need help please

mymaxxy, your running HijackThis from a temporary folder. Please go to Add/Remove Programs and uninstall HijackThis. Then, download the zip file again to the desktop. Create a folder in C: named HjT. Extract the HijackThis.exe to the created folder. Run a new scan and save a new log. I don't see that you have Myzor so please make a new thread pertaining to your problems to avoid confusion.



sorry sound stupid but can please tell me how to do the above.how do i get to download to desktop.puling my hair out here with frustration.
thanks

 

Sorry.

HijackThis <--click the link and download it to the desktop.

lol, that one isn't working. Just click any HijackThis name with the blue hyper link.

 

hope done right lol


Logfile of HijackThis v1.99.1
Scan saved at 11:30:31 AM, on 9/24/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE APPLICATIONS\RESIDENCE.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE MENU\SONYTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPROXY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS_V1.99.1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.westnet.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Westnet Internet Services
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm414YYAU
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {4029B52D-5935-46B6-94F2-AB702CBE6646} (CAddressBook Object) - http://www.fillmycloset.co.uk/FAddressBook.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab

 

Yes, thank you.

Go here and download the trail version of Ewdio.
Install and update.
Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu).
Open Ewdio and click Scanner.
Run a Complete system scan.
When it finishes, set all items to quarantine and click "Apply all actions."
Then click "Save Report".(save to desktop, you will need it)
Close Ewdio.
Restart in normal mode.

Run a scan only with HijackThis, check the box beside each of these.

[bold]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)

O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZNxdm414YYAU

O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab [/bold]

Close all windows except HijackThis and click Fix checked.
Reopen HijackThis.
Click on Open the Misc Tools section.
Click on Open uninstall manager.
Press the Save list button. It will open a Notepad file.
Save the list to the desktop.
Run a new scan with HijackThis and save a new log.

Post the HijackThis log, HijackThis uninstall list and the Ewdio report.

 

i only have windows 98 so wont let me download that program.

 

That's ok, sorry about that. I seen you had 98 but I forgot. Just continue with rest of instructions.

 

Logfile of HijackThis v1.99.1
Scan saved at 1:07:44 PM, on 9/24/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE APPLICATIONS\RESIDENCE.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE MENU\SONYTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPROXY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS_V1.99.1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.westnet.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Westnet Internet Services
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {4029B52D-5935-46B6-94F2-AB702CBE6646} (CAddressBook Object) - http://www.fillmycloset.co.uk/FAddressBook.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab

 

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe SVG Viewer 3.0
Alcatel SpeedTouch USB Software
Art Explosion Greeting Card Factory
Art Explosion Scrapbook Factory Deluxe
CCleaner (remove only)
CleanUp!
Delete Windows 98 Second Edition uninstall information
Hallmark Card Studio 2 Standard
HijackThis 1.99.1
Hoyle Mahjong Tiles
HP Photo and Imaging 1.0 - PSC 2000 Series
hp psc 2100 series
ICatch (VI) PC Camera
IncrediMail Xe
Internet Explorer Q916281
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Digital Image Pro 7.0
Microsoft Office 97, Professional Edition
Microsoft Outlook Express 6
Microsoft VGX Q833989
Microsoft Windows 98 Starts Here
Microsoft Windows Critical Update Notification
Microsoft XML Parser and SDK
MSN Messenger 7.0
Nero - Burning ROM
Outlook Express Q837009
Pattern Maker Viewer - v4
Picasa 2
Picture Package
QuickTime
SiS 650
SiS Audio Driver
Sony USB Driver
Trend Micro PC-cillin Internet Security 2005
Uninstall Windows 98 Second Edition
USB FLASH DRIVE 2.0
USB MassStorage CardReader
Windows 98 KB891711 Update
Windows 98 KB896358 Update
Windows 98 KB908519 Update
Windows 98 KB918547 Update
Windows 98 Q823559 Update
Windows 98 Q888113 Update
Windows Media Player system update (9 Series)
WinZip
WinZip Self-Extractor

 

Ok, good. Your log is clean. What problems are you having, if any?

Go here and run ActiveScan. When it finishes, save the results and post them here.

 

Real-time Scan
Trend Micro PC-cillin Internet Security has detected a virus, spyware application, or other Internet threat, and performed the action specified.

Infected file: C:\WINDOWS\DOWNLOADED PROGRAM FILES\HBINSTIE.DLL
Virus name: ADW_HOTBAR.Q
User name: Kylie H
Scan action result: Denied Access.


this keeps coming up.i have been unable find it and delete it.

 

Incident Status Location

Adware:Adware/Block-checker Not disinfected C:\WINDOWS\SYSTEM\navshext1.dll
Adware:adware/block-checker Not disinfected C:\WINDOWS\SYSTEM\ustart.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_98.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_14.exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\BEJEWELEDSETUP-DM[1].EXE
Adware:Adware/Trymedia

 

Go here and download Spybot Search and Destroy. When installing click Check for update immediately.

After installing Spybot will open, click Search for Updates.
After update click Scan for problems.
When it finishes, click Fix Problems.
The log will go here: C:\Windows\Application Data\Spybot - Search & Destroy\Logs
It's name will be Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm, if you have both just post the Fixes.

 

Incident Status Location

Adware:adware/block-checker Not disinfected c:\windows\system\ustart.exe
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Adware:adware/msxmidi Not disinfected c:\windows\msxmidi.exe
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall6_98.exe
Adware:adware/ncase Not disinfected c:\program files\180Search Assistant
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Adware:Adware/Block-checker Not disinfected C:\WINDOWS\SYSTEM\navshext1.dll
Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Cookies\kylie h@serving-sys[1].txt
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_14.exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\BEJEWELEDSETUP-DM[1].EXE
Adware:Adware/Trymedia Not disinfected C:\Downloads\YAHTZEE_SETUP-DM[1].EXE
2nd scan

 

--- Report generated: 2006-03-12 23:50 ---

FunWebProducts: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}

FunWebProducts: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

FunWebProducts: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}

FunWebProducts: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}

FunWebProducts: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}

FunWebProducts: Settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}

FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistoryKillerScheduler

FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistoryKillerScheduler.1

FunWebProducts: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}

FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistorySwatterControlBar

FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistorySwatterControlBar.1

FunWebProducts: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}

FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.IECookiesManager

FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.IECookiesManager.1

FunWebProducts: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}

FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.KillerObjManager

FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.KillerObjManager.1

FunWebProducts: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}

FunWebProducts: Program directory (Directory, fixed)
C:\Program Files\FunWebProducts\

FunWebProducts: Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\Fun Web Products

eAcceleration: Library (File, fixed)
C:\WINDOWS\SYSTEM\sporder.dll

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}

Hotbar: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}

Hotbar: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools

Hotbar: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

Hotbar: IE toolbar (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Hotbar: Program directory (Directory, fixed)
C:\WINDOWS\Application Data\HbTools\v3.0\

Hotbar: Program directory (Directory, fixed)
C:\Program Files\HbTools\

Hotbar: Program directory (Directory, fixed)
C:\Program Files\HbTools\bin\

Hotbar: Program directory (Directory, fixed)
C:\Program Files\HbTools_Icons\

Hotbar: Program directory (Directory, fixed)
C:\Program Files\ShopperReports\

Hotbar: Program directory (Directory, fixed)
C:\Program Files\ShopperReports\Bin\

Hotbar: Program directory (Directory, fixed)
C:\Program Files\ShopperReports\Bin\1.0.8.0\

Hotbar: Data (File, fixed)
C:\WINDOWS\Downloaded Program Files\HbTools.inf

MyWay.MyWebSearch: Browser helper object (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\MyWebSearch

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}

MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.OutlookAddin

MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.OutlookAddin.1

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}

MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.SettingsPlugin

MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\ScreenSaverControl.ScreenSaverInstaller

MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\ScreenSaverControl.ScreenSaverInstaller.1

MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}

MyWay.MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}

MyWay.MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}

MyWay.MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}

MyWay.MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}

MyWay.MyWebSearch: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\FocusInteractive

MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin

MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin

MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}

MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\MyWebSearch

MyWay.MyWebSearch: Program directory (Directory, fixing failed)
C:\Program Files\MyWebSearch\

MyWay.MyWebSearch: Link (File, fixed)
C:\WINDOWS\Start Menu\Programs\StartUp\MyWebSearch Email Plugin.lnk

MyWay.MyWebSearch: Program file (File, fixed)
C:\WINDOWS\SYSTEM\Popular Screensavers.scr

MyWay.MyWebSearch: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: Library (File, fixed)
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

MyWay.MyWebSearch: Library (File, fixed)
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

NewDotNet: Executable (File, nothing done)
C:\WINDOWS\NDNuninstall6_38.exe

NewDotNet: Executable (File, fixed)
C:\WINDOWS\NDNuninstall6_90.exe

NewDotNet: <$WINSOCK> (Winsock, fixed)


NewDotNet: Program directory (Directory, fixing failed)
C:\Program Files\NewDotNet\

NewDotNet: User settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\new.net

Alexa Related: Link (Replace file, fixed)
C:\WINDOWS\Web\RELATED.HTM

FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu

FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu.2

FunWeb: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu.1

FunWeb: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterBarButton

FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterBarButton.1

FunWeb: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}

FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterSettingsControl

FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1

FunWeb: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

FunWeb: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}

FunWeb: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

FunWeb: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Fun Web Products

FunWeb: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\FunWebProducts

FunWeb: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts

webHancer: <$WINSOCK> (Winsock, fixed)


webHancer: System file (File, fixed)
C:\WINDOWS\webhdll.dll

webHancer: Program directory (Directory, fixing failed)
C:\Program Files\webHancer\

MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}

MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}

MyWebSearch: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers

Hotbar: Interface (IHbStats) (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}

Hotbar: Interface (IHbMapiAddrBook) (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}

Avenue A, Inc.: Tracking cookie (Internet Explorer: Kylie H) (Cookie, fixed)


DoubleClick: Tracking cookie (Internet Explorer: Kylie H) (Cookie, fixed)


FastClick: Tracking cookie (Internet Explorer: Kylie H) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Kylie H) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: Kylie H) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2006-03-12 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 SDHELPER.DLL (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-10 Includes\Cookies.sbi (*)
2006-03-10 Includes\Dialer.sbi (*)
2006-03-10 Includes\Hijackers.sbi (*)
2006-03-10 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-03-10 Includes\Malware.sbi (*)
2006-03-10 Includes\PUPS.sbi (*)
2006-03-10 Includes\Revision.sbi (*)
2006-03-10 Includes\Security.sbi (*)
2006-03-10 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-10 Includes\Trojans.sbi (*)

 

Just seen the Spybot log. Edited all these directions until I can review the log.

Ok, more infection that I thought.

Find these folder and delete them.

[bold]C:\Program Files\MyWebSearch\
C:\Program Files\180Search Assistant[/bold]

Go here and download KillBox.

Note: you may want to print these instructions or copy to Notepad, you will be in safe mode and can't access the internet.

Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines [bold]one at a time[/bold]. Then click the red X button after you enter each file.
You will be prompted to confirm, click Yes.

Note: KillBox may prompt "File does not seem to exist". If so, continue with next file. Please do not miss any.

[bold]C:\WINDOWS\SYSTEM\navshext1.dll
C:\WINDOWS\SYSTEM\ustart.exe
c:\windows\msxmidi.exe
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\NDNuninstall7_14.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\HBINSTIE.DLL
C:\Downloads\BEJEWELEDSETUP-DM[1].EXE[/bold] ONLY if you didn't download.
[bold]C:\Downloads\YAHTZEE_SETUP-DM[1].EXE[/bold] ONLY if you didn't download.

Go here and download CCleaner. Install and run both the cleaner and the issues fix(when prompted to backup registry click Yes. I recommend you keep CCleaner because it is a great Windows cleaning tool.

And lastly, run ActiveScan again. Hopefully it will come out clean, but if not, post the results.

Post a new HijackThis log even if ActiveScan doesn't find anything.

 

Logfile of HijackThis v1.99.1
Scan saved at 7:25:37 PM, on 9/24/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE MENU\SONYTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPROXY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS_V1.99.1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.westnet.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Westnet Internet Services
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {4029B52D-5935-46B6-94F2-AB702CBE6646} (CAddressBook Object) - http://www.fillmycloset.co.uk/FAddressBook.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

 

Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Adware:Adware/Block-checker Not disinfected C:\!KillBox\navshext1.dll
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall6_98.exe
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall7_14.exe
Adware:Adware/Trymedia Not disinfected C:\!KillBox\BEJEWELEDSETUP-DM[1].EXE
Adware:Adware/Trymedia

 

Edit: was typing while you posted the ActiveScan results.

 

this is active scan


Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Adware:Adware/Block-checker Not disinfected C:\!KillBox\navshext1.dll
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall6_98.exe
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall7_14.exe
Adware:Adware/Trymedia Not disinfected C:\!KillBox\BEJEWELEDSETUP-DM[1].EXE
Adware:Adware/Trymedia

 

Yeah, there was a pause between posting them. I was editing my post after I seen it.

Delete the KillBox backups and log folder located here: C:\!KillBox.

Look here c:\windows\downloaded program files for f3initialsetup1.0.0.15.inf when found, delete it. If access denied open KillBox(normal mode is fine) and paste this [bold]c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf[/bold] and click the red x. Tell me if you or KillBox was able to delete it.

Click Start > Run > type regedit and press enter. Click File > Export and save it.

Expand HKEY_CLASSES_ROOT. Find CLSID and expand it. Find {9AFB8248-617F-460d-9366-D71CDEDA3179} and delte it.

Click Start > Search. Search all files and folder in C:\ for "trymedia" without the "". If the folder is found delete it.

Your clean after that.

Edit: missed the inf file.