I'm not even a substitute for Evo, but I think he's dead right there. I'm having trouble getting rid of DeskAd myself from the lappy, did a full AdAware and Spybot scan, neither of them picked it up, I'm now running a virus scan, then I'll do a hijackthis and post the results for Liam to have a look at.
Nothing found in virus scan. Keep getting appliaction error for DeskAdServ.exe. Have to close down six or seven separate processes to get rid of it. Over to you Liam! :ok:
(Could this be coming from
www.miniclip.com which my little girl spends a lot of time on playing games?)
Logfile of HijackThis v1.99.0
Scan saved at 8:44:25 PM, on 1/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\ISafe.exe
C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\VetMsg.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\System32\\hkcmd.exe
C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe
C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe
C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe
C:\\PROGRA~1\\COMMON~1\\ADAPTE~1\\CreateCD\\CREATE~1.EXE
C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
C:\\Program Files\\FinePixViewer\\QuickDCF.exe
C:\\Program Files\\Microsoft Office\\Office\\OSA.EXE
C:\\WINDOWS\\webshots.scr
C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE
C:\\Program Files\\HijackThis.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar =
http://red.clientapps.yahoo.com/cust...ch/ie.html</a>
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page =
http://red.clientapps.yahoo.com/cust....yahoo.com</a>
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page =
http://www.abc.net.au/news
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) =
http://red.clientapps.yahoo.com/cust....yahoo.com</a>
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 6.0\\Reader\\ActiveX\\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\\PROGRA~1\\SEARCH~1\\SEARCH~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\\WINDOWS\\System32\\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar3.dll
O4 - HKLM\\..\\Run: [IgfxTray] C:\\WINDOWS\\System32\\igfxtray.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\WINDOWS\\System32\\hkcmd.exe
O4 - HKLM\\..\\Run: [CARPService] carpserv.exe
O4 - HKLM\\..\\Run: [SynTPLpr] C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe
O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
O4 - HKLM\\..\\Run: [REGSHAVE] C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN
O4 - HKLM\\..\\Run: [CaAvTray] "C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe"
O4 - HKLM\\..\\Run: [CAVRID] "C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe"
O4 - HKLM\\..\\Run: [AdaptecDirectCD] "C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
O4 - HKLM\\..\\Run: [DeskAd Service] C:\\Program Files\\DeskAd Service\\DeskAdServ.exe
O4 - HKLM\\..\\Run: [bixuh] C:\\WINDOWS\\bixuh.exe
O4 - HKLM\\..\\Run: [CreateCD50] C:\\PROGRA~1\\COMMON~1\\ADAPTE~1\\CreateCD\\CREATE~1.EXE -r
O4 - HKCU\\..\\Run: [MsnMsgr] "C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe" /background
O4 - Startup: Webshots.lnk = C:\\Program Files\\Webshots\\Launcher.exe
O4 - Global Startup: Exif Launcher.lnk = C:\\Program Files\\FinePixViewer\\QuickDCF.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\\Program Files\\Microsoft Office\\Office\\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\\Program Files\\Microsoft Office\\Office\\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\\program files\\google\\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\\program files\\google\\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\\program files\\google\\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\\program files\\google\\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\\program files\\google\\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\MSMSGS.EXE
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/Cl...ridge-c356.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -
http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: CAISafe - Unknown - C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\ISafe.exe
O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\VetMsg.exe