pokapoka63

Hi acxnpa, welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your problem.

1. Download this tool: LQfix.zip
Unzip it to your Desktop.
Don't use it yet!

IMPORTANT! Reboot the computer into Safe Mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter').

2. Doubleclick LQfix.bat that you saved on your desktop before.
A doswindow will open and close again, that is normal.

3. Reboot into normal mode and scan with HijackThis. Post the new log as a reply to this thread.

Regards,

Trevuren

Hi Trevuren,
Here's the new log. Everything seems to be back to normal! Thanks a million for your help!

Logfile of HijackThis v1.99.1
Scan saved at 8:24:56 PM, on 8/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod mini\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.netscape.com/hp.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/downlo

• Please RUN HijackThis.
  . Click the SCAN button to produce a log.
  
  
• Place a check mark beside each one of the following items:
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
  
  
• Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
  
  
• Reboot Your System
  
  
  
• Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.

Regards,

Trevuren

When I run Yahoo Anti-Spy from Yahoo's toolbar, it finds ISTBar. I remove it but it returns every time I restart my computer.
Now, I just ran Spybot and Ad Aware. I hadn't been able to complete a scan with either of these until pokapoka62.exe was removed.
Spybot found 8 suspicious programs and Ad-Aware found 2.
Here is Ad-Aware's log - sorry that it is so long:

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, August 14, 2005 10:21:57 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R60 04.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker(TAC index:4):21 total references
Elitum.ElitebarBHO(TAC index:5):1 total references
MRU List(TAC index:0):16 total references
Tracking Cookie(TAC index:3):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


8-14-2005 10:21:57 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\me\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\me\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1465908278-1738908328-1450332936-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1465908278-1738908328-1450332936-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1465908278-1738908328-1450332936-1007\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1465908278-1738908328-1450332936-1007\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1465908278-1738908328-1450332936-1007\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1465908278-1738908328-1450332936-1007\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-1465908278-1738908328-1450332936-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1465908278-1738908328-1450332936-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1465908278-1738908328-1450332936-1007\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1465908278-1738908328-1450332936-1007\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1465908278-1738908328-1450332936-1007\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 644
ThreadCreationTime : 8-15-2005 2:05:35 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 8-15-2005 2:05:39 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 8-15-2005 2:05:43 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 8-15-2005 2:05:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 8-15-2005 2:05:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 948
ThreadCreationTime : 8-15-2005 2:05:45 AM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 972
ThreadCreationTime : 8-15-2005 2:05:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1008
ThreadCreationTime : 8-15-2005 2:05:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1124
ThreadCreationTime : 8-15-2005 2:05:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1188
ThreadCreationTime : 8-15-2005 2:05:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1404
ThreadCreationTime : 8-15-2005 2:05:49 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1440
ThreadCreationTime : 8-15-2005 2:05:50 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [issvc.exe]
FilePath : C:\Program Files\Norton Personal Firewall\
ProcessID : 1456
ThreadCreationTime : 8-15-2005 2:05:50 AM
BasePriority : Normal
FileVersion : 8.0.5.14
ProductVersion : 8.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IS Service
InternalName : ISSVC.exe
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : ISSVC.exe

#:14 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1468
ThreadCreationTime : 8-15-2005 2:05:51 AM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:15 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1480
ThreadCreationTime : 8-15-2005 2:05:51 AM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:16 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1544
ThreadCreationTime : 8-15-2005 2:05:51 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:17 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1948
ThreadCreationTime : 8-15-2005 2:05:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.1699 (xpsp2.050610-1533)
ProductVersion : 5.1.2600.1699
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:18 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2044
ThreadCreationTime : 8-15-2005 2:05:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 148
ThreadCreationTime : 8-15-2005 2:05:54 AM
BasePriority : Normal


#:20 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 212
ThreadCreationTime : 8-15-2005 2:05:54 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:21 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 268
ThreadCreationTime : 8-15-2005 2:05:54 AM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:22 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 412
ThreadCreationTime : 8-15-2005 2:05:54 AM
BasePriority : Normal

ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:23 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 488
ThreadCreationTime : 8-15-2005 2:05:55 AM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:24 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 516
ThreadCreationTime : 8-15-2005 2:05:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:25 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 532
ThreadCreationTime : 8-15-2005 2:05:55 AM
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:26 [tivobeacon.exe]
FilePath : C:\Program Files\Common Files\TiVo Shared\Beacon\
ProcessID : 580
ThreadCreationTime : 8-15-2005 2:05:55 AM
BasePriority : Normal
FileVersion : 1.2
ProductVersion : 2.0
ProductName : TiVo Desktop
CompanyName : TiVo Inc.
FileDescription : TiVo Beacon Service
InternalName : TiVoBeacon.exe
LegalCopyright : Copyright © 2003-2004 TiVo Inc.
LegalTrademarks : TiVo and TiVo Desktop are trademarks of TiVo Inc.
OriginalFilename : TiVoBeacon.exe

#:27 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1068
ThreadCreationTime : 8-15-2005 2:05:55 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:28 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1168
ThreadCreationTime : 8-15-2005 2:05:56 AM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:29 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2612
ThreadCreationTime : 8-15-2005 2:09:02 AM
BasePriority : Normal


#:30 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2432
ThreadCreationTime : 8-15-2005 2:09:03 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:31 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 2760
ThreadCreationTime : 8-15-2005 2:09:05 AM
BasePriority : Normal
FileVersion : 6.14.10.5090
ProductVersion : 6.14.10.5090
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:32 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ProcessID : 2788
ThreadCreationTime : 8-15-2005 2:09:05 AM
BasePriority : Normal


#:33 [hpqcmon.exe]
FilePath : C:\Program Files\HP\Digital Imaging\Unload\
ProcessID : 2796
ThreadCreationTime : 8-15-2005 2:09:05 AM
BasePriority : Normal
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright © 2001
OriginalFilename : HpqCmon.EXE

#:34 [eabservr.exe]
FilePath : C:\Program Files\HPQ\Quick Launch Buttons\
ProcessID : 2824
ThreadCreationTime : 8-15-2005 2:09:05 AM
BasePriority : Normal
FileVersion : 4, 20, 4, 1
ProductVersion : 4, 20, 4, 1
ProductName : Quick Launch Buttons
CompanyName : Hewlett-Packard
FileDescription : Quick Launch Buttons
InternalName : eabsrvr
LegalCopyright : Copyright © 2001-2003 Hewlett-Packard Company
OriginalFilename : eabsrvr.exe

#:35 [hphmon05.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2884
ThreadCreationTime : 8-15-2005 2:09:06 AM
BasePriority : Normal
FileVersion : 5,0,84
ProductVersion : 5,0,84
ProductName : HP Photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon05
InternalName : HPHmon05
LegalCopyright : Copyright © 2003
OriginalFilename : HPHmon05.exe

#:36 [hpwuschd2.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\
ProcessID : 2896
ThreadCreationTime : 8-15-2005 2:09:06 AM
BasePriority : Normal
FileVersion : 2, 0, 39, 0
ProductVersion : 2, 0, 39, 0
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd2.exe

#:37 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2944
ThreadCreationTime : 8-15-2005 2:09:08 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:38 [issch.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 3220
ThreadCreationTime : 8-15-2005 2:09:14 AM
BasePriority : Normal
FileVersion : 3, 10, 100, 1146
ProductVersion : 3, 10
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe

#:39 [point32.exe]
FilePath : C:\Program Files\Microsoft IntelliPoint\
ProcessID : 3320
ThreadCreationTime : 8-15-2005 2:09:15 AM
BasePriority : Normal


#:40 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3380
ThreadCreationTime : 8-15-2005 2:09:17 AM
BasePriority : Normal
FileVersion : 4.9.0.17
ProductVersion : 4.9.0.17
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:41 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 3500
ThreadCreationTime : 8-15-2005 2:09:19 AM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:42 [ipodservice.exe]
FilePath : C:\Program Files\iPod mini\bin\
ProcessID : 3552
ThreadCreationTime : 8-15-2005 2:09:19 AM
BasePriority : Normal
FileVersion : 4.9.0.17
ProductVersion : 4.9.0.17
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:43 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 3704
ThreadCreationTime : 8-15-2005 2:09:21 AM
BasePriority : Idle
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:44 [desktopweather.exe]
FilePath : C:\Program Files\The Weather Channel FW\Desktop Weather\
ProcessID : 3752
ThreadCreationTime : 8-15-2005 2:09:21 AM
BasePriority : Normal
FileVersion : 4.24.0.0
ProductVersion : 4.24.0.0
ProductName : Desktop Weather 4
CompanyName : TWCi
FileDescription : DesktopWeather4
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather4.exe

#:45 [msoffice.exe]
FilePath : C:\Program Files\Microsoft Office\Office\1033\
ProcessID : 3880
ThreadCreationTime : 8-15-2005 2:09:26 AM
BasePriority : Normal
FileVersion : 9.0.2601
ProductVersion : 9.0.2601
ProductName : Microsoft Office 2000
CompanyName : Microsoft Corporation
FileDescription : Microsoft Office 2000 component
InternalName : MSOFFICE
LegalCopyright : Copyright© Microsoft Corporation 1994-1999. All rights reserved.
OriginalFilename : MSOFFICE.EXE

#:46 [hijackthis.exe]
FilePath : C:\Unzipped\hijackthis\
ProcessID : 2072
ThreadCreationTime : 8-15-2005 2:10:15 AM
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section

#:47 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3256
ThreadCreationTime : 8-15-2005 2:10:41 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:48 [spybotsd.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 3512
ThreadCreationTime : 8-15-2005 2:12:49 AM
BasePriority : Normal
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.

#:49 [ypsr.exe]
FilePath : C:\Program Files\Yahoo!\YPSR\
ProcessID : 3712
ThreadCreationTime : 8-15-2005 2:12:53 AM
BasePriority : Normal
FileVersion : 2005, 5, 4, 1
ProductVersion : 1, 0, 0, 0
ProductName : Yahoo! Anti-Spy Application
CompanyName : Yahoo! Inc
FileDescription : Yahoo! Anti-Spy Application
InternalName : YPSR
LegalCopyright : Copyright © 2005 Yahoo! Inc. All rights reserved.
OriginalFilename : YPSR.EXE

#:50 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3292
ThreadCreationTime : 8-15-2005 2:20:56 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:51 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2920
ThreadCreationTime : 8-15-2005 2:21:07 AM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-1465908278-1738908328-1450332936-1007\software\lq
Value : AC

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 17


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:22
Value : Cookie:[email protected]/
Expires : 8-10-2015 10:51:48 AM
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:41
Value : Cookie:[email protected]/
Expires : 8-13-2010 10:10:48 PM
LastSync : Hits:41
UseCount : 0
Hits : 41

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 12-31-2037 8:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 8-5-2035 10:52:00 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/cgi-bin
Expires : 8-7-2015 11:41:12 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@real[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 10-13-2005 3:24:28 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 8-15-2005 1:58:58 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 24



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Elitum.ElitebarBHO Object Recognized!
Type : File
Data : A0039816.dll
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP290\
FileVersion : 1, 0, 0, 60
ProductVersion : 1, 0, 0, 60
ProductName : EliteToolBar Dynamic Link Library
FileDescription : EliteToolBar DLL
InternalName : EliteToolBar
LegalCopyright : Copyright © 2004
OriginalFilename : EliteToolBar.DLL


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 25


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 25




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TR

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : country

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.8

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.9

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.0

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.1

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.2

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.3

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.4

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.5

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.6

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : LU3.7

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 45

10:40:11 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:14.313
Objects scanned:175989
Objects identified:29
Objects ignored:0
New critical objects:29


I don't know how to get a log from Spybot, but the programs it found are:
VBouncer - 1 entry
ABetterInternet - 12entries
AdDestroyer - 2 entries
Elitum.Elitebar - 1 entry
Minibug - 1 entry
Pacimedia - 2 entries
WildTangent - 5 entries
Winsecure - 1 entry

And finally, here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:11:59 PM, on 8/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod mini\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Unzipped\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.netscape.com/hp.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{772424B2-9B9C-49B0-AB15-96CF377C465F}: NameServer = 4.1.1.1,4.2.2.2
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod mini\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

One more problem that is probably unrelated, I sometimes get an error message that just says EAccessViolation. It comes at random times, there doesn't seem to any rhyme or reason to when it comes.
Thank you for being so patient and helping me!

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

• Please download ewido security suite it is a trial version of the program.
  
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed.
• Once the updates are installed do the following:
  • REBOOT into Safe Mode
  • Run EWIDO
  • Click on scanner
  • Click on Start Scan
  • Let the program scan the machine
  • While the scan is in progress you will be prompted to clean files, click OK
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
• Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply

Regards,

Trevuren