Edited by Matt @1230, 20 August 2005 - 09:20 AM.
Computer gets slower and slower [CLOSED]
Started by
Matt @1230
, Aug 17 2005 02:54 PM
#1
Posted 17 August 2005 - 02:54 PM
#2
Posted 17 August 2005 - 03:40 PM
Hi Matt @1230 and welcome to Geeks to Go
Please go to this link and do as instructed.
http://www.geekstogo...?showtopic=2852
After that please post a hijack log for me to see.
Please go to this link and do as instructed.
http://www.geekstogo...?showtopic=2852
After that please post a hijack log for me to see.
#3
Posted 20 August 2005 - 09:18 AM
here it is
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
A:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [43mR34l] dsqip32.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [L055RQJpl] ds1ntcls.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105994133874
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
A:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [43mR34l] dsqip32.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [L055RQJpl] ds1ntcls.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105994133874
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
#4
Posted 20 August 2005 - 02:04 PM
Hi Matt
You missed a very important portion if the log, can you rescan and send again please.
You missed a very important portion if the log, can you rescan and send again please.
#5
Posted 20 August 2005 - 06:10 PM
here it is
Logfile of HijackThis v1.99.1
Scan saved at 11:11:54 AM, on 8/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
A:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [43mR34l] dsqip32.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [L055RQJpl] ds1ntcls.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105994133874
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:11:54 AM, on 8/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
A:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [43mR34l] dsqip32.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [L055RQJpl] ds1ntcls.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105994133874
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
#6
Posted 20 August 2005 - 08:10 PM
Thank's Matt for the update
This is what comes next please.
Please download ewido security suite it is a free version of the program.
ewido manual updates
Once the updates are installed do the following:
Once this is done please send the ewido results and a new hijack log please.
This is what comes next please.
Please download ewido security suite it is a free version of the program.
- Install ewido security suite
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Launch ewido, there should be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
ewido manual updates
Once the updates are installed do the following:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
Once this is done please send the ewido results and a new hijack log please.
#7
Posted 21 August 2005 - 02:06 PM
my computer is still very slow
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 3:58:17 PM, 8/21/2005
+ Report-Checksum: 3E6F9141
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client\Cookies -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client\Cookies\Data -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client\Cookies\Data\net -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client\Cookies\Data\net\contextplus -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client\Cookies\Data\net\contextplus\adchannel.contextplus.net/services/AdChannelServer -> Spyware.AproposMedia : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Counted : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Xhit : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\AutoUpdate0\auto_update_uninstall.exe -> Spyware.AproposMedia : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\down.cab/WToolsB.dll -> Spyware.Wintol : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\down.cab/WToolsA.exe -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5INW9MB\bridge-c8[1].cab/MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019411.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019412.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019413.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019415.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019417.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019418.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019420.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019421.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019422.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP219\A0051011.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP219\A0051012.exe -> Spyware.MediaPass : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP219\A0051013.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\SYSTEM32\exdl1.exe -> Spyware.BargainBuddy : Cleaned with backup
::Report End
and
Logfile of HijackThis v1.99.1
Scan saved at 4:05:56 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5INW9MB\HijackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [43mR34l] dsqip32.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [L055RQJpl] ds1ntcls.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105994133874
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 3:58:17 PM, 8/21/2005
+ Report-Checksum: 3E6F9141
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client\Cookies -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client\Cookies\Data -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client\Cookies\Data\net -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client\Cookies\Data\net\contextplus -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-45758197-1180395095-3134616843-1003\Software\Apropos\Client\Cookies\Data\net\contextplus\adchannel.contextplus.net/services/AdChannelServer -> Spyware.AproposMedia : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Counted : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Xhit : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\AutoUpdate0\auto_update_uninstall.exe -> Spyware.AproposMedia : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\down.cab/WToolsB.dll -> Spyware.Wintol : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\down.cab/WToolsA.exe -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5INW9MB\bridge-c8[1].cab/MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019410.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019411.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019412.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019413.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019415.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019417.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019418.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019420.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019421.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP154\A0019422.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP219\A0051011.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP219\A0051012.exe -> Spyware.MediaPass : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP219\A0051013.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\SYSTEM32\exdl1.exe -> Spyware.BargainBuddy : Cleaned with backup
::Report End
and
Logfile of HijackThis v1.99.1
Scan saved at 4:05:56 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5INW9MB\HijackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [43mR34l] dsqip32.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [L055RQJpl] ds1ntcls.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105994133874
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
#8
Posted 22 August 2005 - 08:30 PM
Hi Matt
We have'nt done alot just yet so thats why things don't seem to be progressing. So with that comes the next step.
Firstly we have to move that hijack log into a safer location, so we do that first.
Double-click on the zip file containing the HijackThis.exe file. Select the HijackThis.exe, and hit the combination “Ctrl + C”.
Minimize the zipfolder, and go to My Computer. Double-click on C:/, then double-click on Program Files.
In the menu bar you’ll find “File”. Click it, then choose “New”, and then “Folder”.
Call this folder HijackThis. Double-click to open this – new – folder.
Now use the combination “Ctrl + V” to paste the HijackThis.exe into this folder. Now close all other windows, and double-click on the HijackThis.exe in the folder you’ve just created.
Ok now thats done, this step comes next.
Step 1:
Download the eScan Antivirus Toolkit Here. Save it to the Desktop, it is roughly 10MB in size.
Before running the program we need to update the signature files first in Step 2.
Step 2:
Updating the eScan Antivirus Toolkit with the latest files:
1.) Double-click on the mwav.exe file saved to the Desktop; it will extract the program files to a new folder called Kaspersky at the root of the C:\drive. (C:\Kaspersky.)
2.) Double-click on My Computer, double-click on the Hard Drive (usually the C:\drive), find and double-click on the Kaspersky folder; inside the Kaspersky folder, find and double-click on the kavupd.exe file. Double-clicking on the kavupd.exe file opens the Windows command prompt (DOS screen) and updates the program with all the latest signature files.
3.) After the update is complete, the bottom of the command prompt will read "Press any key to continue", click any key to close the screen.
Please do not run a scan with the eScan Antivirus Toolkit utility yet.
Step 3:
Please reboot into Safe Mode. Detailed instructions on how to boot into Safe Mode Here.
Step 4:
From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:
1.) To run the eScan Antivirus Toolkit program, look for a file called mwavscan.com inside the C:\Kaspersky folder.
2.) Double-click on the mwavscan.com file; this will open the eScan program.
3.) With the eScan interface on your Desktop, make sure that these boxes under Scan Option are checked : Memory, Registry, Startup Folders, System Folders, Services.
4.) Check the Drive box, this will give you access to the other Drive box (radio button) below it, check this second Drive box as well, now a large window across from the second Drive box appears. In this window use the drop-down arrow and choose the drive letter of your hard drive, usually C:\.
5.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.
6.) Click the Scan Clean button and let the utility run until it completes a thorough scan of your hard drive. When the scan has finished it will read Scan Completed. Do not Exit the tool just yet.
7.) Open a new NotePad file (click on "Start" >> "All Programs" >>"Accessories" >> "NotePad"), then Copy/Paste the content of the Virus Log Information window into that file, and save it. eScan also creates a full log inside the C:\Kaspersky folder (named mwav.log), but it is huge and cannot be posted on a forum. Please post the content of the log you have saved (into NotePad) in your next reply, once all steps are completed.
Reboot your computer into normal Windows.
We have'nt done alot just yet so thats why things don't seem to be progressing. So with that comes the next step.
Firstly we have to move that hijack log into a safer location, so we do that first.
Double-click on the zip file containing the HijackThis.exe file. Select the HijackThis.exe, and hit the combination “Ctrl + C”.
Minimize the zipfolder, and go to My Computer. Double-click on C:/, then double-click on Program Files.
In the menu bar you’ll find “File”. Click it, then choose “New”, and then “Folder”.
Call this folder HijackThis. Double-click to open this – new – folder.
Now use the combination “Ctrl + V” to paste the HijackThis.exe into this folder. Now close all other windows, and double-click on the HijackThis.exe in the folder you’ve just created.
Ok now thats done, this step comes next.
Step 1:
Download the eScan Antivirus Toolkit Here. Save it to the Desktop, it is roughly 10MB in size.
Before running the program we need to update the signature files first in Step 2.
Step 2:
Updating the eScan Antivirus Toolkit with the latest files:
1.) Double-click on the mwav.exe file saved to the Desktop; it will extract the program files to a new folder called Kaspersky at the root of the C:\drive. (C:\Kaspersky.)
2.) Double-click on My Computer, double-click on the Hard Drive (usually the C:\drive), find and double-click on the Kaspersky folder; inside the Kaspersky folder, find and double-click on the kavupd.exe file. Double-clicking on the kavupd.exe file opens the Windows command prompt (DOS screen) and updates the program with all the latest signature files.
3.) After the update is complete, the bottom of the command prompt will read "Press any key to continue", click any key to close the screen.
Please do not run a scan with the eScan Antivirus Toolkit utility yet.
Step 3:
Please reboot into Safe Mode. Detailed instructions on how to boot into Safe Mode Here.
Step 4:
From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:
1.) To run the eScan Antivirus Toolkit program, look for a file called mwavscan.com inside the C:\Kaspersky folder.
2.) Double-click on the mwavscan.com file; this will open the eScan program.
3.) With the eScan interface on your Desktop, make sure that these boxes under Scan Option are checked : Memory, Registry, Startup Folders, System Folders, Services.
4.) Check the Drive box, this will give you access to the other Drive box (radio button) below it, check this second Drive box as well, now a large window across from the second Drive box appears. In this window use the drop-down arrow and choose the drive letter of your hard drive, usually C:\.
5.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.
6.) Click the Scan Clean button and let the utility run until it completes a thorough scan of your hard drive. When the scan has finished it will read Scan Completed. Do not Exit the tool just yet.
7.) Open a new NotePad file (click on "Start" >> "All Programs" >>"Accessories" >> "NotePad"), then Copy/Paste the content of the Virus Log Information window into that file, and save it. eScan also creates a full log inside the C:\Kaspersky folder (named mwav.log), but it is huge and cannot be posted on a forum. Please post the content of the log you have saved (into NotePad) in your next reply, once all steps are completed.
Reboot your computer into normal Windows.
#9
Posted 29 August 2005 - 06:18 AM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users