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.exe
C:\WINDOWS\TEMP\TD_0005.DIR\HIJACKTHIS.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
O4 - HKLM\..\RunServices: [DNSCache] C:\WINDOWS\SYSTEM\GPLLOGDO.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.exe" "+b1"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=c4b22ccc2604fce1eddde7bc1b05853a942c8f9076eec6a5aa4575c1fbbf031458e511937026819222e4fedad7609572eea12a2ae54ebe5fa2579ae9d9555d:520254c6ae31119456192437fc021adc
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help//PreQual/files/MotivePreQual.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Response Number 11

Name: Nick_Relf
Date: September 26, 2004 at 11:37:05 Pacific

Reply:

By the way, i'm doing EVERYTHING you're telling me to do/download. Thanks for all your help so far. It's grately appreciated.
I'll keep you updated as to the problem..but at the moment it's still there :(

Response Number 12

Name: Nick_Relf
Date: September 26, 2004 at 11:44:34 Pacific

Reply:

AND HERE IS THE ABOUT:BUSTER LOG:
Scanned at: 19:41:01 on: 26/09/2004

-- Sc---
About:Buster Version 3.0
Reference List : 15

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Sc---
About:Buster Version 3.0
Reference List : 15

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

Response Number 13

Name: Viking
Date: September 26, 2004 at 12:21:05 Pacific

Reply:

That's two logs I didn't want :)
Nevermind. Listen up...
1) Make sure you follow How to Show System Files.
2) You've unzipped HijackThis into a Temp folder. Assuming you've touched nothing then delete it and start again. This time extract it to somewhere like your Program Files.
2) Make sure you have downloaded and installed the VX2 plugin for Ad-Aware and make sure you run it. The instructions are at that link and on the program itself.
3) You do have spyware their, so I would also (if you can) go into add and remove programs and remove (uninstall) anything that you do NOT recognise or know exactly what it does.
Tip here: You have something called WINDOWS SYNCROAD in your program files. See if you can uninstall it via add and remove programs.
If you don't see it listed and can't uninstall -- don't worry.
4) Now post another HJT log file.

See the iDiOt walk
See the idiot TaLk
WaLk IdIoT WaLk

Response Number 14

Name: Nick_Relf
Date: September 26, 2004 at 14:17:32 Pacific

Reply:

1) done the show system files thing.
2) ok done
3) ok done - It says that the system is clean.
4) Done. WINDOWS SYNCROAD was there and removed it.
5) HERE: What is a HJT log? Here's some kind of log anyway. There are 2 logs here. One from Ad-Aware, and the other from HiJackthis.
AD-AWARE:

Ad-Aware SE Build 1.05
Logfile Created on:26 September 2004 22:05:33
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R8 13.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):1 total references
BargainBuddy(TAC index:8):1 total references
BlazeFind(TAC index:5):2 total references
CoolWebSearch(TAC index:10):1 total references
MRU List(TAC index:0):21 total references
Tracking Cookie(TAC index:3):8 total references
VX2(TAC index:10):9 total references
WinAD(TAC index:7):2 total references
WinFavorites(TAC index:6):2 total references
Winpup32(TAC index:6):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

26-09-2004 22:05:33 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : .DEFAULT\software\smartftp\connection data
Description : list of recently accessed servers using smartftp

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : C:\WINDOWS\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291781557
Threads : 6
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294944085
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.exe
#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294952281
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294954473
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.exe
#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294838365
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:6 [MSGPLUS.EXE]
FilePath : C:\PROGRAM FILES\MESSENGER PLUS! 3\
ProcessID : 4294859353
Threads : 1
Priority : Normal

#:7 [SMC.EXE]
FilePath : C:\PROGRAM FILES\SYGATE\SPF\
ProcessID : 4294851921
Threads : 15
Priority : Normal
FileVersion : 5.5.00.2525
ProductVersion : 5.5.00.2525
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2003 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.exe
#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294863785
Threads : 35
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.exe
#:9 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294737421
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.exe
#:10 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294745585
Threads : 5
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows(TM) Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright (C) Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.exe
#:11 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294665733
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.exe
#:12 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294660553
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.exe
#:13 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294679185
Threads : 5
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft (r) PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:14 [SCTRAY.EXE]
FilePath : C:\PQSC\PROGRAM\
ProcessID : 4294689017
Threads : 2
Priority : Normal

#:15 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294583329
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.exe
#:16 [HPZTSB05.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294589385
Threads : 1
Priority : Normal
FileVersion : 2,121,0,0
ProductVersion : 2,121,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2002
#:17 [DRAGDIAG.EXE]
FilePath : C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\
ProcessID : 4294615865
Threads : 2
Priority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch
#:18 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294587857
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:19 [SONYTRAY.EXE]
FilePath : C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\
ProcessID : 4294654861
Threads : 1
Priority : Normal

#:20 [MSNMSGR.EXE]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294673321
Threads : 16
Priority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:21 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294551685
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:22 [STIMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294402637
Threads : 5
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : STIMON.exe
#:23 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294312869
Threads : 5
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe
#:24 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294264829
Threads : 4
Priority : Normal
FileVersion : 5.00.2133.2
ProductVersion : 5.00.2133.2
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : Protected storage server
#:25 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 3874868625
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:test@imrworldwide.com/cgi-bin
Expires : 24-09-2014 21:44:54
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@versiontracker[1].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:test@versiontracker.com/
Expires : 26-09-2006 14:51:38
LastSync : Hits:26
UseCount : 0
Hits : 26
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@fastclick[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:test@fastclick.net/
Expires : 16-09-2006 21:49:06
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:test@tribalfusion.com/
Expires : 01-01-2038 01:00:00
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 25
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinAD Object Recognized!
Type : File
Data : ide21201.vxd
Category : Data Miner
Comment :
Object : c:\WINDOWS\SYSTEM\
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\test@tribalfusion[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\test@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@versiontracker[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\test@versiontracker[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : test@fastclick[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\test@fastclick[2].txt
Object "W0030127.CPY" found in this archive.
VX2 Object Recognized!
Type : File
Data : FS98.CAB
Category : Data Miner
Comment : Object "W0030127.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\

Object "W0034189.CPY" found in this archive.
BargainBuddy Object Recognized!
Type : File
Data : FS115.CAB
Category : Data Miner
Comment : Object "W0034189.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\

Object "W0016410.CPY" found in this archive.
VX2 Object Recognized!
Type : File
Data : FS261.CAB
Category : Data Miner
Comment : Object "W0016410.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\

Object "W0100477.CPY" found in this archive.
VX2 Object Recognized!
Type : File
Data : FS449.CAB
Category : Data Miner
Comment : Object "W0100477.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\
VX2 Object Recognized!
Type : File
Data : 0641C4.DAT
Category : Data Miner
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe

VX2 Object Recognized!
Type : File
Data : 0639DE.DAT
Category : Malware
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 0, 2, 1, 3
ProductVersion : 0, 2, 1, 3
CompanyName : ClickAlchemy
FileDescription : www.clickalchemy.com
LegalCopyright : Copyright © 2004

VX2 Object Recognized!
Type : File
Data : 0639F3.DAT
Category : Data Miner
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe

CoolWebSearch Object Recognized!
Type : File
Data : 064AFB.DAT
Category : Malware
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
Winpup32 Object Recognized!
Type : File
Data : 06411E.DAT
Category : Malware
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 1.00.0009
ProductVersion : 1.00.0009
ProductName : werule
CompanyName : totempole
InternalName : pup
OriginalFilename : pup.exe

WinFavorites Object Recognized!
Type : File
Data : 0641C2.DAT
Category : Malware
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright © 2003
OriginalFilename : a.exe

WinAD Object Recognized!
Type : File
Data : 064246.DAT
Category : Data Miner
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
WinFavorites Object Recognized!
Type : File
Data : 064ADF.DAT
Category : Malware
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 1, 0, 0, 117
ProductVersion : 1, 0, 0, 117
ProductName : bridge Module
FileDescription : bridge Module
InternalName : bridge
LegalCopyright : Copyright 2003
OriginalFilename : bridge.DLL

VX2 Object Recognized!
Type : File
Data : 0639D0.DAT
Category : Data Miner
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
VX2 Object Recognized!
Type : File
Data : 0639D5.DAT
Category : Data Miner
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
VX2 Object Recognized!
Type : File
Data : 0639D7.DAT
Category : Data Miner
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 0, 1, 4, 19
ProductVersion : 0, 1, 4, 19
ProductName : Twaintec
CompanyName : Twain Tech
FileDescription : www.twain-tech.com
InternalName : Twaintec
LegalCopyright : Copyright © 2003
OriginalFilename : Twaintec.dll
Comments : www.twain-tech.com

Winpup32 Object Recognized!
Type : File
Data : 0639FF.DAT
Category : Malware
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 1.00.0009
ProductVersion : 1.00.0009
ProductName : werule
CompanyName : totempole
InternalName : pup
OriginalFilename : pup.exe

BlazeFind Object Recognized!
Type : File
Data : 063A01.DAT
Category : Malware
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
BlazeFind Object Recognized!
Type : File
Data : 063A04.DAT
Category : Malware
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
FileVersion : 1.0.0.15
ProductVersion : 1.0.0.0
CompanyName : Kalptaru Infotech Ltd.

180Solutions Object Recognized!
Type : File
Data : 063A06.DAT
Category : Data Miner
Comment :
Object : c:\PQSC\CPS\00006A\FILES\001\
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49
22:11:45 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:12.10
Objects scanned:73657
Objects identified:28
Objects ignored:0
New critical objects:28
----------------------
HIJACKTHIS:
Logfile of HijackThis v1.98.2
Scan saved at 22:13:34, on 26/09/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.exe
C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PQSC\PROGRAM\SCTRAY.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\HPZTSB05.exe
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.exe
C:\PROGRAM FILES\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
O4 - HKLM\..\RunServices: [DNSCache] C:\WINDOWS\SYSTEM\GPLLOGDO.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.exe" "+b1"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=c4b22ccc2604fce1eddde7bc1b05853a942c8f9076eec6a5aa4575c1fbbf031458e511937026819222e4fedad7609572eea12a2ae54ebe5fa2579ae9d9555d:520254c6ae31119456192437fc021adc
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help//PreQual/files/MotivePreQual.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
Hope this is NOW what you were after.
Thanks for your help.

Response Number 15

Name: Viking
Date: September 26, 2004 at 14:49:08 Pacific

Reply:

Believe it or not, according to that, you are virtually clean. The only thing you need to do is boot into safe mode and in HijackThis put a checkmark next to ...
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=c4b22ccc2604fce1eddde7bc1b05853a942c8f9076eec6a5aa4575c1fbbf031458e511937026819222e4fedad7609572eea12a2ae54ebe5fa2579ae9d9555d:520254c6ae31119456192437fc021adc
and
O4 - HKLM\..\RunServices: [DNSCache] C:\WINDOWS\SYSTEM\GPLLOGDO.exe
and remove.
Then go into C:\WINDOWS\SYSTEM\ and find GPLLOGDO.exe and delete it (still in safe mode).

NOW, you'd better listen up because I'm not 100% sure about O4 - HKLM\..\RunServices: [DNSCache] C:\WINDOWS\SYSTEM\GPLLOGDO.exe
HJT keeps backups of the things you delete in it. That's why I wanted you to put it somewhere safe and sensible like the program files ;)
So you have a back up of that in HJT and when you delete GPLLOGDO.exe that will also be deleted to the recycle bin -- Keep it there ! ...At least for a short while.
Now if you start getting problems with that (don't know what, unknown quantity - maybe connection / resolving issues) then simply go to the recycle bin and RESTORE the file from whence it came (C:\WINDOWS\SYSTEM\). You do that by right clicking the file in recycle bin and selecting - restore.
I think you should be good though. Report back ..
1) If it resolves your original problem, and 2) if it f---s with anything (It shouldn't do).

See the iDiOt walk
See the idiot TaLk
WaLk IdIoT WaLk

Response Number 16

Name: Viking
Date: September 27, 2004 at 02:47:19 Pacific

Reply:

Nick Relf,
Shall I take it your struggling with this ?
If so, post back for an explanation.
Although HJT is pretty straight forward.
You scan it, like you have done and put a checkmark next to what I've put and click remove. But make sure you follow the steps I put and take on board the advice I gave.

See the iDiOt walk
See the idiot TaLk
WaLk IdIoT WaLk

Response Number 17

Name: Nick_Relf
Date: September 27, 2004 at 03:26:25 Pacific

Reply:

Ok, well here's your log you asked for.
Logfile of HijackThis v1.98.2
Scan saved at 11:21:35, on 27/09/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\NOTEPAD.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.btinternet.com:8080
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help//PreQual/files/MotivePreQual.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
I've done everything you said, step-by-step and haven't come across the problem as yet.
Thanks for your help,
Nick_Relf

Response Number 18

Name: Viking
Date: September 27, 2004 at 03:32:15 Pacific

Reply:

Nick - has the original problem been resolved ?

See the iDiOt walk
See the idiot TaLk
WaLk IdIoT WaLk

Response Number 19

Name: Nick_Relf
Date: September 27, 2004 at 14:48:00 Pacific

Reply:

It seems so, so far. I haven't had the search page when I open a window yet, but I'll let you know if things change.
Thanks for all your help.

Sponsored Link

Ads by Google

How much is enough

Cable Modem/ethernet conn...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows Me Forum Home

Sponsored links

Ads by Google

Results for: a-search.biz start page IE?!!?

A drive just starts checking

Summary

www.computing.net/answers/windows-me/a-drive-just-starts-checking/4216.html

error loading explorer.exe

Summary

www.computing.net/answers/windows-me/error-loading-explorerexe/38279.html

Global Finder as default on browser

Summary

www.computing.net/answers/windows-me/global-finder-as-default-on-browser/38314.html

From the Geek Dictionary
Dork - A socially awkward person who tends to shun social norms and creates their ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
Number Separator in Word 2000

No internet ability and cant copy files at al

Cannot access a site

Win7 Splash gone after monitor upgrade

What apps?

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

TV Market to Launch Cross-Platform App Store

Used ATM Machines for Sale on Craigslist

Rival Publishers Collaborate on iTunes-type Store

Guy Quits Job With Error Message

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE