PDA

View Full Version : clickspring purityscan:-(



arty21
2007-04-06, 22:11
I seem to be having a problem with clickspring and outerinfo. Windows defender warns me that clickspring is trying to open a new page and asks me to delete this file. I do so but within 5 minutes I get the same message. If i do a full scan with defender I think it removes the problem untill I boot up again. Then its back. I have tried spydoctor with no effect ad-aware6 spybpt s&d spyware blaster but the problem is still there. I have read other threads and asume that you require a hijackthis log which I have attached below.

Hope you can help

Thanks

John

Logfile of HijackThis v1.99.1
Scan saved at 19:42:07, on 06/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\DOBE~1\ping.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\msfeedssync.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\My Documents\??crosoft\wuauboot.exe
C:\Documents and Settings\John\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1792A234-14D6-345C-A749-6CE34DE0F3EE} - C:\WINDOWS\system32\mnpa.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Awas] "C:\PROGRA~1\DOBE~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Iih] "C:\Documents and Settings\John\My Documents\??crosoft\wuauboot.exe" 99001396
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb012AXGB_ZMzeb001YYGB
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.line6.net
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097593749703
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149410434109
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Client IP-IPX - Unknown owner - -e,mc-110-12-0000140, (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

steamwiz
2007-04-06, 22:45
Hi arty21

This is at least part of your clickspring problem, shown in your running processes...

C:\PROGRA~1\DOBE~1\ping.exe

You have a lot of other malware showing in your hijackthis log, while I make a list of what to remove please run this & post a log for me...

Please download Combofix: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.

Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

steam

steamwiz
2007-04-06, 23:00
HI

Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-


R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: (no name) - {1792A234-14D6-345C-A749-6CE34DE0F3EE} - C:\WINDOWS\system32\mnpa.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O4 - HKCU\..\Run: [Awas] "C:\PROGRA~1\DOBE~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Iih] "C:\Documents and Settings\John\My Documents\??crosoft\wuauboot.exe" 99001396


Did you put this in your trusted zone ?

O15 - Trusted Zone: *.line6.net

Site in the trusted zone can download and run anything on your computer without asking you first ... you should only allow sites in here that you trust...

steam

arty21
2007-04-07, 12:11
Hi steam
Thanks for a speedy reply. I have attached a combofix txt file with this reply.
This was taken before any errors where repaired by hijackthis. I then took your instructions, disconnected and fixed the errors with hijackthis as you suggested. I have sent a txt file of this log too.

Reason I did not cut and paste is that the files are too long for the reply box.

Thanks again

John

steamwiz
2007-04-08, 01:02
HI arty21

You forgot the attachments ;)

steam

arty21
2007-04-08, 11:24
:oops: sorry. I thought I had attached them with the manage attachments button. Obviously not. Suprisingly enough I have not had one error report since I worked your last bit of magic, so heres hoping.


I think I have now attached the files. Combofix file had to be split cos it was to big.

Thanks for all your help in resolving a problem Ive had for months.

John

steamwiz
2007-04-09, 00:46
HI

I'd like you to run another program for me please ...

Please Download SUPERantispyware

http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

Load SUPERantispyware and click the check for updates button.

Once the update is finished click the scan your computer button.

Check Perform Complete Scan and then next.

Superantispyware will now scan your computer and when its finished it will list all the infections it has found.

Make sure that they all have a check next to them and press next.

Click finish and you will be taken back to the main interface.

Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.

Copy and paste the log to this thread.

Then please copy & past a new hijackthis log as well...

steam

arty21
2007-04-09, 22:27
Hi steam
Here is the superantispy log and attached is the hijackthis log

Thanks

john



SUPERAntiSpyware Scan Log
Generated 04/09/2007 at 07:23 PM

Application Version : 3.6.1000

Core Rules Database Version : 3215
Trace Rules Database Version: 1225

Scan type : Complete Scan
Total Scan Time : 00:46:52

Memory items scanned : 591
Memory threats detected : 1
Registry items scanned : 7530
Registry threats detected : 45
File items scanned : 51072
File threats detected : 70

Adware.MyGlobalSearchBar
C:\PROGRAM FILES\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR.DLL
C:\PROGRAM FILES\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR.DLL
HKLM\Software\Classes\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\InprocServer32
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\InprocServer32#ThreadingModel
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\Programmable
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\TypeLib
HKCR\TypeLib\{FFBC50F3-043C-11D1-911D-006097C99383}
HKLM\Software\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32#ThreadingModel
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\Programmable
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\TypeLib
HKLM\Software\Classes\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\Control
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32#ThreadingModel
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\MiscStatus
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\MiscStatus\1
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\ProgID
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\Programmable
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\TypeLib
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\Version
HKCR\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{EF281620-A3A3-4f08-874F-D68CFC9B7945}
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\InprocServer32
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\InprocServer32#ThreadingModel
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\ProgID
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\Programmable
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\TypeLib
HKCR\CLSID\{EF281620-A3A3-4F08-874F-D68CFC9B7945}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\0
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\0\win32
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\FLAGS
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\HELPDIR

Adware.Tracking Cookie
C:\Documents and Settings\John\Cookies\john@www.googleadservices[3].txt
C:\Documents and Settings\John\Cookies\john@www.googleadservices[2].txt
C:\Documents and Settings\John\Cookies\john@sitestats.tiscali.co[1].txt
C:\Documents and Settings\Glyn\Cookies\glyn@advertising[2].txt
C:\Documents and Settings\Glyn\Cookies\glyn@atdmt[2].txt
C:\Documents and Settings\Glyn\Cookies\glyn@burstnet[2].txt
C:\Documents and Settings\Glyn\Cookies\glyn@casalemedia[2].txt
C:\Documents and Settings\Glyn\Cookies\glyn@dist.belnk[2].txt
C:\Documents and Settings\Glyn\Cookies\glyn@doubleclick[2].txt
C:\Documents and Settings\Glyn\Cookies\glyn@fastclick[2].txt
C:\Documents and Settings\Glyn\Cookies\glyn@mywebsearch[1].txt
C:\Documents and Settings\Glyn\Cookies\glyn@servedby.advertising[1].txt
C:\Documents and Settings\Glyn\Cookies\glyn@tribalfusion[1].txt
C:\Documents and Settings\Glyn\Cookies\glyn@valueclick[1].txt
C:\Documents and Settings\Glyn\Cookies\glyn@www.burstbeacon[1].txt

Adware.ClickSpring/Outer Info Network
C:\Documents and Settings\John\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\John\Start Menu\Programs\Outerinfo

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\JOHN\DESKTOP\HIJACKTHIS\BACKUPS\BACKUP-20070407-092115-770.DLL
C:\PROGRAM FILES\WINAVI VIDEOCONVERTER\KEYGEN.NFO
C:\DOCUMENTS AND SETTINGS\JOHN\RECENT\KEYGEN.NFO.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP874\A0184829.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP883\A0189389.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP884\A0189890.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP885\A0191388.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP885\A0191601.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP892\A0193002.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP897\A0193148.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP900\A0193285.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP901\A0193312.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP908\A0193478.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP909\A0193590.DLL

Adware.ClickSpring
C:\DOCUMENTS AND SETTINGS\JOHN\MY DOCUMENTS\CROSOF~1\WUAUBOOT.EXE
C:\QOOBOX\PURITY\PROGRAM FILES\DOBE~1\PING.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP844\A0182334.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP852\A0182640.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\WINDOWS\SYSTEM32\WTSCC.EXE.VIR
C:\QOOBOX\QUARANTINE\WINDOWS\SYSTEM32\WTSSVCC.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP843\A0182323.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP844\A0182337.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP846\A0182405.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP852\A0182634.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP852\A0182642.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP860\A0183227.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP861\A0183296.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP864\A0184423.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP865\A0184469.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP867\A0184571.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP868\A0184601.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP874\A0184830.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP883\A0189388.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP884\A0189889.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP885\A0191387.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP885\A0191602.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP892\A0193005.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP897\A0193151.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP900\A0193269.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP901\A0193315.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP908\A0193450.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP909\A0193537.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP909\A0193538.EXE
C:\WINDOWS\SYSTEM32\LO.EXE
C:\WINDOWS\SYSTEM32\LOG.EXE

Trojan.Freeprod
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP843\A0182313.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP846\A0182401.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP850\A0182551.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP852\A0182572.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP854\A0183129.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP855\A0183178.EXE
C:\WINDOWS\SYSTEM32\INSTALL.EXE

steamwiz
2007-04-09, 23:15
HI

That looks a lot better... :)

You can now delete the C:\QOOBOX folder

then please run SUPERantispyware again & Copy and paste the log to this thread...

Your hijackthis log is clean, I don't need to see another one of those...

steam

arty21
2007-04-10, 22:48
Hi steam.

Have scanned the system with superantispyware and I had 6 threats but all seem to be in system restore files. Posted below is a very short log of the proceedings. And what a difference in my machine. Thanks very much for your help. I'm most impressed with the service and your knowledge. If carlsberg made antispy forums, They couldnt improve on this one.:laugh:

Thanks

John

SUPERAntiSpyware Scan Log
Generated 04/10/2007 at 06:13 PM

Application Version : 3.6.1000

Core Rules Database Version : 3215
Trace Rules Database Version: 1225

Scan type : Complete Scan
Total Scan Time : 00:51:27

Memory items scanned : 496
Memory threats detected : 0
Registry items scanned : 7526
Registry threats detected : 0
File items scanned : 50968
File threats detected : 6

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP912\A0193764.DLL

Adware.ClickSpring
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP912\A0193767.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP912\A0193768.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP912\A0193769.EXE

Trojan.Freeprod
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP912\A0193770.EXE

Adware.MyGlobalSearchBar
C:\SYSTEM VOLUME INFORMATION\_RESTORE{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP912\A0193775.DLL

steamwiz
2007-04-11, 00:14
HI

Now that your computer is clean it's a good idea to purge your system restore (going back to a saved restore point could put all the infections you had back)

This will clear all your infected restore points...

Turn off (Disable) System Restore in XP :-

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

Then...

Turn on (enable) System Restore :-

Follow the same procedure, but this time uncheck Turn off System Restore

if you have any problem with this... here's a link to instructions :-


Disabling or enabling Windows XP System Restore >

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

steam