Help - Search - Members - Calendar
Full Version: Help! Netsearchsoft - my log
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
mrbiffo
May 5 2004, 01:56 PM
Like everyone, I've been stuffed by netsearchsoft.com. If anyone can help with this, I'd be hugely grateful. My email address is * EDITED BY FATSGORDON TO AVOID FURTHER PROBLEMS *.

Many thanks.

Logfile of HijackThis v1.97.7
Scan saved at 11:05:25, on 05/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\CPLDBL10.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\sysupd.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\TransModePure\ANTEWMA.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Program Files\AOL 8.0a\aoltray.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\AOL 8.0a\waol.exe
C:\Program Files\AOL 8.0a\shellmon.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PAUL~1.PAU\LOCALS~1\Temp\Rar$EX04.094\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://netsearchsoft.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://netsearchsoft.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netsearchsoft.com/passthrough/in...oogle.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://netsearchsoft.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://netsearchsoft.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL (file missing)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\DOCUME~1\PAUL~1.PAU\LOCALS~1\Temp\WToolsB.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TEAM LOAD] C:\PROGRA~1\TransModePure\ANTEWMA.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0a\aoltray.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...tor/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mci...insctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200...taller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me...Client.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcg...cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{499A9374-DD93-496E-8AC1-2CE13776C821}: NameServer = 217.35.209.180 194.74.65.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E326849-FCC4-4F32-9A7B-A9307E3DFFF5}: NameServer = 205.188.146.146

Emails addys are edited because spammers happen to browse sites in search of emails. It's a good practice to keep your email addy private.
FatsGordon
May 5 2004, 06:48 PM
Hi mrbiffo, and welcome to the forum!

Please download and run Ad-aware. You can find links to downloading Ad-aware in my signature. Once downloaded and installed, please press the World icon and update it (as for today, the reference file is 01R302). It is VERY important that you update it, because it comes with a default (and old) reference file.

Then go to Settings (the gear icon at the top) and then *Scanning* and checkmark these items so they will be green:

Scan within archives
Scan my IE Favorites for banned URLS
Scan my hosts file

Then click *proceed* to save settings.

Click on *Tweak* next. And checkmark to make this green also:

Automatically try to unregister objects prior to deletion

Click on *proceed*

Next, from the main screen, click on *Start* (lower righthand corner) and put a dot in the box next to *use Custom scanning options*, then click *Next* to start your scan.

Checkmark any items found after scanning to remove (this will actually put them in quarantine and can recover from backup if any should not be removed).

Reboot your PC after cleaning with Adaware and scan again. Repeat the process until no further items are found as bad.

HTH :thumb:
FatsGordon
May 5 2004, 07:04 PM
And also please make sure to visit at least two of the following online antivirus scanners:

http://housecall.antivirus.com/

http://www.pandasoftware.es/activescan/activescan-com.asp

http://security.symantec.com/

You may find something there. If you do, have the AV deleted them.

After all this, please reboot (always) and post a fresh HT log.

Thank you!
mrbiffo
May 6 2004, 11:27 AM
Thanks for the advice.

Well... have done all that you suggest, and Ad-Aware is no longer coming up with any potentially nasty files. However, Netsearchsoft.com is STILL popping up whenever I open Internet Explorer. How do I get rid of this thing?

Would appreciate any further help. Here's my new log:


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :06 May 2004 11:55:18
Created with Ad-aware Personal, free for private use.
Using reference-file :01R302 03.05.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file


06-05-2004 11:55:18 - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 06-05-2004 10:49:12
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 06-05-2004 10:49:16
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-05-2004 10:49:17
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 27/08/2003 16:39:20
Last accessed : 06/05/2004 10:18:03
Last modified : 29/08/2002 13:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-05-2004 10:49:17
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 27/08/2003 16:39:02
Last accessed : 06/05/2004 10:18:03
Last modified : 29/08/2002 13:00:00

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-05-2004 10:49:17
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 27/08/2003 16:39:24
Last accessed : 06/05/2004 10:18:03
Last modified : 29/08/2002 13:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-05-2004 10:49:17
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 27/08/2003 16:39:24
Last accessed : 06/05/2004 10:18:03
Last modified : 29/08/2002 13:00:00

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 06-05-2004 10:49:19
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 27/08/2003 16:38:55
Last accessed : 06/05/2004 10:52:44
Last modified : 29/08/2002 13:00:00

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-05-2004 10:49:19
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 27/08/2003 16:39:23
Last accessed : 06/05/2004 10:18:03
Last modified : 29/08/2002 13:00:00

#:9 [ceepwrsvc.exe]
FilePath : C:\Program Files\TOSHIBA\Power Management\
ThreadCreationTime : 06-05-2004 10:49:19
BasePriority : Normal
FileSize : 72 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2003 Compal Electronic Inc.
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : CeEPwrSvc Module
InternalName : CeEPwrSvc
OriginalFilename : CeEPwrSvc.EXE
ProductName : CeEPwrSvc Module
Created on : 11/07/2003 11:18:46
Last accessed : 06/05/2004 10:18:03
Last modified : 11/07/2003 11:18:46

#:10 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 06-05-2004 10:49:19
BasePriority : Normal
FileSize : 104 KB
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
OriginalFilename : mcvsrte.exe
ProductName : McAfee VirusScan
Created on : 11/04/2004 13:05:12
Last accessed : 06/05/2004 10:18:09
Last modified : 08/08/2003 17:04:38

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-05-2004 10:49:20
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 27/08/2003 16:39:24
Last accessed : 06/05/2004 10:18:03
Last modified : 29/08/2002 13:00:00

#:12 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 06-05-2004 10:49:20
BasePriority : Normal
FileSize : 64 KB
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
OriginalFilename : WanMPSvc.exe
ProductName : America Online
Created on : 17/02/2004 17:38:42
Last accessed : 06/05/2004 10:18:04
Last modified : 13/05/2003 11:57:46

#:13 [mcvsshld.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 06-05-2004 10:49:21
BasePriority : Normal
FileSize : 160 KB
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
OriginalFilename : mcvsshld.exe
ProductName : McAfee VirusScan
Created on : 11/04/2004 13:05:12
Last accessed : 06/05/2004 10:53:07
Last modified : 17/08/2003 20:50:34

#:14 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ThreadCreationTime : 06-05-2004 10:49:21
BasePriority : Normal
FileSize : 404 KB
FileVersion : 8, 0, 0, 20
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
OriginalFilename : mcvsescn.EXE
ProductName : McAfee VirusScan
Created on : 11/04/2004 13:05:23
Last accessed : 06/05/2004 10:18:04
Last modified : 28/09/2003 12:47:00

#:15 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 06-05-2004 10:49:23
BasePriority : High
FileSize : 220 KB
Created on : 11/04/2004 13:05:08
Last accessed : 06/05/2004 10:18:09
Last modified : 13/03/2002 07:50:34

#:16 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-05-2004 10:52:37
BasePriority : Normal
FileSize : 152 KB
FileVersion : 3.0.0.2172
ProductVersion : 7.0.0.2172
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
OriginalFilename : IGFXTRAY.EXE
ProductName : Intel® Common User Interface
Created on : 27/08/2003 09:16:40
Last accessed : 06/05/2004 10:51:06
Last modified : 29/05/2003 15:26:48

#:17 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-05-2004 10:52:38
BasePriority : Normal
FileSize : 112 KB
FileVersion : 3.0.0.2172
ProductVersion : 7.0.0.2172
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel® Common User Interface
Created on : 27/08/2003 09:16:40
Last accessed : 06/05/2004 10:52:38
Last modified : 29/05/2003 15:14:24

#:18 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ThreadCreationTime : 06-05-2004 10:52:41
BasePriority : Normal
FileSize : 148 KB
FileVersion : 5.3.10.166
ProductVersion : 5.3.10.166
Copyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
OriginalFilename : Apoint.exe
ProductName : Alps Pointing-device Driver
Created on : 27/08/2003 10:15:56
Last accessed : 06/05/2004 10:52:41
Last modified : 18/06/2003 12:44:06

#:19 [cepmtray.exe]
FilePath : C:\Program Files\TOSHIBA\Power Management\
ThreadCreationTime : 06-05-2004 10:52:43
BasePriority : Normal
FileSize : 132 KB
FileVersion : 1, 0, 0, 26
ProductVersion : 1, 0, 0, 26
Copyright : Copyright 2003 Compal Electronic Inc.
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : CeTray MFC Application
InternalName : CeTray
OriginalFilename : CeTray.EXE
ProductName : CeTray Application
Created on : 23/07/2003 17:03:58
Last accessed : 06/05/2004 10:52:42
Last modified : 23/07/2003 17:03:58

#:20 [cpldbl10.exe]
FilePath : C:\Program Files\EzButton\
ThreadCreationTime : 06-05-2004 10:52:49
BasePriority : Normal
FileSize : 200 KB
FileVersion : 1.53
ProductVersion : 1.53
Copyright : Copyright
CompanyName : Dritek System Inc.
FileDescription : Compal BTS88 Easy Button ( Multi-Language )
InternalName : CPLBTS88
OriginalFilename : CPLBTS88.exe
ProductName : Dritek System Inc. CPLBTS88 12.25.2002 ( VC60 )
Created on : 03/07/2003 18:34:44
Last accessed : 06/05/2004 10:52:49
Last modified : 03/07/2003 18:34:44

#:21 [ceekey.exe]
FilePath : C:\Program Files\TOSHIBA\E-KEY\
ThreadCreationTime : 06-05-2004 10:52:51
BasePriority : Normal
FileSize : 624 KB
FileVersion : 2, 0, 0, 18
ProductVersion : 2, 0, 0, 18
Copyright : Copyright 2003 Compal Electronic Inc.
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TOSHIBA HotKey Utility
InternalName : E_Key
OriginalFilename : CeEKey.EXE
ProductName : EKey Application
Created on : 29/07/2003 15:19:48
Last accessed : 06/05/2004 10:52:51
Last modified : 29/07/2003 15:19:48

#:22 [tptray.exe]
FilePath : C:\Program Files\TOSHIBA\TouchPad\
ThreadCreationTime : 06-05-2004 10:52:52
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1, 0, 0, 11
ProductVersion : 1, 0, 0, 11
Copyright : Copyright 2002 Compal Electronic Inc.
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TPTray Application
InternalName : TPTray
OriginalFilename : TPTray.EXE
ProductName : TPTray Application
Created on : 18/07/2003 14:24:08
Last accessed : 06/05/2004 10:52:52
Last modified : 18/07/2003 14:24:08

#:23 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ThreadCreationTime : 06-05-2004 10:52:53
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
Copyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
OriginalFilename : ApntEx.exe
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
Created on : 27/08/2003 10:15:56
Last accessed : 06/05/2004 10:52:53
Last modified : 26/02/2003 08:08:42

#:24 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ThreadCreationTime : 06-05-2004 10:52:53
BasePriority : Normal
FileSize : 25 KB
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
OriginalFilename : REALPLAY.EXE
ProductName : RealPlayer (32-bit)
Created on : 17/02/2004 17:37:51
Last accessed : 06/05/2004 10:53:05
Last modified : 17/02/2004 17:37:51

#:25 [p2p networking.exe]
FilePath : C:\WINDOWS\System32\P2P Networking\
ThreadCreationTime : 06-05-2004 10:52:55
BasePriority : Normal
FileSize : 457 KB
FileVersion : 1, 24, 0, 91
ProductVersion : 1, 24, 0, 91
Copyright : Copyright
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
OriginalFilename : P2P Networking.exe
ProductName : P2P Networking
Created on : 17/02/2004 17:57:11
Last accessed : 06/05/2004 10:52:55
Last modified : 17/02/2004 17:57:09

#:26 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 06-05-2004 10:52:57
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.4
ProductVersion : QuickTime 6.4
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 18/02/2004 11:24:51
Last accessed : 06/05/2004 10:52:57
Last modified : 18/02/2004 11:24:51

#:27 [gsicon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-05-2004 10:52:58
BasePriority : Normal
FileSize : 88 KB
FileVersion : 3.1.1
ProductVersion : 3.1.1
Copyright : Copyright
CompanyName : BT, Inc.
FileDescription : DSL Modem Monitor
InternalName : GSICON.EXE
OriginalFilename : GSICON.EXE
ProductName : BT Voyager ADSL Modem
Created on : 09/03/2004 00:00:33
Last accessed : 06/05/2004 10:52:58
Last modified : 24/04/2002 19:04:24

#:28 [dslagent.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 06-05-2004 10:52:59
BasePriority : Normal
FileSize : 16 KB
Created on : 09/03/2004 00:00:32
Last accessed : 06/05/2004 10:52:58
Last modified : 02/05/2002 13:45:42

#:29 [opware32.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE\
ThreadCreationTime : 06-05-2004 10:53:03
BasePriority : Normal
FileSize : 48 KB
FileVersion : 11.0
ProductVersion : 11.0
Copyright : Copyright
CompanyName : ScanSoft, Inc
FileDescription : OCR Aware (32-bit)
InternalName : Opware32.exe
OriginalFilename : Opware32.exe
ProductName : OmniPage SE
Created on : 03/06/2002 11:38:12
Last accessed : 06/05/2004 10:53:02
Last modified : 03/06/2002 11:38:12

#:30 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ThreadCreationTime : 06-05-2004 10:53:09
BasePriority : Normal
FileSize : 240 KB
FileVersion : 4, 3, 0, 27
ProductVersion : 4, 3, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
OriginalFilename : mcagent.exe
ProductName : McAfee SecurityCenter
Created on : 11/04/2004 13:04:50
Last accessed : 06/05/2004 10:53:09
Last modified : 08/12/2003 14:38:52

#:31 [antewma.exe]
FilePath : C:\PROGRA~1\TransModePure\
ThreadCreationTime : 06-05-2004 10:53:14
BasePriority : Normal
FileSize : 228 KB
Created on : 19/04/2004 08:16:06
Last accessed : 06/05/2004 10:53:14
Last modified : 19/04/2004 08:16:03

#:32 [wtoolsa.exe]
FilePath : C:\Program Files\Common files\WinTools\
ThreadCreationTime : 06-05-2004 10:53:18
BasePriority : Normal
FileSize : 429 KB
Created on : 01/05/2004 11:20:15
Last accessed : 06/05/2004 10:53:33
Last modified : 30/04/2004 09:50:50

#:33 [popups~1.exe]
FilePath : C:\PROGRA~1\PANICW~1\POP-UP~1\
ThreadCreationTime : 06-05-2004 10:53:21
BasePriority : Normal
FileSize : 496 KB
FileVersion : 1, 60, 0, 1002
ProductVersion : 1, 60, 0, 1002
Copyright : Copyright © 2002-2004
CompanyName : Panicware, Inc.
FileDescription : Pop-Up Stopper Professional
InternalName : Pop-Up Stopper Professional
OriginalFilename : PSProfessional.exe
ProductName : Pop-Up Stopper Professional

#:34 [wtoolss.exe]
FilePath : C:\Program Files\Common files\WinTools\
ThreadCreationTime : 06-05-2004 10:53:30
BasePriority : Normal
FileSize : 75 KB
Created on : 01/05/2004 11:20:22
Last accessed : 06/05/2004 10:53:33
Last modified : 20/04/2004 23:49:18

#:35 [aoltray.exe]
FilePath : C:\Program Files\AOL 8.0a\
ThreadCreationTime : 06-05-2004 10:53:32
BasePriority : Normal
FileSize : 36 KB
FileVersion : 8.00.000
ProductVersion : 8.00.000
Copyright : Copyright © America Online, Inc. 1999 - 2003
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
ProductName : America Online
Created on : 17/02/2004 17:37:24
Last accessed : 06/05/2004 10:53:32
Last modified : 13/05/2003 11:54:52

#:36 [wsup.exe]
FilePath : C:\Program Files\Common files\WinTools\
ThreadCreationTime : 06-05-2004 10:53:33
BasePriority : Normal
FileSize : 429 KB
Created on : 01/05/2004 11:20:18
Last accessed : 06/05/2004 10:53:36
Last modified : 30/04/2004 09:50:50

#:37 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 06-05-2004 10:54:16
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 27/08/2003 08:50:39
Last accessed : 06/05/2004 10:54:22
Last modified : 29/08/2002 13:00:00

#:38 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 06-05-2004 10:54:45
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 04/05/2004 20:51:51
Last accessed : 06/05/2004 10:54:45
Last modified : 12/07/2003 20:00:20

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Disk scan result for C:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
1 entries scanned.
New objects :0
Objects found so far: 0



12:24:18 Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:29:00:78
Objects scanned :383191
Objects identified :0
Objects ignored :0
New objects :0
mrbiffo
May 6 2004, 02:37 PM
Apologies; here's my second HiJackThis log, following my second AdAware scan.

Please help!!!

Logfile of HijackThis v1.97.7
Scan saved at 15:37:00, on 06/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\CPLDBL10.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\TransModePure\ANTEWMA.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\AOL 8.0a\aoltray.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 8.0a\waol.exe
C:\Program Files\AOL 8.0a\shellmon.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paul.PAUL\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://netsearchsoft.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://netsearchsoft.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netsearchsoft.com/passthrough/index...www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://netsearchsoft.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://netsearchsoft.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL (file missing)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\DOCUME~1\PAUL~1.PAU\LOCALS~1\Temp\WToolsB.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TEAM LOAD] C:\PROGRA~1\TransModePure\ANTEWMA.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0a\aoltray.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...81/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200401...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{499A9374-DD93-496E-8AC1-2CE13776C821}: NameServer = 217.35.209.180 194.74.65.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E326849-FCC4-4F32-9A7B-A9307E3DFFF5}: NameServer = 205.188.146.146
FatsGordon
May 6 2004, 06:59 PM
Hi again,

Please locate and submit the following files for us by using the Submission System in my signature. You can do the following: once located, place the files in a new folder in the desktop, then zip ALL files together in an only zip file, then submit it by filling in the form and pressing Browse to locate the .zip file:

C:\PROGRA~1\TransModePure\ANTEWMA.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\DOCUME~1\PAUL~1.PAU\LOCALS~1\Temp\WToolsB.dll
C:\Program Files\Common files\updmgr\updmgr.exe
RunDll16.exe


Then place your HT copy in a folder of its own (the .exe file), and NOT in a temp folder and don't run it from the inside of the .zip file, because it will affect the backup of files.

Close all programs and browser windows and open HT. Press Scan and place a check mark in each of the following entries (and ONLY in them):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://netsearchsoft.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://netsearchsoft.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netsearchsoft.com/passthrough/index...www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://netsearchsoft.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://netsearchsoft.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://netsearchsoft.com/searchbar.html
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL (file missing)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\DOCUME~1\PAUL~1.PAU\LOCALS~1\Temp\WToolsB.dll
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [TEAM LOAD] C:\PROGRA~1\TransModePure\ANTEWMA.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe

Also if you don't recognize the IP or IP ranges of the following, I would suggest fixing them. I did a Google on them and couldn't obtain anything neither good nor bad...

O17 - HKLM\System\CCS\Services\Tcpip\..\{499A9374-DD93-496E-8AC1-2CE13776C821}: NameServer = 217.35.209.180 194.74.65.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E326849-FCC4-4F32-9A7B-A9307E3DFFF5}: NameServer = 205.188.146.146

And this is optional:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Press Fix checked, close HT and reboot in Safe mode AFTER you submitted those files. (F8 is Safe mode)

In Safe mode go find EVERY file of that list you submitted and delete it. In the case of WinTools delete the complete folder starting from WinTools (please DO NOT erase the Common files folder!). Once deleted ALL files reboot and post a fresh HT log.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.