Geeks To Go preps listed have been followed prior to post. Information results have been posted below. THANK YOU!
Ad Ware: 221,00 modules scanned no critical infections found
CWSShredder: 1 found and removed (vx2.Look2Me)
Spybot1.4: Immunized against 6661 bad products found no problems to fix.
Spybot DSO: 11 problems found and fixed
Abetterinternet 1 entry
AproposMedia 1 entry
CoolWWWsearch 1 entry
Exact Advertising.BarginsBuddy 1 entry
HotsearchBar 1 entry
SexList 1 entry
SpyHunter 1 entry
Web-Nexus 2 entries
Windows Security Center.AntiVirusOverride
Windows Security Center.FirewallOverride
Ewido: Infected objects found - 32
BarginBuddy
BetterInternet
TrojanDropper.Agent.pb
TrojanDownloader.Qoologic.x
TrojanDownloader.Qoologic.n
TrojanDownloader.Qoologic.p
Look2Me
SafeSurfing
HotSearchBar
Hijackthis Log
Logfile of HijackThis v1.99.1
Scan saved at 11:53:05 AM, on 8/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\U3VzYW4A\command.exe
F:\WINDOWS\system32\CTSvcCDA.EXE
F:\Program Files\NavNT\defwatch.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\WINDOWS\system32\cba\pds.exe
F:\Program Files\NavNT\rtvscan.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
F:\WINDOWS\cnevsvc.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\WINDOWS\system32\cba\xfr.exe
F:\WINDOWS\system32\MsgSys.EXE
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\NavNT\vptray.exe
F:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\WINDOWS\fyyaenc.EXE
F:\Program Files\GhostSurf 2005\DeleteSatellite.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\TrojanHunter 4.2\THGuard.exe
F:\Program Files\orsr\mtts.exe
F:\WINDOWS\system32\l?[bleep].exe
F:\Program Files\GhostSurf 2005\Scheduler daemon.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Verizon Online\bin\mpbtn.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\Susan\My Documents\SpywareKill\hijackthis\HijackThis.exe
F:\WINDOWS\SoftwareDistribution\Download\91e37ce47e8587128bd714d9a2d1d8d2\update\update.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {01D34265-D186-FC79-D71C-A81851F390CA} - F:\WINDOWS\system32\jzbsbm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - F:\WINDOWS\system32\jzcccqao.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] F:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MegaPanel] F:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [fyyaenc] F:\WINDOWS\fyyaenc.EXE
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "F:\Program Files\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "F:\Program Files\GhostSurf 2005\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [Microsoft Works Update Detection] F:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Ltor] F:\Program Files\orsr\mtts.exe
O4 - HKCU\..\Run: [Tpfa] F:\WINDOWS\system32\l?[bleep].exe
O4 - HKCU\..\Run: [LoopRfZES] hneecr40.exe
O4 - Startup: Protector.lnk = F:\Program Files\GhostSurf 2005\Protector.exe
O4 - Startup: Scheduler.lnk = F:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Global Startup: GhostSurf proxy.lnk = F:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = F:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Verizon Online Support Center.lnk = F:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Define - F:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - F:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - F:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - F:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - F:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - F:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....TestScanner.ocx
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1097961956704
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.1.../ACNePlayer.cab
O23 - Service: Command Service (cmdService) - Unknown owner - F:\WINDOWS\U3VzYW4A\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - F:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel File Transfer - Intel® Corporation - F:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - F:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows VisFx Components - Unknown owner - F:\WINDOWS\cnevsvc.exe
Ewido Log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:50:00 PM, 8/13/2005
+ Report-Checksum: 4A1E3A3E
+ Scan result:
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1214440339-1677128483-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1214440339-1677128483-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1214440339-1677128483-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\Corey\Local Settings\Temp\Temporary Internet Files\Content.IE5\EBKDUXSZ\Nail[1].exe -> Adware.BetterInternet : Cleaned with backup
F:\Documents and Settings\Corey\Local Settings\Temporary Internet Files\Content.IE5\OP25850X\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
F:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Content.IE5\3JDV314W\Nail[1].exe -> Adware.BetterInternet : Cleaned with backup
F:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Content.IE5\4FQBI8GQ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
F:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Content.IE5\GLQ3OXA7\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
F:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Content.IE5\IXZOTCNM\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
F:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Content.IE5\PD0IN63A\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
F:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Content.IE5\PD0IN63A\recinst[1].exe -> TrojanDownloader.Qoologic.x : Cleaned with backup
F:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Content.IE5\RVM4QBE1\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
F:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Content.IE5\W5IVO52Z\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
F:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Content.IE5\YZI12ZMN\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
F:\WINDOWS\system32\cvrsrv.dll -> Spyware.Look2Me : Cleaned with backup
F:\WINDOWS\system32\dqxooaq.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
F:\WINDOWS\system32\ekrbb.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
F:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
F:\WINDOWS\system32\jzcccqao.dll -> Spyware.SafeSurfing : Cleaned with backup
F:\WINDOWS\system32\kwallsw.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
F:\WINDOWS\system32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup
F:\WINDOWS\system32\nsz73.dll -> Spyware.HotSearchBar : Cleaned with backup
F:\WINDOWS\system32\plqoon.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
F:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
F:\WINDOWS\system32\wygvv.dat -> TrojanDownloader.Qoologic.n : Cleaned with backup
F:\WINDOWS\Temp\labpengs.tmp -> Spyware.SafeSurfing : Cleaned with backup
::Report End