1st let me say thanks in advance to those of you who always help out those in need, likely for free.
I have been working on this for 2 days with no success. Did trend micro housecall online, spybot sd, adaware, and ewido in safe mode a little earlier today, among many other things. I use pc cillin 2006, but it can only keep popping up notifications of ADW_AGENT.CSK, and DIAL_DIALER.JC, and others that are trying to access the internet about 20-30 times an hour, and it denies access. I also tried to restore to 2 earlier points, but it says it cannot be done and no changes are made. I disabled system restore before running the gambit of spyware removal tools.
Also, WINAntiviruspro 2006 keeps popping up, along with other popups, my google toolbar stopped blocking them, so I uninstalled it after I couldn't get it to reset by changing settings.
When I tried to use Windows Update, I got an error message that the website encountered problems, and the page couldn't be displayed on 2 separate occasions.
The strange files keep replicating in my windows/temp folder, and I have tried emptying that folder and the recycle bin.
I am attaching the logs, if anyone knows what I can do next, I am at a loss.
Logfile of HijackThis v1.99.1
Scan saved at 5:34:04 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\DISC\DiscGui.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
c:\program files\z-firm llc\shiprush v4\ShipRushServer.exe
C:\PROGRAM FILES\PURE NETWORKS\NETWORK MAGIC\NMSRVC.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRAM FILES\DISC\DISCSTREAMHUB.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\system32\vymbintj.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [updateMgr] C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\1.0.720.3640\GOOGLETOOLBARNOTIFIER.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\g5099703.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\g5099703.dll (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://www.charter....bin/tgctlcm.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Z-Firm ShipRush v4 (ZFShipRushShipping4) - Z-Firm LLC - c:\program files\z-firm llc\shiprush v4\ShipRushServer.exe
-----------------------------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 3:32:37 PM 9/5/2006
+ Scan result:
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@admarketplace[2].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\4XEN41M7\bgates[2].exe -> Trojan.Dialer.pz : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc132.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc213.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc214.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc215.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc216.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc217.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc218.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc219.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc220.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd6.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd76.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd8.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\0XIJWPMR\srvwwp[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\LSKF15SX\srvvnv[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\SXYR09UN\srvlkj[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\U66P9HGI\srvjml[1].exe -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc123.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc133.exe -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc134.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc135.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc136.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc145.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc147.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc252.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc276.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc277.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc280.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc283.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc284.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc286.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc288.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc289.exe -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc302.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc303.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc305.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc307.exe -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc314.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc330.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc47.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc62.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc64.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc65.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc67.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc70.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc73.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc79.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc80.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc81.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc86.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc88.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc90.tmp -> Trojan.Pakes : No action taken.
C:\RECYCLER\S-1-5-21-1242642415-2609294279-661467045-1008\Dc94.tmp -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\win30.tmp -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\win74.tmp.exe -> Trojan.Pakes : No action taken.
::Report end
Sign In
Create Account
