Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

aurora popups hijack log included [RESOLVED]

Started by Gwenny3 , Jun 05 2005 01:48 PM

This topic is locked

#1
Gwenny3

Posted 05 June 2005 - 01:48 PM

New Member

Member
4 posts

Logfile of HijackThis v1.99.1
Scan saved at 2:47:18 PM, on 6/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\windows\system32\cyyndq.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mchsi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [ATTRedUpate] C:\Program Files\Common Files\Mediacom\MigCfg\Programs\AutoUpdate.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [vwhkun] c:\windows\system32\cyyndq.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - (no file) (HKCU)
O9 - Extra button: (no name) - {4DA9874E-FDA9-4D75-A57B-189F8EC5D0B1} - (no file) (HKCU)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.1...everContent.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...stall/AxCtp.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc....ader/isetup.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak01.picture...ver.1.0.2.5.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.hiltonwai...bcam/camera.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra....svh/svideo3.cab
O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai....com/brxpdf5.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#2
therock247uk

Posted 05 June 2005 - 02:17 PM

Expert

Expert
14,672 posts

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3
Gwenny3

Posted 05 June 2005 - 06:00 PM

New Member

Topic Starter
Member
4 posts

Thanks so much for your quick response. I think I followed everything correctly; I didn't 'clean' while the ewido scan was running, I wasn't sure if I was supposed to. Thanks again. Gwen

Here is the ewido scan ran while in safe mode:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:48:30 PM, 6/5/2005
+ Report-Checksum: 24ACD6FF

+ Date of database: 6/5/2005
+ Version of scan engine: v3.0

+ Duration: 153 min
+ Scanned Files: 121784
+ Speed: 13.23 Files/Second
+ Infected files: 269
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\OFR\aurareco.exe -> Spyware.BetterInternet -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\WKY\aurareco.exe -> Spyware.BetterInternet -> Ignored
C:\RECYCLER\NPROTECT\00124005.exe -> TrojanDownloader.Dyfuca.dx -> Ignored
C:\RECYCLER\NPROTECT\00124008.exe -> Spyware.180solutions -> Ignored
C:\RECYCLER\NPROTECT\00124009.dll -> TrojanDownloader.Dyfuca -> Ignored
C:\RECYCLER\NPROTECT\00124010.vxd -> Spyware.MediaPass -> Ignored
C:\RECYCLER\NPROTECT\00124022.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00124059.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00124081.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00124114.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00124148.exe -> Spyware.BetterInternet.f -> Ignored
C:\RECYCLER\NPROTECT\00124247.DLL -> Trojan.Agent.db -> Ignored
C:\RECYCLER\NPROTECT\00125903.exe -> Trojan.Imiserv.c -> Ignored
C:\RECYCLER\NPROTECT\00126256.EXE -> Spyware.BetterInternet -> Ignored
C:\RECYCLER\NPROTECT\00127813.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00127814.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00127815.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00127947.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00127991.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128167.EXE -> Spyware.NewDotNet -> Ignored
C:\RECYCLER\NPROTECT\00128190.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128201.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128204.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128329.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128336.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128339.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128341.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128343.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128347.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128350.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128352.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128354.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128358.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128366.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128413.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128431.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128435.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128437.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128440.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128446.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128450.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128451.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128453.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128486.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128504.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128514.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128520.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128678.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128682.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128686.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128689.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128693.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128695.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128697.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128699.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128702.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128703.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128707.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128708.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128711.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128712.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128718.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128736.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128737.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128744.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128751.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128755.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128758.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128767.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128770.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128773.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128777.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128801.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128807.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128810.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128813.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128818.exe -> Trojan.Agent.cp -> Ignored
C:\RECYCLER\NPROTECT\00128823.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1123\A0100251.exe -> Spyware.Exact -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1123\A0100252.exe -> Spyware.Exact -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1123\A0100253.exe -> Spyware.Exact -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1123\A0100254.srg -> Spyware.Exact -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1125\A0100322.exe -> TrojanDownloader.Dyfuca.dx -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1125\A0100326.exe -> Spyware.BargainBuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1129\A0100541.EXE -> TrojanDownloader.Dyfuca.dx -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1129\A0100573.EXE -> Spyware.BargainBuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1129\A0100592.DLL -> Spyware.SAHA -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1141\A0101170.exe -> Spyware.Apropos -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1141\A0101171.dll -> Spyware.Apropos.e -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1141\A0101186.exe -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1149\A0101484.exe -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1150\A0101556.DLL -> Spyware.Apropos -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1150\A0101558.DLL -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1150\A0101559.EXE -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1151\A0101621.exe -> TrojanDownloader.Apropo.r -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1153\A0101733.EXE -> Spyware.Apropos -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1155\A0101829.EXE -> Spyware.Apropos -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1155\A0101838.dll -> Spyware.Apropos.e -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1155\A0101839.DLL -> Spyware.Apropos -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1155\A0101841.DLL -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1155\A0101842.EXE -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1156\A0101858.exe -> Spyware.Apropos.i -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1157\A0101988.EXE -> Spyware.Apropos -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1157\A0101990.dll -> TrojanDownloader.Apropo.w -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1157\A0101993.DLL -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1160\A0102082.exe -> TrojanDownloader.Apropo.r -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1162\A0102129.exe -> TrojanDownloader.Apropo.r -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1165\A0102240.exe -> Spyware.Apropos.i -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1165\A0102242.exe -> Spyware.Apropos.i -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1166\A0102330.exe -> TrojanDownloader.Apropo.r -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1166\A0102333.EXE -> Spyware.Apropos -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1166\A0102351.dll -> TrojanDownloader.Apropo.w -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1166\A0102354.DLL -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1166\A0102374.exe -> Spyware.Apropos.i -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1167\A0102696.EXE -> Spyware.Apropos -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1167\A0102698.dll -> TrojanDownloader.Apropo.w -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1167\A0102701.DLL -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1167\A0102985.EXE -> Spyware.Apropos -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1167\A0102993.dll -> TrojanDownloader.Apropo.w -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1167\A0102996.DLL -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1167\A0103040.exe -> Spyware.Apropos -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1167\A0103041.dll -> TrojanDownloader.Apropo.w -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1168\A0103094.exe -> TrojanDownloader.Apropo.r -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1168\A0103095.exe -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1171\A0103132.exe -> Spyware.Apropos.i -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1172\A0103213.DLL -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103408.exe -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103409.scr -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103410.exe -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103411.exe -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103412.exe -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103413.exe -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103414.scr -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103415.exe -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103416.exe -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103417.scr -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103418.exe -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103419.exe -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1173\A0103420.exe -> Worm.SpyBot -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1175\A0104423.exe -> Spyware.Apropos.i -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104455.VXD -> Spyware.MediaPass -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104508.vxd -> Spyware.MediaPass -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104516.VXD/C:/WINDOWS/system32/exdl.exe -> Spyware.Exact -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104516.VXD/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.Exact -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104516.VXD/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy.q -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104516.VXD/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy.q -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104516.VXD/C:/WINDOWS/system32/bbchk.exe -> Spyware.Bargainbuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104516.VXD/C:/WINDOWS/system32/msexreg.exe -> Spyware.Bargainbuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104516.VXD/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104516.VXD/C:/WINDOWS/system32/exclean.exe -> Spyware.BargainBuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104522.dll -> TrojanDownloader.Apropo.w -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104523.exe -> TrojanDownloader.Apropo.r -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1176\A0104527.DLL -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1189\A0106288.exe -> Spyware.Apropos.i -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1191\A0106567.dll -> TrojanDownloader.Apropo.w -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1191\A0106569.exe -> TrojanDownloader.Apropo.r -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1191\A0106573.DLL -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1191\A0106574.EXE -> Spyware.Apropos -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1195\A0106757.dll -> TrojanDownloader.Apropo.w -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1195\A0106758.exe -> TrojanDownloader.Apropo.r -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1195\A0106762.DLL -> Spyware.Apropos.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1199\A0108389.exe -> Spyware.WinAD.k -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1217\A0109131.dll -> Spyware.BargainBuddy.n -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1217\A0109170.exe -> Spyware.WebSearch.aj -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1217\A0109171.exe -> Spyware.Wintol.y -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1217\A0109183.exe -> Trojan.Stervis.c -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1217\A0109185.exe -> Trojan.Nail -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1218\A0109207.exe -> TrojanDownloader.Intexp.c -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1218\A0109295.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1218\A0109296.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1218\A0109297.exe -> Spyware.WebSearch.aj -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1218\A0109299.exe -> Spyware.Wintol.y -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1218\A0109340.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1218\A0109349.exe -> Spyware.WebSearch.aj -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1218\A0109350.exe -> Spyware.Wintol.y -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1218\A0109386.exe -> Trojan.Stervis.c -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1218\A0109387.exe -> Trojan.Nail -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109389.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109397.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109400.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109401.dll -> Spyware.BargainBuddy.n -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109402.exe -> Spyware.BargainBuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109420.dll -> Spyware.BargainBuddy.i -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109424.exe -> Spyware.CashBack.b -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109425.exe -> Spyware.CashBack.d -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109428.exe -> Spyware.Bargainbuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109429.exe -> Spyware.BargainBuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109430.exe -> Spyware.BargainBuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109442.vxd -> Spyware.MediaPass -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109467.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109468.exe -> Trojan.Stervis.c -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1219\A0109469.exe -> Trojan.Nail -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1220\A0109479.exe -> TrojanDownloader.Intexp.c -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1220\A0109482.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109491.dll -> Spyware.BargainBuddy.i -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109492.exe -> TrojanDownloader.Dyfuca.dx -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109519.exe -> Spyware.BargainBuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109521.exe -> Spyware.CashBack.b -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109522.exe -> Spyware.CashBack.d -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109523.exe -> Spyware.Bargainbuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109524.exe -> Spyware.BargainBuddy -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109525.exe -> TrojanDownloader.Adload.a -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109527.vxd -> Spyware.MediaPass -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109528.EXE -> Spyware.WinAD.am -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109529.exe -> TrojanDownloader.Dyfuca.dx -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109530.exe -> Trojan.Stervis.c -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109531.exe -> Trojan.Nail -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109532.dll -> Spyware.180Solutions -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109549.DLL -> Spyware.WinAD -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109562.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109571.DLL -> Spyware.BargainBuddy.n -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109629.exe -> Spyware.Wintol.y -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109714.exe -> Spyware.Wintol.y -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109723.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109724.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109725.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109726.exe -> Spyware.BetterInternet.f -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109852.exe -> Spyware.WebSearch.aj -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109854.dll -> Spyware.WebSearch.aj -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109855.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109962.exe -> Spyware.Wintol.y -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109964.exe -> Spyware.Wintol.y -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109965.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109967.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1221\A0109970.exe -> Spyware.WebSearch.aj -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1222\A0110059.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1223\A0110074.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1223\A0110136.exe -> Trojan.Stervis.c -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1223\A0110137.exe -> Trojan.Nail -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1223\A0110162.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1224\A0110165.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110166.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110169.dll -> Spyware.NewDotNet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110178.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110179.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110181.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110212.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110213.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110219.exe -> Spyware.WebSearch.aj -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110229.dll -> Spyware.WebSearch.aj -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110230.exe -> Spyware.Wintol.y -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110242.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110243.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110244.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110246.exe -> Trojan.Imiserv.c -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110247.DLL -> Trojan.Agent.db -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110253.exe -> Trojan.Stervis.c -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1225\A0110254.exe -> Trojan.Nail -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1226\A0110259.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1226\A0110262.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1226\A0110263.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1226\A0110286.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1226\A0110298.exe -> Trojan.Agent.cp -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1226\A0110323.exe -> Trojan.Nail -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1226\A0110324.exe -> Trojan.Stervis.c -> Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1226\A0110325.dll -> Trojan.Agent.db -> Ignored
C:\WINDOWS\Downloaded Program Files\actsetup.dll -> Trojan.Small.i -> Ignored
C:\WINDOWS\Downloaded Program Files\MediaAccX.dll -> Spyware.WinAD -> Ignored
C:\WINDOWS\Downloaded Program Files\QDow_AS2.dll -> TrojanDownloader.QDown.s -> Ignored
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet -> Ignored
C:\WINDOWS\SYSTEM32\giegbg.exe -> Trojan.Agent.cp -> Ignored
C:\WINDOWS\SYSTEM32\mseggo.gif -> TrojanSpy.Delf.dx -> Ignored
C:\WINDOWS\SYSTEM32\msxct.exe -> Spyware.BargainBuddy -> Ignored
C:\WINDOWS\SYSTEM32\ojmkxjw.exe -> Trojan.Agent.cp -> Ignored
C:\WINDOWS\SYSTEM32\webwseui.exe -> Spyware.Apropos.i -> Ignored
C:\WINDOWS\ukkdmgimim.exe -> Spyware.BetterInternet -> Ignored
C:\WINDOWS\wfakivk.exe -> Spyware.BetterInternet.c -> Ignored
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent.b -> Ignored

::Report End

Here is the hijack this scan ran after restarting:
Logfile of HijackThis v1.99.1
Scan saved at 6:56:11 PM, on 6/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mchsi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [ATTRedUpate] C:\Program Files\Common Files\Mediacom\MigCfg\Programs\AutoUpdate.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - (no file) (HKCU)
O9 - Extra button: (no name) - {4DA9874E-FDA9-4D75-A57B-189F8EC5D0B1} - (no file) (HKCU)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.1...everContent.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...stall/AxCtp.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc....ader/isetup.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak01.picture...ver.1.0.2.5.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.hiltonwai...bcam/camera.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra....svh/svideo3.cab
O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai....com/brxpdf5.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4
therock247uk

Posted 05 June 2005 - 06:10 PM

Expert

Expert
14,672 posts

You should of asked Ewido to clean

1. Go to Start > Settings > Add/Remove and uninstall the following.

Viewpoint Manager

2. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab

3. Then post a new Hijackthis log here in a reply.

#5
Gwenny3

Posted 05 June 2005 - 08:03 PM

New Member

Topic Starter
Member
4 posts

here's the new hijackthis log. I assume I should redo the ewido thing in safe mode and clean this time? thanks again for your help. Gwen

Logfile of HijackThis v1.99.1
Scan saved at 9:02:46 PM, on 6/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mchsi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [ATTRedUpate] C:\Program Files\Common Files\Mediacom\MigCfg\Programs\AutoUpdate.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - (no file) (HKCU)
O9 - Extra button: (no name) - {4DA9874E-FDA9-4D75-A57B-189F8EC5D0B1} - (no file) (HKCU)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.1...everContent.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...stall/AxCtp.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc....ader/isetup.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak01.picture...ver.1.0.2.5.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.hiltonwai...bcam/camera.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra....svh/svideo3.cab
O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai....com/brxpdf5.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#6
therock247uk

Posted 06 June 2005 - 07:15 AM

Expert

Expert
14,672 posts

1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab

2. Then post a new Hijackthis log here in a reply. I would also do an Ewido scan in safemode and clean just to get rid of left overs from the malware you had.

#7
Gwenny3

Posted 07 June 2005 - 05:21 AM

New Member

Topic Starter
Member
4 posts

here's the new HJT log. I'll do the ewido thing this weekend when I have more time. Thanks again for all of your help.

Logfile of HijackThis v1.99.1
Scan saved at 6:21:51 AM, on 6/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mchsi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [ATTRedUpate] C:\Program Files\Common Files\Mediacom\MigCfg\Programs\AutoUpdate.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - (no file) (HKCU)
O9 - Extra button: (no name) - {4DA9874E-FDA9-4D75-A57B-189F8EC5D0B1} - (no file) (HKCU)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.1...everContent.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...stall/AxCtp.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc....ader/isetup.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak01.picture...ver.1.0.2.5.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.hiltonwai...bcam/camera.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra....svh/svideo3.cab
O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai....com/brxpdf5.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#8
therock247uk

Posted 07 June 2005 - 06:16 AM

Expert

Expert
14,672 posts

Your log is clean :tazz:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Credit to PGPhantom for canned speech.

#9
therock247uk

Posted 25 June 2005 - 07:11 PM

Expert

Expert
14,672 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.