Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Spring Cleaning

Started by lickalot , Apr 23 2005 06:37 PM

This topic is locked

#1
lickalot

Posted 23 April 2005 - 06:37 PM

New Member

Member
6 posts

Hi I followed complete directions in the newbie forums and removed alot of evil sh!t from my machine, very excellent and descriptive directions. I just want to make sure the log looks ok now before I install SP2. Thank you for this wonderfull site you guys and/or gals rock!
Heres my newest log.

Logfile of HijackThis v1.99.1
Scan saved at 5:33:50 PM, on 4/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben Dover\Desktop\hijackthis_199\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mwxlyytwcqgf] C:\WINDOWS\System32\uzeulx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tray.exe] "C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igmpagnt] C:\WINDOWS\System32\igmpagnt.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PlexTools.lnk = C:\Program Files\Plextor\PlexTool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108788657265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - AppInit_DLLs: sx8foymt6u6dim.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#2
Kat

Posted 27 April 2005 - 08:57 PM

Retired

Retired Staff
19,711 posts

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

As soon as you have done this, I will be happy to take a look at your log! :tazz:

#3
lickalot

Posted 30 April 2005 - 08:19 PM

New Member

Topic Starter
Member
6 posts

ok now i have a problem, sp1a installed ok but took forever. now i cant get any applications to start including hijack this, or firefox, or any other basic programs, I was able to get IE to run luckily. i get ALOT of popups and task manager lists pop64 as a running app and that 100% of my memory is being used by gcasDtServ.exe which i believe is a microsoft antispyware file. any ideas? it seems to be very badly infected.

#4
Kat

Posted 30 April 2005 - 09:58 PM

Retired

Retired Staff
19,711 posts

Since you have IE working please go to http://www.howtotell.com (MS website) and click on "Windows Validation Assistant" - Let me know what it tells you after you fill it out! :tazz:

#5
lickalot

Posted 02 May 2005 - 09:25 PM

New Member

Topic Starter
Member
6 posts

ok i was finally able to disable and uninstall microsoft antispyware... what a mess. anyhow the computer is functioning now. heres the new log after installing SP1a. thank you for your time it is enormously appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 8:21:05 PM, on 5/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe
C:\WINDOWS\seeve.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\??mbols\wuaclt.exe
C:\Documents and Settings\Ben Dover\Application Data\otie.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Plextor\PlexTool.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben Dover\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tray.exe] "C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe"
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [dsbkxij] c:\windows\system32\hmlkmf.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igmpagnt] C:\WINDOWS\System32\igmpagnt.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [Araa] C:\Documents and Settings\Ben Dover\Application Data\brta.exe
O4 - HKCU\..\Run: [Siqt] C:\WINDOWS\System32\??mbols\wuaclt.exe
O4 - HKCU\..\Run: [Tecr] C:\Documents and Settings\Ben Dover\Application Data\otie.exe
O4 - HKCU\..\Run: [Tvltbdpq] C:\WINDOWS\System32\??curity\taskmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PlexTools.lnk = C:\Program Files\Plextor\PlexTool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108788657265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

#6
Kat

Posted 03 May 2005 - 02:06 AM

Retired

Retired Staff
19,711 posts

we're going to tackle this in a couple of steps, ok?

Please run Notepad and copy the following text into a new file:

@ECHO OFF
cd\windows
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
exit

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

Next, please reboot your computer in Safe Mode.
Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal.

Open HijackThis
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

There will also be an item towards the bottom of the O4 section in HijackThis (it should be the last O4 item marked "HKLM", and it should be between the entries for O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe and O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl). This item will be marked with "garbage" random characters. However, it seems to be renaming itself so the name will most likely be different by the time you follow these directions. In your previous log it was:

O4 - HKLM\..\Run: [dsbkxij] c:\windows\system32\hmlkmf.exe

Whatever the name of the item is, check it. Then close all open windows except for HijackThis and click Fix Checked.
Then delete the file listed in the random O4 entry. In the above example you would delete
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

Restart your computer

Scan the computer here:
http://www.ewido.net/en/
Let it do a full run, than copy the log. Past it to a blank Notepad file and save it to post here.
Than let it rerun. Save that log too.

Post back here with a fresh log using HijackThis and both of the scan results

#7
lickalot

Posted 03 May 2005 - 07:56 PM

New Member

Topic Starter
Member
6 posts

ok new logs... thank you for your time

Logfile of HijackThis v1.99.1
Scan saved at 6:52:01 PM, on 5/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Spyware [bleep]\security suite\ewidoctrl.exe
C:\Spyware [bleep]\security suite\ewidoguard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe
C:\WINDOWS\seeve.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\??mbols\wuaclt.exe
C:\Documents and Settings\Ben Dover\Application Data\otie.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Plextor\PlexTool.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben Dover\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tray.exe] "C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe"
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igmpagnt] C:\WINDOWS\System32\igmpagnt.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [Araa] C:\Documents and Settings\Ben Dover\Application Data\brta.exe
O4 - HKCU\..\Run: [Siqt] C:\WINDOWS\System32\??mbols\wuaclt.exe
O4 - HKCU\..\Run: [Tecr] C:\Documents and Settings\Ben Dover\Application Data\otie.exe
O4 - HKCU\..\Run: [Tvltbdpq] C:\WINDOWS\System32\??curity\taskmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PlexTools.lnk = C:\Program Files\Plextor\PlexTool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108788657265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Spyware [bleep]\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Spyware [bleep]\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:39:33 PM, 5/3/2005
+ Report-Checksum: 17B166D7

+ Date of database: 5/4/2005
+ Version of scan engine: v3.0

+ Duration: 26 min
+ Scanned Files: 80355
+ Speed: 50.94 Files/Second
+ Infected files: 50
+ Removed files: 48
+ Files put in quarantine: 48
+ Files that could not be opened: 0
+ Files that could not be cleaned: 2

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0022019.dll -> TrojanDownloader.Small.amg -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0022169.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0022171.exe -> Spyware.WebSearch.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0023024.EXE -> Spyware.WebSearch.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0025028.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0025030.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0025032.EXE -> Spyware.DelphinMedia.Viewer.f -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0025033.DLL -> Spyware.DelphinMedia.f -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0025058.exe -> Spyware.WebSearch.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026024.EXE -> Spyware.WebSearch.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026041.exe -> Spyware.WebRebates.a -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026042.exe -> Spyware.TopRebates.a -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026045.DLL -> Spyware.WebSearch.ae -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026059.DLL -> Spyware.Toolbar -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026060.EXE -> Spyware.WebSearch.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026062.dll -> Spyware.EliteBar.z -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026063.dll -> Spyware.EliteBar.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026067.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026068.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026113.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0027157.exe -> Spyware.WebSpecial.a -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP501\A0030300.ocx -> Spyware.DelphinMediaViewer.c -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP501\A0030301.exe -> TrojanDropper.Small.gt -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP501\A0030302.exe -> TrojanDownloader.Agent.am -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031380.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031453.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031653.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031657.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031658.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031659.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031671.EXE -> Spyware.DelphinMedia.Viewer.f -> Cleaned with backup
C:\WINDOWS\SYSTEM32\sg.exe/03kd97fg.exe -> TrojanDropper.Small.gt -> Error during cleaning
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\mm15201518.Stub.exe -> Spyware.EZula.ah -> Cleaned with backup
C:\WINDOWS\__delete_on_reboot__Bolger.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Local Settings\Temporary Internet Files\Content.IE5\2RGTID2R\Bolger[1].dll -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Desktop\hijackthis_199\backups\backup-20050503-170149-795.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@clickagents[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@valueclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Ben Dover\Cookies\ben dover@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@doubleclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP501\A0030299.exe -> TrojanDownloader.Swizzor.au -> Cleaned with backup

::Report End

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:49:55 PM, 5/3/2005
+ Report-Checksum: 8F48D032

+ Date of database: 5/4/2005
+ Version of scan engine: v3.0

+ Duration: 43 min
+ Scanned Files: 80731
+ Speed: 31.29 Files/Second
+ Infected files: 4
+ Removed files: 4
+ Files put in quarantine: 4
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031680.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\SYSTEM32\sg.exe/03kd97fg.exe -> TrojanDropper.Small.gt -> Cleaned with backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

::Report End

#8
Kat

Posted 03 May 2005 - 10:32 PM

Retired

Retired Staff
19,711 posts

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the services called:

System Startup Service

or

SvcProc

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

SvcProc
Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKCU\..\Run: [igmpagnt] C:\WINDOWS\System32\igmpagnt.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [Araa] C:\Documents and Settings\Ben Dover\Application Data\brta.exe
O4 - HKCU\..\Run: [Siqt] C:\WINDOWS\System32\??mbols\wuaclt.exe
O4 - HKCU\..\Run: [Tecr] C:\Documents and Settings\Ben Dover\Application Data\otie.exe
O4 - HKCU\..\Run: [Tvltbdpq] C:\WINDOWS\System32\??curity\taskmgr.exe
O4 - Global Startup: PlexTools.lnk = C:\Program Files\Plextor\PlexTool.exe
O9 - Extra button: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\Nail.exe
C:\WINDOWS\seeve.exe
c:\wp.exe
C:\Documents and Settings\Ben Dover\Application Data\brta.exe
C:\WINDOWS\System32\??mbols\wuaclt.exe
C:\Documents and Settings\Ben Dover\Application Data\otie.exe
C:\WINDOWS\System32\??curity\taskmgr.exe <<Note the ??'s in the file name. ONLY delete the file with the ??'s
C:\Program Files\Plextor\PlexTool.exe

reboot normally and post a fresh HJT log here for review. There may be another step or two to take, but we're getting there! :tazz:

#9
lickalot

Posted 04 May 2005 - 07:57 PM

New Member

Topic Starter
Member
6 posts

ok things are looking up here! i encountered one problem in that i was not able to locate under the windows services any listings for windows startup services or SvcProc. and i did not delete the plextool.exe application as it runs in conjunction with my Plextor cdr/w drive. if it is infected i could uninstall it and reinstall it at a later time. and i was unable to find the directories with the ??? in them is there something i am not informed of here?
ok i am posting my new log thank you for being so patient :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 6:48:23 PM, on 5/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Ben Dover\Desktop\hijackthis_199\HijackThis.exe

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tray.exe] "C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108788657265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#10
Kat

Posted 04 May 2005 - 08:25 PM

Retired

Retired Staff
19,711 posts

How are things running now? That's a clean log! :tazz:

The files sometimes aren't found b/c HJT deletes them. We just ask you to look to be sure. As far as the Plexor, I'm sorry about that. That was a bad copy/paste on my part.

Let me know how things are now!

#11
lickalot

Posted 05 May 2005 - 09:04 PM

New Member

Topic Starter
Member
6 posts

very nice! now i am ready for sp2 i think....
thank you so much for the help!

#12
Kat

Posted 05 May 2005 - 09:22 PM

Retired

Retired Staff
19,711 posts

yes please DO get SP2 installed!

Congratulations! :tazz:

Your log is clean!

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Prevention Programs:

Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.