Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Under severe attack [Resolved]


  • This topic is locked This topic is locked

#1
billyd

billyd

    Member

  • Member
  • PipPip
  • 63 posts
:tazz:
Yesterday early I left computer all was OK. When I got back in the evening The BOMBS where all over the place. The first thing I noticed was BULLEYENETWORK!! Had decided to grab me by the short hairs. Then I saw the dreaded IBIS dailer when I ran AD-Aware. My usual 3-50 critical objects became 500!! I have tried unsucessfully to clean with my scan of HJT, by selecting the items I know are bad. I went to AD/Remove and unintalled BULLS, that seemed to take but the other items WILL NOT GO AWAY! I now have an added toolbar on internet explorer. And I had trouble getting on Geeks to Go site. Went in through Google but could not find way to post log. When I uninstalled Win-tools, as suggested I was able to get to site. I do not know if that is a related occurance or not. Anyways here is HTJ log.Logfile of HijackThis v1.99.1
Scan saved at 12:04:03 PM, on 3/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\sol.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BB6D365-F41F-4271-83CF-2ABB9A0DA294}: NameServer = 204.255.24.254 204.255.24.251
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

thanks for al your help
Billd
  • 0

Advertisements


#2
billyd

billyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi all,
I seem to be getting a little better at this. Since my last post I went looking to help myself with some of the knowledge I have picked up from Trevuren and the site. My last Ad-aware scan found only 80 bojects and was able to clean them up. Yesterday my scans resulted in 370, 500 etc. with ad-aware not able to clean up the mess. I went to add remove and removed media acess/ tool/kit and another viper or two. Rebooted and cecked running processes (now down to 36) which seam about right. I do see something called residence.exe and I don't know what that is. But my daughter added sony imagemixer yesterday, and mabe that is part of that as it is in tray on the bottom. Please take a look at new HJT log and let me know if you think I am clean and rid of THE DREADED IBIS DAILER AND ANY OTHER VIPERS LURKING, in the machine. AS always Gracias amigos. :tazz:
Logfile of HijackThis v1.99.1
Scan saved at 12:52:33 PM, on 3/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BB6D365-F41F-4271-83CF-2ABB9A0DA294}: NameServer = 204.255.24.254 204.255.24.251
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Billyd
  • 0

#3
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Billyd,
You did a very nice job cleaning your log, It's clean,
Trevuren did a fine job teaching you!

I do see something called residence.exe and I don't know what that is. But my daughter added sony imagemixer yesterday, and mabe that is part of that as it is in tray on the bottom.

You are correct



Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep Ad-aware and Spybot handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program
Download and install Cleanup
Run "Cleanup" and when it has finished, Reboot

Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here Name it clean or something like that,
  • 0

#4
billyd

billyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
:tazz:
Hi DON77
I just finished downloading spyblaster. I will post new log in a few, after I do scans again. These past few days I have spent some time on the site and picked up some pointers from reading posts. I still have a long way to go, but I'm on the road to finding out. I did visit Major Geek site yesterday and took down BHODeamon. I also checked my old HJT logs and compared them to newer scan. I see after reading BHO stuff how you just are so open to the "INVASION OF THE BODY SNACHERS" at all times! I do have a question, I see this new item on process list "mspn32.exe" I looked in ADD/REMOVE did not see it. I do not know what it is, so of naturally I am concerned.
I think this site is a "GOD SEND" Way back when I first had problems there was no one to turn too. I remember calling Sears a while back and getting info like just do system restore "I do it all the time myself" THATS GREAT ADVICE!
I check in at least once a day since I have found the site and find much of interest. My hat is off to all the GEEKS, admin and and all the geeks in training.
Thanks for all of your help!! ;)
Billyd
  • 0

#5
billyd

billyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi All,
My new HJT log. I have run Ad-Aware(0 objects) run CCleaner emtied all. Ran AVG this morning (0 virus) BUT I still see this mspn32.exe in processes. I kill it and Explorer loads faster. I also see sent bytes drop once I kill it. BUT I can't find where the little bugger is living SO I CAN SQAUSH IT! aNY HELP ON THIS WOULD BE GREAT :tazz:
Logfile of HijackThis v1.99.1
Scan saved at 9:58:59 AM, on 3/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\mspn32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Windows Processe Manager] mspn32.exe
O4 - HKLM\..\RunServices: [Windows Processe Manager] mspn32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Windows Processe Manager] mspn32.exe
O4 - HKCU\..\RunServices: [Windows Processe Manager] mspn32.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks for the time,
billyd
  • 0

#6
billyd

billyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi all,
I ran panda virus scan and here it is! AVG. found nothing this morning yet panda has listed few. I know I removed the spyware and adware from add remove but it shows up on this scan? STILL A LOT INEED TO KNOW! THE ROAD IS A LONG EH! :tazz:
Incident Status Location

Virus:W32/Gaobot.ECN.worm Disinfected Operating system
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall*.exe
Adware:Adware/nCase No disinfected C:\Temp\FLEOK
Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\UpdMgr
Adware:Adware/WinTools No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools
Adware:Adware/SideSearch No disinfected C:\Program Files\Lycos
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\polall1r.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:Adware/WildTangent No disinfected C:\Program Files\WILDTANGENT
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Spyware:Spyware/Lowzones No disinfected C:\g1.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\common.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\TBPS.exe
Adware:Adware/ToolbarMase No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\toolbar.dll
Adware:Adware/Beginto No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\WIN13.tmp
Adware:Adware/Beginto No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\WIN18.tmp
Adware:Adware/Beginto No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\WIN19.tmp
Adware:Adware/Beginto No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\WIN1B.tmp
Adware:Adware/Beginto No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\WIN2.tmp
Adware:Adware/Beginto No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\WIN22.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~12561.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~13285.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~133177.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~15668.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~183521.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~23752.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~237754.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~243157.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~25023.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~308555.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~314504.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~359950.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~430706.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~431676.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~440573.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~459334.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~469216.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~469458.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~48533.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~487547.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~502574.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~504013.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~50555.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~528974.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~53956.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~542460.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~563361.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~629579.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~635040.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~640524.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~669650.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~691294.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~698248.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~706050.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~717736.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~727505.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~737390.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~742549.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~745856.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~750373.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~767843.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~788985.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~798035.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~803382.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~807119.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~808206.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~809963.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~848362.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~850515.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~852359.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~855259.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~856639.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~862904.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~863308.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~915995.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~918843.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~920983.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~926483.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~930204.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~931478.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~932785.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~940090.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~948974.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~952723.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~953001.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~959971.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~965452.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~966125.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~968312.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~968479.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~971462.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~973331.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~978712.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~979824.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~980029.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~986291.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~990339.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~992057.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~995635.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~997569.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~999175.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy\Local Settings\Temp\~999253.tmp
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-185342-364.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-190950-443.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-193223-489.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-193223-925.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-194552-235.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-201250-901.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-204027-440.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-204027-918.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050322-082003-526.dll
Adware:Adware/BlazeFind No disinfected C:\Documents and Settings\Guest\Local Settings\Temp\bar.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~10347.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~136765.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~33283.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~482904.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~703200.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~743409.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~993334.tmp
Adware:Adware/BlazeFind No disinfected C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\HJ4MG4LI\bar[1].exe
Adware:Adware/BlazeFind No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\bar.exe
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\bi.inf
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\common.dll
Adware:Adware/MyDailyHoroscopeNo disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\II92.tmp
Adware:Adware/nCase No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\msbb.exe
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\SahUpdate\WEBInstaller.dll
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\SahUpdate\xmlparse_.dll
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\SahUpdate\xmltok_.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\TBPS.exe
Virus:Trj/Downloader.GK Disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\THI5E4.tmp\polall1r.inf
Adware:Adware/ToolbarMase No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\toolbar.dll
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\Tvm.upd
Adware:Adware/KeenValue No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\UpdatedUpdaterInstall.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~191139.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~22388.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~329676.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~3310.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~333160.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~36734.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~390857.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~394629.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~413525.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~413631.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~432747.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~438329.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~460831.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~483949.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~494720.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~498672.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~5110.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~587282.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~589559.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~594292.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~611861.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~634214.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~638771.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~639868.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~657324.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~685832.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~712549.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~720360.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~726796.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~739.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~745376.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~754463.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~768085.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~776598.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~779628.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~780086.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~791666.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~809285.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~831568.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~833116.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~833935.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~836854.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~846015.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~851477.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~858866.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~863863.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~867661.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~867794.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~868627.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~872063.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~883360.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~902484.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~915052.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sonia\Local Settings\Temp\~922252.tmp
  • 0

#7
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi again Billy,
Need you to do a few things please
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT
Drag HJT into it please,

Next,
Please open HJT> Click on the Config button> Click >Misc. Tools > Click > Open Process manager> Highlight “mspn32.exe “ >Click> Kill process>
Next click the scan button and put a check mark next to the following, close all open windows , Click “ Fix Checked”

O4 - HKLM\..\Run: [Windows Processe Manager] mspn32.exe
O4 - HKLM\..\RunServices: [Windows Processe Manager] mspn32.exe
O4 - HKCU\..\Run: [Windows Processe Manager] mspn32.exe
O4 - HKCU\..\RunServices: [Windows Processe Manager] mspn32.exe


Reboot to safe mode ( by tapping the F8 key on start up ) make sure you can view all hidden folders/files View Hidden Folders search for and delete the following in BOLD

C:\WINDOWS\System32\mspn32.exe

Restart your computer,

Download and install Cleanup
Don't run it yet,
Reboot to safe mode,
Open Cleanup!, Click Cleanup and let it run,
When asked to reboot click "Yes"

Run another scan with Activescan, Lets us know what it finds,
Post back a fresh HJT log as well please
  • 0

#8
billyd

billyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi Don,
I ran active scan and have attached along with HJT log. The funny? thing is that when I went to kill mspn32.exe It was not there? Its like the imaculate conxection? well I ran cleaner which found more stuff on temp to clean than the CCleaner. have run Ad-aware also. Computer seems OK though. Recieved bytes 1,200,000 sent t 220,000 bytes. I have reset internet options to promt on cookies and activex. Amazing how many guys want to load cookies! I started to look at PandU and will probalby go back to finish that when I have some time. There is soo much stuff to learn and so little time eh! well here are the logs. And again thank you for your time. Once I absorb some more of what to look for and how to fix stuff I will apply to GeekU maybe? :tazz:
Incident Status Location

Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall*.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\msbb*
Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\UpdMgr
Adware:Adware/WinTools No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools
Adware:Adware/SideSearch No disinfected C:\Program Files\Lycos
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:Adware/WildTangent No disinfected C:\Program Files\WILDTANGENT
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-185342-364.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-190950-443.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-193223-489.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-193223-925.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-194552-235.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-201250-901.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-204027-440.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-204027-918.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050322-082003-526.dll
Adware:Adware/Minibug.A No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/KeenValue No disinfected C:\Program Files\IncrediFind\BHO\IncFindBHO170.dll
Adware:Adware/WildTangent No disinfected C:\Program Files\WildTangent\Apps\WebDriverInstall.exe
Adware:Adware/WUpd No disinfected C:\win.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\70tovmto.exe
Adware:Adware/BlazeFind No disinfected C:\WINDOWS\bar.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-1.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-10.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-11.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-12.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-13.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-14.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-15.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-16.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-17.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-18.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-19.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-2.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-20.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-21.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-22.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-23.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-24.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-25.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-26.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-27.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-28.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-29.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-3.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-30.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-31.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-32.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-33.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-34.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-35.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-36.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-37.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-38.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-39.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-4.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-40.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-41.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-42.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-43.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-44.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-45.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-46.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-47.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-48.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-49.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-5.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-50.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-51.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-52.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-53.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-54.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-55.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-56.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-57.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-58.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-59.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-6.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-60.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-61.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-62.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-63.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-64.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-65.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-66.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-67.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-68.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-69.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-7.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-70.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-71.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-72.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-73.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-74.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-75.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-76.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-77.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-78.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-79.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-8.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-80.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-81.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-82.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-83.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-84.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-85.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-86.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-87.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-88.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-89.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-9.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-90.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-91.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-92.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-93.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-94.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-95.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-96.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-97.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-98.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-99.exe
Adware:Adware/SearchWWW No disinfected C:\WINDOWS\pss\Search.vbsCommon Startup
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\2b3fsk0h.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\bln02nqv.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\gah95on6.exe
HJT log,
Logfile of HijackThis v1.99.1
Scan saved at 10:49:09 AM, on 3/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BB6D365-F41F-4271-83CF-2ABB9A0DA294}: NameServer = 204.255.24.254 204.255.24.251
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Gracias Amigo ;)
  • 0

#9
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Billy need you to reboot to safe mode and search for and delete the files found by Active scan,
The folders are highlighted in Red need to be removed along with the files Bolded

Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall*.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\msbb*
Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\UpdMgr
Adware:Adware/WinTools No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools
Adware:Adware/SideSearch No disinfected C:\Program Files\Lycos
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:Adware/WildTangent No disinfected C:\Program Files\WILDTANGENT
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Adware:Adware/Minibug.A No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/KeenValue No disinfected C:\Program Files\IncrediFind\BHO\IncFindBHO170.dll
Adware:Adware/WildTangent No disinfected C:\Program Files\WildTangent\Apps\WebDriverInstall.exe
Adware:Adware/WUpd No disinfected C:\win.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\70tovmto.exe
Adware:Adware/BlazeFind No disinfected C:\WINDOWS\bar.exe

It is likely when you kill the NDNuninstall*.exe the rest of these will go, If not you will have to serach for them all


Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-1.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-10.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-11.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-12.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-13.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-14.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-15.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-16.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-17.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-18.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-19.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-2.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-20.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-21.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-22.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-23.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-24.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-25.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-26.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-27.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-28.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-29.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-3.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-30.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-31.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-32.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-33.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-34.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-35.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-36.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-37.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-38.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-39.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-4.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-40.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-41.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-42.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-43.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-44.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-45.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-46.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-47.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-48.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-49.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-5.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-50.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-51.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-52.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-53.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-54.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-55.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-56.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-57.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-58.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-59.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-6.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-60.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-61.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-62.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-63.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-64.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-65.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-66.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-67.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-68.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-69.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-7.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-70.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-71.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-72.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-73.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-74.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-75.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-76.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-77.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-78.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-79.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-8.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-80.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-81.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-82.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-83.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-84.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-85.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-86.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-87.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-88.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-89.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-9.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-90.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-91.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-92.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-93.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-94.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-95.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-96.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-97.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-98.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38-99.exe
Adware:Adware/SearchWWW No disinfected C:\WINDOWS\pss\Search.vbsCommon Startup
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\2b3fsk0h.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\bln02nqv.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\gah95on6.exe


Rescan with Active scan and let us know what it finds please
  • 0

#10
billyd

billyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi Don,
Looks Like I have some work to do. Just to be safe. My question is, Go to c drive in safe mode and look for folders? I know you said files,not sure how to find them. I just checked my computer, c drive and looked around in various folders and did not see any of the items highlighted. So if you could help me out on how and where to look I'll get right on it.
Thanks for checking back with me so fast.
Billyd :tazz:
  • 0

Advertisements


#11
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
go to Start>Search>Files/folders>in the Search for Files or Folders box, Type in or better yet copy and paste the file name from the list, Be sure you are checking C: Click Search Now,
For some of the files those highlighted in red, You should see it is found in a folder, delete that folder, And only those I have hightlighted in Red,
For the files same process,
Hope that helps
  • 0

#12
billyd

billyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi Don,
The weary pilgrim has done most of what you asked. A few of the items did not show up on file search. But as you can see from the log Panda found them! In the meantime I will go back and try to find them again. The scan is down from the 130 or so items to 19 I think. I also ran cleaner(cleanup) and emtyied the Bin. Question, as I deleted some of the files they would show up in the dialoge box as being in the recyle bin, while I was emtiing the bin as I went along. I guess when I reboot in a few I will see if they show up and try again. msbb* showed up as msbbs* its not exactly the same so I did not delete.
Here are the logs, my friend
Logfile of HijackThis v1.99.1
Scan saved at 10:46:35 PM, on 3/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BB6D365-F41F-4271-83CF-2ABB9A0DA294}: NameServer = 204.255.24.254 204.255.24.251
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Incident Status Location

Adware:Adware/nCase No disinfected C:\WINDOWS\msbb*
Adware:Adware/KeenValue No disinfected C:\Program Files\IncrediFind
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/WildTangent No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Adware:Adware/WinAD No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-185342-213.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-185342-364.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-190950-443.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-193223-489.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-193223-925.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-194552-235.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-201250-901.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-204027-440.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-204027-918.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050322-082003-526.dll
Adware:Adware/SearchWWW No disinfected C:\WINDOWS\pss\Search.vbsCommon Startup
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\2b3fsk0h.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\bln02nqv.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\gah95on6.exe
mucho gracias
Billyd :tazz:
  • 0

#13
billyd

billyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hi Don,;) Dead Tired, Went through it all again. Iwas able to finally look in hidden files(dummy me) but I'll cop to being tired(ha)! Got 2b3fsk0h.dll,bln02nqv.exe,gah95on6.exe. but as you can see from panda still stuff there where the h... it is I can only guess?
did scans again so forget last post. And here is the dirty....
Incident Status Location

Adware:Adware/nCase No disinfected C:\WINDOWS\msbb*
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/WildTangent No disinfected Windows Registry
Adware:Adware/WinAD No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-185342-213.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-185342-364.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-190950-443.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-193223-489.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-193223-925.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-194552-235.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-201250-901.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-204027-440.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-204027-918.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050322-082003-526.dll
Adware:Adware/SearchWWW No disinfected C:\WINDOWS\pss\Search.vbsCommon Start
Logfile of HijackThis v1.99.1
Scan saved at 1:12:33 AM, on 3/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BB6D365-F41F-4271-83CF-2ABB9A0DA294}: NameServer = 204.255.24.254 204.255.24.251
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
:tazz:
  • 0

#14
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Billy, Great job!!

You have actually rid yourself of most of this crap quite nicely,
A few more to go

Adware:Adware/nCase No disinfected C:\WINDOWS\msbb*
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/WildTangent No disinfected Windows Registry
C:\WINDOWS\pss\Search.vbsCommon Start


This should make you feel a little better, The following are back ups to HJT,

Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-185342-213.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-185342-364.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-190950-443.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-193223-489.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-193223-925.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-194552-235.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-201250-901.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-204027-440.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050321-204027-918.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Billy.CAMILA\Desktop\hijackthis\backups\backup-20050322-082003-526.dll
Adware:Adware/SearchWWW No disinfected C:\WINDOWS\pss\Search.vbsCommon Start

You can actually clear out your back ups in HJT then run another scan with Activescan and lets see what it comes back with
Just have to clean up a bit in the registry to clean up a couple items
  • 0

#15
billyd

billyd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Good Morning Beantown Don, :tazz:
I did get the Wildtangent before I went to bed last night(noticed the different way the capitals were) But, I can not find the last 3 anywhere, any suggestions on how to go about looking for the VIPERS? Another related question, as I watch these scans even though they move so fast... I see stuff like AvenueAInc, Bargain Buddy, Gator to name 3 that are familiar to me. I wnet looking while in safe mode and see a whole host of these things zipped up and still on the machine. So the question is Do I ZAP them?
Please get back to me, and Thanks for sticking by me for this.
Billyd ;)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP