Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan agent winlogonhook

Started by scarface1100 , Apr 16 2006 05:19 PM

  • Please log in to reply

#1
scarface1100
Posted 16 April 2006 - 05:19 PM

scarface1100

    New Member

  • Member
  • Pip
  • 9 posts
:whistling: :blink: :help: I am a computer newbie...I have a brand new hp pavilion & currently running windows xp...im running the latest v of webroot spysweeper & Norton antivirus....iv'e noticed several times norton says my computer was infected w/ a virus & unable to repair, however when i perform a full scan , the system shows up clean; when performing my spysweeper sweep I consistantly get a trojan horse showing up & unable to repair- the trojan description is : trogan agent winlogonhook(13 subtraces found) HKLM|software\microsoft\mssmgr\....i have contacted webroot with no responces & I have performed all the outlined instructions on this website, on the page "you must read this before posting a high jack this log". ive noticed each different spyware/ malware program indicates many more than just 1 virus & 1 trojan , a rather extensive list ; but iv'e followed all the procedures outlined...i also have trouble restrating my computer in safe mode , it'll freeze up....
here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 3:03:04 PM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\ehome\mcrdsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BufferZone\CLIENTGUI.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...lion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3350F193-4FF1-4EAC-9C71-AD8ECF8EE130} - C:\WINDOWS\system32\msacm32d.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1162
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

***any help is greatly appreciated asap; ive only owned this computer for about 15 days now & am considering returning it before the 21'st day if i cannot fix this issue ******** :) :) :D

this was the results of panda active scan:
Incident Status Location

Virus:Trj/Downloader.IHX Not disinfected Operating system
Adware:Adware/KeenValue Not disinfected C:\WINDOWS\system32\msacm32d.dll
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\winrkp32.dll
Adware:adware/emediacodec Not disinfected C:\WINDOWS\SYSTEM32\dfrgsrv.exe
Adware:adware/yazzle Not disinfected Windows Registry
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[4].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[4].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[4].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[4].txt
Virus:Trj/Downloader.IHX Not disinfected C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\CLMVKDEV\srvvyr[1].exe
Virus:Trj/Downloader.IHX Not disinfected C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GP6R4TQN\srvtxo[1].exe
Virus:Trj/Downloader.IHX Not disinfected C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\I5GVUF2B\srviur[1].exe
Virus:Trj/Downloader.IHX Not disinfected C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OJYH0X8D\srvbvf[1].exe
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\HP_Administrator\Shared\lime loads\adobe illustrator\photoshop illustrator cs2.zip[YSB_toolBar.exe]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Cookie/2o7 Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][10].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][11].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][12].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][13].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][14].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][15].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][16].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][17].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][5].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][6].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][7].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][8].txt
Spyware:Cookie/YieldManager Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][9].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[3].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[4].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[5].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[6].txt
Spyware:Cookie/PointRoll Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Advertising Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[4].txt
Spyware:Cookie/Advertising Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[5].txt
Spyware:Cookie/Advertising Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[6].txt
Spyware:Cookie/Falkag Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[3].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[4].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[5].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bluestreak[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bluestreak[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[3].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[4].txt
Spyware:Cookie/Com.com Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[4].txt
Spyware:Cookie/Com.com Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[5].txt
Spyware:Cookie/Sextracker Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[3].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[4].txt
Spyware:Cookie/FastClick Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kinghost[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[4].txt
Spyware:Cookie/Overture Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[2].txt
Spyware:Cookie/PayCounter Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@paycounter[2].txt
Spyware:Cookie/Overture Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[3].txt
Spyware:Cookie/RealMedia Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[3].txt
Spyware:Cookie/RealMedia Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[4].txt
Spyware:Cookie/RealMedia Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[6].txt
Spyware:Cookie/Sextracker Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sextracker[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[3].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[4].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[3].txt
Spyware:Cookie/Adserver Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[3].txt
Adware:Adware/PurityScan Not disinfected C:\Virtual\Untrusted\C_\Documents and Settings\HP_Administrator\Local Settings\Temp\cliAF6.tmp
  • 0

Advertisements

#2
skate_punk_21
Posted 28 April 2006 - 07:38 AM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O2 - BHO: (no name) - {3350F193-4FF1-4EAC-9C71-AD8ECF8EE130} - C:\WINDOWS\system32\msacm32d.dll (file missing)
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.


Download Killbox
Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Select each of the following files below with your mouse, then right click and select copy, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Now in Killbox go to, File then select, Paste from clipboard! Now hit the X button - choose YES when it asks if you want to reboot) Click Yes at the 'Pending Operations prompt'. if you see it:

C:\WINDOWS\SYSTEM32\dfrgsrv.exe
C:\WINDOWS\system32\msacm32d.dll
C:\WINDOWS\system32\winrkp32.dll



Reboot Now

Please post a fresh hijackthis log, as well as a computer status update and let me know how things are going.
Skate
  • 0

#3
scarface1100
Posted 13 May 2006 - 11:43 PM

scarface1100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
well, I didn't think anyone was going to reply & I was desperate to get rid of this trojan asap , or return the computer before my trial period. Anyway, I know it wasn't probably the smartest thing to do, but I just decided to remove or fix each file in the hijack this log , & i believe I deleted or repaired all files in the ewido log. whatever I fixed or deleted , Im guessing , got rid of the trojan & any other viruses or spyware that might have been lingering....Anyways my webroot spyware scan comes up clean now, no more spyware or trojans. my ewido malware scan basically comes up clean except for a couple spywares , if I surf the internet for a few days & then do a scan, but pretty clean. my norton av comes out clean everytime....
overall my computer seems to be functioning o.k. however i'm just a little worried I may have deleted something important & may pay for it later.
heres is my latest hijack this log. Do you see any concerns or problems that may need to be addressed , or is my computer clean?
Logfile of HijackThis v1.99.1
Scan saved at 10:28:48 PM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\jre\bin\java.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\MARINE~1.SCR
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...lion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3350F193-4FF1-4EAC-9C71-AD8ECF8EE130} - C:\WINDOWS\system32\msacm32d.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1162
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maya 7 PLE Documentation Server (mple7docserver) - Unknown owner - C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Edited by scarface1100, 13 May 2006 - 11:48 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP