Can't get rid of homepage "best safetyguide.net"

Discussion in 'Windows Desktop Systems' started by greenvillemhunt, Jun 20, 2006.

  1. greenvillemhunt

    greenvillemhunt OSNN One Post Wonder

    Messages:
    2
    Ran the SmitFraud fix and other scans in safe mode - no more pop-ups, but the homepage remains.

    Any suggestions?

    Here's the latest ewido log (HJT and SmitFraud attached):


    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:43:21 AM 6/20/2006

    + Scan result:

    C:\WINDOWS\system32\components\flx6.dll -> Not-A-Virus.Hoax.Win32.Renos.dp : Ignored.
    C:\WINDOWS\system32\components\flx7.dll -> Not-A-Virus.Hoax.Win32.Renos.dp : Ignored.
    :mozilla.10:C:\Documents and Settings\Matt\Application Data\Netscape\NSB\Profiles\6mgxzgm7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\Documents and Settings\Matt\Application Data\Netscape\NSB\Profiles\6mgxzgm7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\Documents and Settings\Matt\Application Data\Netscape\NSB\Profiles\6mgxzgm7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.13:C:\Documents and Settings\Matt\Application Data\Netscape\NSB\Profiles\6mgxzgm7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.161:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.26:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.27:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.29:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.39:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.40:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.41:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.6:C:\Documents and Settings\Kenny Kaye\Application Data\Mozilla\Profiles\default\idhwdc1p.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.70:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.71:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.72:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.73:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.74:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.7:C:\Documents and Settings\Kenny Kaye\Application Data\Mozilla\Profiles\default\idhwdc1p.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.8:C:\Documents and Settings\Kenny Kaye\Application Data\Mozilla\Profiles\default\idhwdc1p.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Abby\Cookies\abby@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Jake\Cookies\jake@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Kenny Kaye\Cookies\kenny kaye@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Matt\Cookies\matt@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Matt\Cookies\matt@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.53:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.61:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.64:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.65:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.29:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.30:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.31:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.31:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.32:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.32:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.32:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.33:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.33:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.33:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.34:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.34:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.35:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.36:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.18:C:\Documents and Settings\Matt\Application Data\Netscape\NSB\Profiles\6mgxzgm7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.22:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.28:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.31:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.102:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
    :mozilla.162:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.163:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.164:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.113:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Kenny Kaye\Cookies\kenny kaye@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.138:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.139:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.25:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.34:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.35:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.38:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.39:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.40:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.46:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Kenny Kaye\Cookies\kenny kaye@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.85:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.86:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.87:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.88:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.89:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.54:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.55:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.59:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.60:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.165:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.168:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.10:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.10:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.11:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.11:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.12:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.12:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.13:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.14:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.15:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.16:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.17:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.18:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.18:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.20:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.21:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.6:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.7:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.8:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.90:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.92:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.93:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.9:C:\Documents and Settings\Abby\Application Data\Netscape\NSB\Profiles\u0z8pnzx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Abby\Cookies\abby@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Jake\Cookies\jake@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.17:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.18:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.143:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Kenny Kaye\Cookies\kenny kaye@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.146:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.147:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.148:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.149:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.35:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.36:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.37:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.38:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2rt6ahpj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.76:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.77:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.78:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.130:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.131:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.132:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.133:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.134:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.135:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.136:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.108:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.109:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.110:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.127:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.128:C:\Documents and Settings\Kenny Kaye\Application Data\Netscape\NSB\Profiles\hw8dqntb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Kenny Kaye\Cookies\kenny kaye@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

    ::Report end
     

    Attached Files:

  2. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    You have two things in your HJT log that should be removed:

    O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt0.dll
    O4 - HKCU\..\Run: [68e8f6f7.exe] C:\Documents and Settings\Matt\Local Settings\Application Data\68e8f6f7.exe

    Reboot into safemode and delete:

    C:\Documents and Settings\Matt\Local Settings\Application Data\68e8f6f7.exe <--file
    C:\WINDOWS\System32\issearch.exe <--file

    reboot and post a new log.
     
  3. ElementalDragon

    ElementalDragon The One and Only

    Messages:
    3,159
    Location:
    Lehighton, PA
    if that don't work, as a temporary fix (if you're using IE.... dunno if it works for FireFox, Opera, etc...), create a shortcut on your desktop if you don't already have one. go to the properties of said shortcut, and in the Target box, at the end put a space, then "-nohome" without the quotes. that might be able to override it until the real problem is discovered.
     
  4. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    The BHO is the real problem.
     
  5. technokid88

    technokid88 Part of a System Folding Team

    Messages:
    741
    Location:
    In a world without windows
    Try the free trial of this program Ewido Security Suite

    When you ran SmitFraud fix make sure your system restore is off in windows and run it in safemode. After you do this run a clean up. CCcleaner is good. Or follow these instructions.

    Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr
    Wait while Windows scans your system for files to delete.
    Make sure these 3 are checkmarked and press *ok* to delete them.

    Temporary Files
    Temporary Internet Files
    Recycle Bin
    ....................................................
    And be sure to follow up with a full system scan with Adaware SE
    ....................................
    Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

    One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

    To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

    (winXP)

    1. Turn off System Restore.
    Go to Start and right-click on *My Computer*.
    Click Properties.
    Click the System Restore tab.
    Put a Checkmark in the box next to "Turn off System Restore".
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.
    Go to Start and right-click on *My Computer*.
    Click Properties.
    Click the System Restore tab.
    Remove the checkmark next to "Turn off System Restore".
    Click Apply, and then click OK.

    How to Turn On and Turn Off System Restore in Windows XP
    http://support.microsoft.com/default.aspx?...kb;en-us;310405

    Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help [​IMG].
    How do I prevent Browser Hijacks and Spyware?
    http://www.dslreports.com/faq/13620

    I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
    Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
    Windows Update
    http://update.microsoft.com/microsoftupdate/

    And see this link for instructions on how to configure the enhanced security features in SP2:
    http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

    I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

    MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
    Microsoft Baseline Security Analyzer
    http://www.microsoft.com/technet/security/...s/mbsahome.mspx
    Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you
     
    Last edited: Jun 21, 2006
  6. greenvillemhunt

    greenvillemhunt OSNN One Post Wonder

    Messages:
    2
    Seems to have done the trick. Thanks.
    Here's the new log:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:51:53 PM, on 6/20/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Norton Internet Security\IAMAPP.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Norton Internet Security\NISSERV.EXE
    C:\Program Files\Norton Internet Security\ATRACK.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Matt\Desktop\HijackThis\HijackThis.exe
    C:\WINDOWS\ServicePackFiles\i386\iexplore.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt0.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
    O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
    O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150669317765
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
     
  7. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Looks clean, you have one orphaned entry that should be removed:

    O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\System32\ixt0.dll (file missing)