Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

cannot view websites win 98se

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

cannot view websites win 98se

Unread postby targetone » May 2nd, 2005, 4:12 pm

Same story as most, tried removing malware and after 1/2 done lost ability to view web pages on IE, navigator, etc. Friend's computer so can't do anything that would necessitate reinstalling software, losing info, etc. already ran regrestore so would not do it again. Tried lsdfix with no help there. Someone said something about deleting winsock2 and dun but this was for aol user so some steps don't sound right?

Here is hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 3:57:26 PM, on 5/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\VERIZONDSL\IPINSIGHT\ARMON32A.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\VERIZONDSL\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\KTRJDLL.EXE
C:\WINDOWS\KTRJENC.EXE
C:\WINDOWS\SYSTEM\ELITEZDH32.EXE
C:\WINDOWS\SYSTEM\INSNTR.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\INSNTR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPTSKMGR.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS1991.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Dell
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://verizondsl.nbci.com/"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\attune_ce.exe
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\VerizonDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [byfufjvrzwfxddxqsruybkwk] C:\WINDOWS\jqwurmey.exe
O4 - HKLM\..\Run: [1W4P4M8I] \Progra~1\1W4P4M8I\1W4P4M8I.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE" /HideUninstall /HideDir /PC=CP.FHB /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [cbyh] C:\WINDOWS\cbyh.exe
O4 - HKLM\..\Run: [AutoLoaderpz5d1JPScJIX] "C:\WINDOWS\SYSTEM\CABVIDDC.EXE"
O4 - HKLM\..\Run: [p4mX37S] CABVIDDC.EXE
O4 - HKLM\..\Run: [KTRJDLL] C:\WINDOWS\KTRJDLL.EXE
O4 - HKLM\..\Run: [KTRJENC] C:\WINDOWS\KTRJENC.EXE
O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITEZDH32.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\VERIZONDSL\IPINSIGHT\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\VERIZONDSL\IPINSIGHT\ARMon32a.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Y357RXe6j] AWRMSFT3.EXE
O4 - HKCU\..\Run: [INSNTR] C:\WINDOWS\SYSTEM\INSNTR.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - HKCU\..\RunOnce: [INSNTR] C:\WINDOWS\SYSTEM\INSNTR.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Dell Home - {BAADCEA0-1CB8-11D4-951F-30614FC10000} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {234B7457-1A7E-4268-BA71-9936F0C78BEC} (ContentCleanup3X Control) - http://www.contentwatch.com/cleanup/inc ... 3Proj1.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

THANKS FOR ANY HELP THAT WON"t mean reinstall.
targetone
Active Member
 
Posts: 4
Joined: April 29th, 2005, 3:25 pm
Advertisement
Register to Remove

Unread postby Nellie2 » May 2nd, 2005, 4:57 pm

Did you say you deleted winsock2? Is it in your recycle bin? If yes then re-instate it and then run lspfix again, all you need to do is press the finish button.. nothing more.

I take it that you cannot access the internet? Lets cleanup what we can see for the time being

Run hijackthis and click the scan button, when it has finished scanning then put a tick against the following, close all other browsers and windows and click 'fix checked'

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)

O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [byfufjvrzwfxddxqsruybkwk] C:\WINDOWS\jqwurmey.exe
O4 - HKLM\..\Run: [1W4P4M8I] \Progra~1\1W4P4M8I\1W4P4M8I.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE" /HideUninstall /HideDir /PC=CP.FHB /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [cbyh] C:\WINDOWS\cbyh.exe
O4 - HKLM\..\Run: [AutoLoaderpz5d1JPScJIX] "C:\WINDOWS\SYSTEM\CABVIDDC.EXE"
O4 - HKLM\..\Run: [p4mX37S] CABVIDDC.EXE
O4 - HKLM\..\Run: [KTRJDLL] C:\WINDOWS\KTRJDLL.EXE
O4 - HKLM\..\Run: [KTRJENC] C:\WINDOWS\KTRJENC.EXE
O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITEZDH32.EXE
O4 - HKCU\..\Run: [Y357RXe6j] AWRMSFT3.EXE
O4 - HKCU\..\Run: [INSNTR] C:\WINDOWS\SYSTEM\INSNTR.exe
O4 - HKCU\..\RunOnce: [INSNTR] C:\WINDOWS\SYSTEM\INSNTR.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


Then reboot into safe mode, you may have to enable hidden files and folders and delete the following;

C:\WINDOWS\EliteToolBar <--- folder
C:\PROGRAM FILES\CXTPLS <---- folder
C:\Program Files\E2G <--- folder
C:\WINDOWS\SYSTEM\winupdt.exe
C:\WINDOWS\jqwurmey.exe
C:\WINDOWS\TEMP\~COMPOUNDINST0\ <--- folder
C:\WINDOWS\cbyh.exe
C:\WINDOWS\SYSTEM\CABVIDDC.EXE"
C:\WINDOWS\KTRJDLL.EXE
C:\WINDOWS\KTRJENC.EXE
C:\WINDOWS\SYSTEM\ELITEZDH32.EXE
C:\WINDOWS\SYSTEM\INSNTR.exe
C:\\Progra~1\1W4P4M8I <--- folder

You will need to search for these files too as I don't have the path for them;

CABVIDDC.EXE
AWRMSFT3.EXE
AUNPS2.DLL

Reboot back to normal mode and post a fresh hijack log and give me an update on performance and web connectivity please
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

no winsock was deleted

Unread postby targetone » May 2nd, 2005, 5:57 pm

Thanks, I tried the hijack this fixes. Most programs were not found to delete even with hidden files in view:

C:Windows\Elite Toolbar can't be found
C:\Program Files\E2Give not found
C:\Win\system\winupdt.exe
C:\windows\jqwurmey.exe (only applog jqwurmey.lgc)
C:windows\Tmp\~compoundinsto (only files in Temp ae is-uv5ou.tmp, vbe and xscanresult)
C:win\cbyh.exe not found
C:win\system cabviddc.exe not found
awrmsft3.exe not found

Also the Add/remove program does not get rid of E2Give plug in and Elite Bar IE toolbar

Still can't view web pages, I did not delte winsock, just ran lpsfix but did not help and now nothing comes up in windows to add or remove.
Here is hijack:

Logfile of HijackThis v1.99.1
Scan saved at 5:50:44 PM, on 5/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\VERIZONDSL\IPINSIGHT\ARUPLD32.EXE
C:\PROGRAM FILES\VERIZONDSL\IPINSIGHT\ARMON32A.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\VERIZONDSL\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS1991.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Dell
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://verizondsl.nbci.com/"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\attune_ce.exe
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\VerizonDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\VERIZONDSL\IPINSIGHT\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\VERIZONDSL\IPINSIGHT\ARMon32a.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - HKCU\..\Run: [INSNTR] C:\WINDOWS\SYSTEM\INSNTR.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Dell Home - {BAADCEA0-1CB8-11D4-951F-30614FC10000} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {234B7457-1A7E-4268-BA71-9936F0C78BEC} (ContentCleanup3X Control) - http://www.contentwatch.com/cleanup/inc ... 3Proj1.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

Thanks again, you are first very helpful person I have found, my friend is going nuts as he thinks I will destroy his computer
targetone
Active Member
 
Posts: 4
Joined: April 29th, 2005, 3:25 pm

spyware doctor

Unread postby targetone » May 2nd, 2005, 8:22 pm

Here is spyware doctor log: If this helps
Spyware Doctor Activity Report
Generated on 5/2/05 5:50:30 PM Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 5/2/05 7:45:12 PM
scan stop: 5/2/05 7:48:36 PM
scanned items: 52121
found items: 239
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner



Infection Name Location Risk
HelpExpress/Attune multiple Medium
SlawSearch multiple Medium
ABCSearch HKLM\SOFTWARE\MSW Elevated
ABCSearch HKLM\SOFTWARE\MSW\SearchTheWeb Elevated
AdDestroyer HKCR\PopOops2.PopOops Medium
AdDestroyer HKCR\PopOops2.PopOops\Clsid Medium
AdDestroyer HKCR\SWLAD1.SWLAD Medium
AdDestroyer HKCR\SWLAD1.SWLAD\Clsid Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9}\7.0 Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9}\7.0\FLAGS Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9}\7.0\0 Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9}\7.0\0\win32 Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9}\7.0\HELPDIR Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52}\5.0 Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52}\5.0\FLAGS Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52}\5.0\0 Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52}\5.0\0\win32 Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52}\5.0\HELPDIR Medium
AproposMedia HKLM\software\envolo Medium
AproposMedia HKLM\software\envolo\AutoUpdate Medium
AproposMedia HKLM\software\envolo\AutoUpdate\State Medium
BullsEye.eXact Advertising.Bargain Buddy HKLM\SOFTWARE\eXactUtil Elevated
Common Components for Searchmiracle items HKLM\SOFTWARE\Elitum Medium
Common Components for Searchmiracle items HKLM\SOFTWARE\Elitum\EliteToolBar Medium
Common Components Unrelated HKLM\software\classes\tldctl2.urllink Medium
Common Components Unrelated HKLM\software\classes\tldctl2.urllink\CLSID Medium
Common Components Unrelated HKLM\software\classes\tldctl2.urllink\CurVer Medium
Common Components Unrelated HKLM\software\classes\tldctl2.urllink.1 Medium
Common Components Unrelated HKLM\software\classes\tldctl2.urllink.1\CLSID Medium
Cydoor HKU\.DEFAULT\Software\Cydoor Medium
E2Give HKCR\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e} High
E2Give HKCR\iebhos.control High
E2Give HKCR\iebhos.control\CLSID High
E2Give HKCR\iebhos.control\CurVer High
E2Give HKCR\iebhos.control.1 High
E2Give HKCR\iebhos.control.1\CLSID High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e} High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\1.0 High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\1.0\0 High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\1.0\0\win32 High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\1.0\FLAGS High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\1.0\HELPDIR High
E2Give HKLM\software\e2g High
E2Give HKLM\software\microsoft\windows\currentversion\uninstall\e2g plugin High
Elitum EliteBar (Search Miracle) HKCU\Software\LQ Elevated
Elitum EliteBar (Search Miracle) HKLM\SOFTWARE\Elitum\EliteToolBar Elevated
Elitum EliteBar (Search Miracle) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform##iebar Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17} Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}\1.0 Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}\1.0\FLAGS Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}\1.0\0 Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}\1.0\0\win32 Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}\1.0\HELPDIR Elevated
Elitum EliteBar (Search Miracle) HKLM\software\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar Elevated
IEPlugin HKCU\Software\salm Medium
IEPlugin HKLM\SOFTWARE\salm Medium
ILookup.Begin2Search HKCR\trfdsk.amo High
ILookup.Begin2Search HKCR\trfdsk.amo\CLSID High
ILookup.Begin2Search HKCR\trfdsk.amo\CurVer High
ILookup.Begin2Search HKCR\trfdsk.amo.1 High
ILookup.Begin2Search HKCR\trfdsk.amo.1\CLSID High
ILookup.Begin2Search HKCR\trfdsk.iiittt High
ILookup.Begin2Search HKCR\trfdsk.iiittt\CLSID High
ILookup.Begin2Search HKCR\trfdsk.iiittt\CurVer High
ILookup.Begin2Search HKCR\trfdsk.iiittt.1 High
ILookup.Begin2Search HKCR\trfdsk.iiittt.1\CLSID High
ILookup.Begin2Search HKCR\trfdsk.momo High
ILookup.Begin2Search HKCR\trfdsk.momo\CLSID High
ILookup.Begin2Search HKCR\trfdsk.momo\CurVer High
ILookup.Begin2Search HKCR\trfdsk.momo.1 High
ILookup.Begin2Search HKCR\trfdsk.momo.1\CLSID High
ILookup.Begin2Search HKCR\trfdsk.ohb High
ILookup.Begin2Search HKCR\trfdsk.ohb\CLSID High
ILookup.Begin2Search HKCR\trfdsk.ohb\CurVer High
ILookup.Begin2Search HKCR\trfdsk.ohb.1 High
ILookup.Begin2Search HKCR\trfdsk.ohb.1\CLSID High
NewDotNet HKCR\Tldctl2.URLLink High
NewDotNet HKCR\Tldctl2.URLLink\CLSID High
NewDotNet HKCR\Tldctl2.URLLink\CurVer High
NewDotNet HKCR\Tldctl2.URLLink.1 High
NewDotNet HKCR\Tldctl2.URLLink.1\CLSID High
NewDotNet HKLM\SOFTWARE\New.net High
Prutect HKCU\Software\PTech Medium
Prutect HKCU\Software\PTech\1 Medium
Radlight HKLM\software\classes\tldctl2.urllink\clsid Medium
SlimFTP HKLM\software\aveo Medium
SlimFTP HKLM\software\aveo\Attune Medium
SlimFTP HKLM\software\aveo\Attune\Setup Medium
SlimFTP HKLM\software\aveo\Attune\Setup\Attune Medium
WebSearch Toolbar HKCR\PROTOCOLS\Name-Space Handler\res Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0 Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\FLAGS Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\0 Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\0\win32 Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\HELPDIR Elevated
WebSearch Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO Elevated
WebSearch Toolbar HKLM\Software\classes\PROTOCOLS\Name-Space Handler\res Elevated
Tracking Cookie(s) jlp@tribalfusion[1].txt Medium
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\debt consolidation.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\credit.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\credit reports.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\refinance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\home mortgages.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\loans.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\asset protection.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\bad credit.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\bankruptcy.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\cash advance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\debt relief.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\business.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\small business.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\work at home.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\marketing.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\e commerce.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\advertising.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\project management.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\business opportunity.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\human resources.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\weight loss.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\viagra.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\diet pills.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\phentermine.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\adipex.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\prozac.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\xenical.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\penis enlargement.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\quit smoking.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\valtrex.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\health insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\hair loss.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\nutrition.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\life insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\auto insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\term life insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\home insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\travel insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\business insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\dental insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\refinance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\air conditioning.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\home mortgages.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\blinds.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\air purifiers.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\mattress.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\home equity loans.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\lighting.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\moving.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\relocation.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\travel.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\travel insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\hawaii travel.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\las vegas hotels.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\air travel.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\celebrity cruises.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\cheap hotels.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\travel agents.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\adventure travel.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\international travel.url Elevated
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\ProgID Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\InprocServer32 Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\TypeLib Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\VERSION Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Implemented Categories Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Programmable Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\ProgID Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\InprocServer32 Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\TypeLib Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\VERSION Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Implemented Categories Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Programmable Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B} Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\ProgID Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\InprocServer32 Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\TypeLib Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\VERSION Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Implemented Categories Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Programmable Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B} Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\ProgID Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\InprocServer32 Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\TypeLib Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\VERSION Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Implemented Categories Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Programmable Medium
Elitum EliteBar (Search Miracle) HKCR\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} Elevated
Elitum EliteBar (Search Miracle) HKCR\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}\InprocServer32 Elevated
Elitum EliteBar (Search Miracle) HKLM\Software\Classes\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} Elevated
Elitum EliteBar (Search Miracle) HKLM\Software\Classes\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}\InprocServer32 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser##{825CF5BD-8862-4430-B771-0C15C5CA8DEF} Elevated
EnhanceMySearch HKCR\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3} Elevated
EnhanceMySearch HKCR\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3}\InprocServer32 Elevated
EnhanceMySearch HKLM\Software\Classes\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3} Elevated
EnhanceMySearch HKLM\Software\Classes\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3}\InprocServer32 Elevated
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\Programmable High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32 High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\Programmable High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32 High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib High
Search3 Toolbar HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser##{4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} Medium
Search3 Toolbar C:\WINDOWS\Downloaded Program Files\search3.dll Medium
Zestyfind (Unknown Hijacker) C:\WINDOWS\Favorites\links\Search the Web.URL Medium
Zestyfind (Unknown Hijacker) C:\WINDOWS\Favorites\links\Web Search.URL Medium
EnhanceMySearch C:\WINDOWS\Helper101.dll Elevated
Prutect C:\WINDOWS\pi1.exe Medium
Common Components for Searchmiracle items C:\WINDOWS\SYSTEM\eliteaxe32.exe Medium
BullsEye.eXact Advertising.Bargain Buddy C:\WINDOWS\SYSTEM\netut80ex.vxd Elevated
AdDestroyer C:\WINDOWS\SYSTEM\PopOops.dll Medium
AdDestroyer C:\WINDOWS\SYSTEM\PopOops2.dll Medium
BrAid/Stlb2 C:\WINDOWS\SYSTEM\stlb2.xml Medium
AdDestroyer C:\WINDOWS\SYSTEM\SWLAD1.dll Medium
AdDestroyer C:\WINDOWS\SYSTEM\SWLAD2.dll Medium
BullsEye.eXact Advertising C:\WINDOWS\SYSTEM\VX0.NLS Elevated
Cydoor C:\WINDOWS\temp\cd_clint.dll Medium
Trojan/Stubby C:\WINDOWS\INF\FARMMEXT.INF Medium
WinTools C:\WINDOWS\Temporary Internet Files\Content.IE5\EVCRSBEV\WToolsD[1].cab Elevated
Elite Sidebar C:\WINDOWS\Temporary Internet Files\Content.IE5\AOS0G3UZ\sideb[2].exe Medium
MediaPass C:\RECYCLED\DC30.DLL High
MediaPass C:\RECYCLED\DC31\MediaPass[1].exe High
MediaPass C:\RECYCLED\DC32.EXE High
NewDotNet C:\RECYCLED\DC33.EXE High
BullsEye.eXact Advertising.Bargain Buddy C:\RECYCLED\DC48.VXD Elevated

Scan Results:
scan start: 5/2/05 7:48:58 PM
scan stop: 5/2/05 7:52:05 PM
scanned items: 52141
found items: 239
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner



Infection Name Location Risk
HelpExpress/Attune multiple Medium
SlawSearch multiple Medium
ABCSearch HKLM\SOFTWARE\MSW Elevated
ABCSearch HKLM\SOFTWARE\MSW\SearchTheWeb Elevated
AdDestroyer HKCR\PopOops2.PopOops Medium
AdDestroyer HKCR\PopOops2.PopOops\Clsid Medium
AdDestroyer HKCR\SWLAD1.SWLAD Medium
AdDestroyer HKCR\SWLAD1.SWLAD\Clsid Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9}\7.0 Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9}\7.0\FLAGS Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9}\7.0\0 Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9}\7.0\0\win32 Medium
AdDestroyer HKCR\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9}\7.0\HELPDIR Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52}\5.0 Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52}\5.0\FLAGS Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52}\5.0\0 Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52}\5.0\0\win32 Medium
AdDestroyer HKCR\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52}\5.0\HELPDIR Medium
AproposMedia HKLM\software\envolo Medium
AproposMedia HKLM\software\envolo\AutoUpdate Medium
AproposMedia HKLM\software\envolo\AutoUpdate\State Medium
BullsEye.eXact Advertising.Bargain Buddy HKLM\SOFTWARE\eXactUtil Elevated
Common Components for Searchmiracle items HKLM\SOFTWARE\Elitum Medium
Common Components for Searchmiracle items HKLM\SOFTWARE\Elitum\EliteToolBar Medium
Common Components Unrelated HKLM\software\classes\tldctl2.urllink Medium
Common Components Unrelated HKLM\software\classes\tldctl2.urllink\CLSID Medium
Common Components Unrelated HKLM\software\classes\tldctl2.urllink\CurVer Medium
Common Components Unrelated HKLM\software\classes\tldctl2.urllink.1 Medium
Common Components Unrelated HKLM\software\classes\tldctl2.urllink.1\CLSID Medium
Cydoor HKU\.DEFAULT\Software\Cydoor Medium
E2Give HKCR\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e} High
E2Give HKCR\iebhos.control High
E2Give HKCR\iebhos.control\CLSID High
E2Give HKCR\iebhos.control\CurVer High
E2Give HKCR\iebhos.control.1 High
E2Give HKCR\iebhos.control.1\CLSID High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e} High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\1.0 High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\1.0\0 High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\1.0\0\win32 High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\1.0\FLAGS High
E2Give HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\1.0\HELPDIR High
E2Give HKLM\software\e2g High
E2Give HKLM\software\microsoft\windows\currentversion\uninstall\e2g plugin High
Elitum EliteBar (Search Miracle) HKCU\Software\LQ Elevated
Elitum EliteBar (Search Miracle) HKLM\SOFTWARE\Elitum\EliteToolBar Elevated
Elitum EliteBar (Search Miracle) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform##iebar Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17} Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}\1.0 Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}\1.0\FLAGS Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}\1.0\0 Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}\1.0\0\win32 Elevated
Elitum EliteBar (Search Miracle) HKCR\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}\1.0\HELPDIR Elevated
Elitum EliteBar (Search Miracle) HKLM\software\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar Elevated
IEPlugin HKCU\Software\salm Medium
IEPlugin HKLM\SOFTWARE\salm Medium
ILookup.Begin2Search HKCR\trfdsk.amo High
ILookup.Begin2Search HKCR\trfdsk.amo\CLSID High
ILookup.Begin2Search HKCR\trfdsk.amo\CurVer High
ILookup.Begin2Search HKCR\trfdsk.amo.1 High
ILookup.Begin2Search HKCR\trfdsk.amo.1\CLSID High
ILookup.Begin2Search HKCR\trfdsk.iiittt High
ILookup.Begin2Search HKCR\trfdsk.iiittt\CLSID High
ILookup.Begin2Search HKCR\trfdsk.iiittt\CurVer High
ILookup.Begin2Search HKCR\trfdsk.iiittt.1 High
ILookup.Begin2Search HKCR\trfdsk.iiittt.1\CLSID High
ILookup.Begin2Search HKCR\trfdsk.momo High
ILookup.Begin2Search HKCR\trfdsk.momo\CLSID High
ILookup.Begin2Search HKCR\trfdsk.momo\CurVer High
ILookup.Begin2Search HKCR\trfdsk.momo.1 High
ILookup.Begin2Search HKCR\trfdsk.momo.1\CLSID High
ILookup.Begin2Search HKCR\trfdsk.ohb High
ILookup.Begin2Search HKCR\trfdsk.ohb\CLSID High
ILookup.Begin2Search HKCR\trfdsk.ohb\CurVer High
ILookup.Begin2Search HKCR\trfdsk.ohb.1 High
ILookup.Begin2Search HKCR\trfdsk.ohb.1\CLSID High
NewDotNet HKCR\Tldctl2.URLLink High
NewDotNet HKCR\Tldctl2.URLLink\CLSID High
NewDotNet HKCR\Tldctl2.URLLink\CurVer High
NewDotNet HKCR\Tldctl2.URLLink.1 High
NewDotNet HKCR\Tldctl2.URLLink.1\CLSID High
NewDotNet HKLM\SOFTWARE\New.net High
Prutect HKCU\Software\PTech Medium
Prutect HKCU\Software\PTech\1 Medium
Radlight HKLM\software\classes\tldctl2.urllink\clsid Medium
SlimFTP HKLM\software\aveo Medium
SlimFTP HKLM\software\aveo\Attune Medium
SlimFTP HKLM\software\aveo\Attune\Setup Medium
SlimFTP HKLM\software\aveo\Attune\Setup\Attune Medium
WebSearch Toolbar HKCR\PROTOCOLS\Name-Space Handler\res Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0 Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\FLAGS Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\0 Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\0\win32 Elevated
WebSearch Toolbar HKCR\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\HELPDIR Elevated
WebSearch Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO Elevated
WebSearch Toolbar HKLM\Software\classes\PROTOCOLS\Name-Space Handler\res Elevated
Tracking Cookie(s) jlp@tribalfusion[1].txt Medium
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\debt consolidation.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\credit.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\credit reports.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\refinance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\home mortgages.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\loans.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\asset protection.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\bad credit.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\bankruptcy.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\cash advance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\debt relief.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\business.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\small business.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\work at home.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\marketing.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\e commerce.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\advertising.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\project management.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\business opportunity.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\finances & business\human resources.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\weight loss.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\viagra.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\diet pills.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\phentermine.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\adipex.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\prozac.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\xenical.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\penis enlargement.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\quit smoking.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\valtrex.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\health insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\hair loss.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\nutrition.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\life insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\auto insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\term life insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\home insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\travel insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\business insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\health & insurance\dental insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\refinance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\air conditioning.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\home mortgages.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\blinds.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\air purifiers.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\mattress.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\home equity loans.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\lighting.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\moving.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\relocation.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\travel.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\travel insurance.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\hawaii travel.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\las vegas hotels.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\air travel.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\celebrity cruises.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\cheap hotels.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\travel agents.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\adventure travel.url Elevated
Elitum EliteBar (Search Miracle) C:\WINDOWS\Favorites\homelife & travel\international travel.url Elevated
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\ProgID Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\InprocServer32 Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\TypeLib Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\VERSION Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Implemented Categories Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Medium
AdDestroyer HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Programmable Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\ProgID Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\InprocServer32 Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\TypeLib Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\VERSION Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Implemented Categories Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Medium
AdDestroyer HKLM\Software\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\Programmable Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B} Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\ProgID Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\InprocServer32 Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\TypeLib Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\VERSION Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Implemented Categories Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Medium
AdDestroyer HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Programmable Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B} Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\ProgID Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\InprocServer32 Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\TypeLib Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\VERSION Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Implemented Categories Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Medium
AdDestroyer HKLM\Software\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\Programmable Medium
Elitum EliteBar (Search Miracle) HKCR\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} Elevated
Elitum EliteBar (Search Miracle) HKCR\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}\InprocServer32 Elevated
Elitum EliteBar (Search Miracle) HKLM\Software\Classes\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} Elevated
Elitum EliteBar (Search Miracle) HKLM\Software\Classes\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}\InprocServer32 Elevated
Elitum EliteBar (Search Miracle) HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser##{825CF5BD-8862-4430-B771-0C15C5CA8DEF} Elevated
EnhanceMySearch HKCR\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3} Elevated
EnhanceMySearch HKCR\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3}\InprocServer32 Elevated
EnhanceMySearch HKLM\Software\Classes\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3} Elevated
EnhanceMySearch HKLM\Software\Classes\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3}\InprocServer32 Elevated
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\Programmable High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32 High
NewDotNet HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\Programmable High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32 High
NewDotNet HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib High
Search3 Toolbar HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser##{4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} Medium
Search3 Toolbar C:\WINDOWS\Downloaded Program Files\search3.dll Medium
Zestyfind (Unknown Hijacker) C:\WINDOWS\Favorites\links\Search the Web.URL Medium
Zestyfind (Unknown Hijacker) C:\WINDOWS\Favorites\links\Web Search.URL Medium
EnhanceMySearch C:\WINDOWS\Helper101.dll Elevated
Prutect C:\WINDOWS\pi1.exe Medium
Common Components for Searchmiracle items C:\WINDOWS\SYSTEM\eliteaxe32.exe Medium
BullsEye.eXact Advertising.Bargain Buddy C:\WINDOWS\SYSTEM\netut80ex.vxd Elevated
AdDestroyer C:\WINDOWS\SYSTEM\PopOops.dll Medium
AdDestroyer C:\WINDOWS\SYSTEM\PopOops2.dll Medium
BrAid/Stlb2 C:\WINDOWS\SYSTEM\stlb2.xml Medium
AdDestroyer C:\WINDOWS\SYSTEM\SWLAD1.dll Medium
AdDestroyer C:\WINDOWS\SYSTEM\SWLAD2.dll Medium
BullsEye.eXact Advertising C:\WINDOWS\SYSTEM\VX0.NLS Elevated
Cydoor C:\WINDOWS\temp\cd_clint.dll Medium
Trojan/Stubby C:\WINDOWS\INF\FARMMEXT.INF Medium
WinTools C:\WINDOWS\Temporary Internet Files\Content.IE5\EVCRSBEV\WToolsD[1].cab Elevated
Elite Sidebar C:\WINDOWS\Temporary Internet Files\Content.IE5\AOS0G3UZ\sideb[2].exe Medium
MediaPass C:\RECYCLED\DC30.DLL High
MediaPass C:\RECYCLED\DC31\MediaPass[1].exe High
MediaPass C:\RECYCLED\DC32.EXE High
NewDotNet C:\RECYCLED\DC33.EXE High
BullsEye.eXact Advertising.Bargain Buddy C:\RECYCLED\DC48.VXD Elevated


Other Sections:
Copyright © 2003-2005. Distributed by PC Tools. Legal Notice
targetone
Active Member
 
Posts: 4
Joined: April 29th, 2005, 3:25 pm

Unread postby Nellie2 » May 3rd, 2005, 4:35 pm

Do you have the W98 set up disk? put it in the CD drive and then go to start > run and type sfc then ok

Windows will search for any missing or corrupt files and replace them.

When you have done that, could you go here

http://www.simplytech.it/ETRemover/

Read the instructions and download and run the Elite Toolbar remover.

I would also like you to download and run both adaware and Spybot

--------------------------------------

Download and Install Ad-Aware SE from here, keeping the default options. However, some of the settings will need to be changed before your first scan

Close ALL windows except Ad-Aware SE

Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT

Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only

Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot

Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check and make Green: Include Module list in logfile


Click on ‘Proceed’ to save the settings.

Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

If Ad-Aware SE finds bad entries in the registry or bad files, you will receive a list of what it found in the window

Save the log file when it asks and then click ‘finish’

REBOOT to complete the removal of what Ad-Aware SE found

-------------------------------------------

Download and Install Spybot S&D from here, accepting the Default Settings

In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.
Close ALL windows except Spybot S&D

Click the button to ‘Search for Updates’ then download and install the Updates.

Next click the button ‘Check for Problems'

When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window

Make certain there is a check mark beside all of the RED entries ONLY.

Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

REBOOT to complete the scan and clear memory.

Then post me a fresh hijack log with an update on how things are now
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

thank you

Unread postby targetone » May 4th, 2005, 11:44 am

Gave the computer back to my friend after I put back winsock 2 by deleting it and unchecking communications dial up and rebooting. This worked to get machine back online. I will be back in town in two weeks and will run the course that you suggested in your post on his machine and let you know how it worked.

Thank you for all of your time and efforts on this, I think it is great that you volunteer your time like this to help people like me. The fact that these malware programs can slow down or damage people's computers like this makes it seem like there should be some legal remedy if there are things being downloaded that people did not request explicitly.

Thanks again for all of your help. I am a former private investigator and if you need any help that I could provide I would like to return the favor.

Mark
targetone
Active Member
 
Posts: 4
Joined: April 29th, 2005, 3:25 pm

Unread postby Nellie2 » May 4th, 2005, 4:13 pm

You are welcome Mark, thanks for the offer and don't forget to give us an update on how things are with your friends machine, I wouldn't normally post the following until I know the machine is clean but perhaps you or your friend would like to have a look at this information in the meantime. After all.. our goal is not just to get you clean but to educate you too.

Please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.

      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  4. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby ChrisRLG » May 20th, 2005, 3:14 pm

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware