Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan collected.5.l

Started by denB , Oct 03 2005 07:41 PM

  • Please log in to reply

#1
denB
Posted 03 October 2005 - 07:41 PM

denB

    Member

  • Member
  • PipPip
  • 13 posts
I can't get rid of trojan collected.5.l , I am running AVG virus protection, spywareblaster, and frequently use spybotS&D. I have read thru the archives but I am concerned because you always ask for the system printout from HYjackthis. I wasn't sure if you needed the specifics for my comp.
Also, I am infected and can't remove MyLove virus. I don't know if the two are related or not. CAN YOU HELP?
  • 0

Advertisements

#2
wannabe1
Posted 03 October 2005 - 08:09 PM

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
denB...Welcome to G2G!

Don't worry about the printouts and logs, the malware expert who helps you will walk you through all that stuff. If you want a quick look at your system specs, download System Spec and run it. This will list your system specifications.

Please go to the Malware Forum and follow the instructions at the top....Especially the Start Here at the top of the page.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- post a hijackthis log in THAT forum.

wannabe1

Edited by wannabe1, 03 October 2005 - 08:11 PM.

  • 0

#3
denB
Posted 04 October 2005 - 04:33 AM

denB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ok, thanks for everything. I did everything on the list. I still have an infection. Here are the two logs asked for:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:10:06 AM, 10/4/2005
+ Report-Checksum: 5573B730

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1794282150-1262297579-501746260-1003\Software\DNS -> Adware.Shorty : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Hayden\Application Data\Mozilla\Firefox\Profiles\wz8pkacb.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\Cache\E82F8C6Dd01 -> Trojan.Pakes : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Kaitlyn\Application Data\Mozilla\Firefox\Profiles\7d548zaa.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Kaitlyn\Start Menu\Programs\WhenU -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\Kaitlyn\Start Menu\Programs\WhenU\Learn More About Save!.url -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\Kaitlyn\Start Menu\Programs\WhenU\Learn More About SaveNow.url -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\Kaitlyn\Start Menu\Programs\WhenU\WhenU.com Website.url -> Spyware.SaveNow : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\InetGet\Adperform180safull.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\My Love\v1r3 -> Backdoor.IRC.Mox.a : Cleaned with backup
C:\Program Files\My Love\x -> Worm.Randon.aa : Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Spyware.Comet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\lock1.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\rk.bin -> Spyware.RK : Cleaned with backup
C:\WINDOWS\system32\rlls.dll -> Spyware.RK : Cleaned with backup
C:\WINDOWS\system32\rlvknlg.exe -> Spyware.RK : Cleaned with backup


::Report End


HERE'S THE HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 6:24:20 AM, on 10/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Free Downloads Accelerator\0.999\fdaagent.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\trojanfix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.ne...48000000&N=&O=A
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP07618 Class - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\0.999\fdahlp.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Program Files\Free Downloads Accelerator\0.999\fdabar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SECRETSERVICE] C:\Program Files\My Love\c4nn0t.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-62-602-0000156.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\0.999\fdaie.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:&
  • 0

#4
denB
Posted 04 October 2005 - 12:15 PM

denB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
My original post was in XP forum & it was moved here. Is it still being worked on? I am only asking, I know you guys are pretty busy. Thanks for all the help. You are definitely a stress reliever! :tazz:
  • 0

#5
Armodeluxe
Posted 10 October 2005 - 08:40 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi DenB,

You have a lot of adware there, not to mention that AIM virus..

Please print or save these instructions on notepad for use in safe mode.

Update Ewido for latest definitions.

Open HijackThis and click Scan. Put a check next to these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.ne...48000000&N=&O=A
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: XBTP07618 Class - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SECRETSERVICE] C:\Program Files\My Love\c4nn0t.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-62-602-0000156.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll


Close all other windows except HijackThis and click Fix Checked.

Next, boot into safe mode by tapping the F8 key just before Windows starts to load.

Go to Control Panel Add/Remove Programs and uninstall these if found:

NZSearch
Freeprod Toolbar
DNS
Updates from HP

Then delete these files and folders if found:

C:\Program Files\NZSearch
C:\Program Files\DNS
C:\Program Files\Freeprod Toolbar
C:\Program Files\My Love
C:\Program Files\Common Files\Windows
C:\Program Files\Updates from HP
C:\Program Files\Common Files\mc-62-602-0000156.exe
C:\Windows\ALCXMNTR.EXE

Next, go to Start>Run and type: cleanmgr

This will bring up the Disk Cleanup utility. Run it after putting a check next to these:

Temporary Files
Temporary Internet Files
Recycle Bin

While in safe mode, make one more scan with Ewido and save the log.

Reboot to normal mode and go here to make an online scan and save the results:

http://www.pandasoft.../activescan.htm

Then post a new HijackThis log, Ewido log and Activescan results.
  • 0

#6
Armodeluxe
Posted 11 October 2005 - 06:12 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi denB,

If you haven't acted on this yet, could you please do this for me:

Please download Suspicious file Packer from Safer-Networking.Org and unzip it to your desktop.

Run SFP.exe.

Please copy the following line:

C:\Program Files\My Love

and paste it in the box in SFP, then click "Continue".
Please email the created .cab file to miekiemoesATmalware-research.co.uk (AT=@) (I know that SFP says to mail to a spybot.info address, but ignore that) and please state whether that folder is visible in normal mode (please check if it is), including a link to this thread in the body of the email.
  • 0

#7
denB
Posted 12 October 2005 - 05:36 AM

denB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have completed everything on your task list. I tried to log on last night but couldn't get thru so I emailed myself here at work the log files that you requested. I did something wrong and only received the HiJackthis file.
So, here it is.

Logfile of HijackThis v1.99.1
Scan saved at 10:05:38 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Free Downloads Accelerator\0.999\fdaagent.exe
C:\trojanfix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\0.999\fdahlp.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Program Files\Free Downloads Accelerator\0.999\fdabar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\0.999\fdaie.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

I will download this additional program when I get home today. I can post a new hijackthis and ewido scan log also. The activescan online scan found nothing.
When I tried to uninstall the freeprod toolbar it wouldn't let me. I'm not sure what to do with that....
Again, thanks for your help.
  • 0

#8
Armodeluxe
Posted 12 October 2005 - 07:39 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Panda not finding anything is good news :tazz:

There's one remaining entry, let's fix it..

Open HijackThis and click Scan. Put a check next to this:

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w

Also if you didn't put any restrictions on Control Panel via Spybot or another application, put a check next to this also. If you did, leave it alone:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Close all other windows except HijackThis and click Fix Checked.

Next,
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the entry you wish to delete-Freeprod Toolbar
  • Click on Delete this entry
  • Click "Yes"
See if it's gone from the control panel. After that delete the folder C:\Program Files\Freeprod Toolbar

Reboot and post a new HijackThis log along with the Ewido log you didn't post. How is the computer running, any problems?
  • 0

#9
denB
Posted 13 October 2005 - 04:20 AM

denB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hey ArmoDeluxe!
How's it going? It is going real good here. I performed all the tasks. Here are the logs. Since we began this process I have let the kids on the computer to do school stuff only and guess what? When they go online with IE or Mozzila Firefox there are about 20 different spyware bots that get onto my computer. Is it because I have the options for both not set right? Or will this stop happening now that it looks like all the virus and junk are off my computer now?

NOW I AM TICKED! Right after I sent this I decided to run Adaware SE and Low and behold while it was running my AVG antivirus tells me that the original TROJAN collected is detected and also some backdoor trojan!!!!! What is going on? So I cam back and edited this post. Is Adaware working properly?
HHHHHHHEEEEEEELLLLLLLLLPPPPPPPPPP!!!!!!!!!!!! ( LOL ) :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 12:08:40 AM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Free Downloads Accelerator\0.999\fdaagent.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\trojanfix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\0.999\fdahlp.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Program Files\Free Downloads Accelerator\0.999\fdabar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\0.999\fdaie.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:58:15 AM, 10/13/2005
+ Report-Checksum: CC93E06

+ Scan result:

No infected objects found.


::Report End

Edited by denB, 13 October 2005 - 06:37 AM.

  • 0

#10
Armodeluxe
Posted 13 October 2005 - 07:53 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi denB,

When they go online with IE or Mozzila Firefox there are about 20 different spyware bots that get onto my computer. Is it because I have the options for both not set right? Or will this stop happening now that it looks like all the virus and junk are off my computer now?


I guess when you say bots you mean cookies? Cookies will be installed on your computer every time you visit pages on the internet. Some of them are good cookies and some are spyware. Not all, but most spyware cookies are third party cookies, mostly placed by the advertisers on a page you visit. You can do this:

In Firefox go to Tools > Options > Privacy > Cookies

Click the small triangle next to cookies to expand that tab and put a check next to "for the originating website only". This will prevent third party cookies from being installed on your computer.

In IE go to Tools > Internet Options > Privacy and click on Advanced in the Privacy tab

Now put a check next to "Override automatic cookie handling"

Set first party cookies to Accept and third party cookies to Block

Also put a check to "Always allow session cookies" OK your way out.

A program that you will find below in my prevention speech, Spywareblaster also prevents the installation of most known spyware cookies and it supports Firefox too. :tazz:

NOW I AM TICKED! Right after I sent this I decided to run Adaware SE and Low and behold while it was running my AVG antivirus tells me that the original TROJAN collected is detected and also some backdoor trojan!!!!! What is going on? So I cam back and edited this post. Is Adaware working properly?


When Adaware makes a scan it is configured to scan within archives. While it was scanning most probably the backups folder of Ewido or Trojanhunter those archives were opened and I guess AVG made the detections from there. To make sure, delete everything from Ewido and Trojanhunter backups and then make a new Adaware scan. See if any more detection will be made..To double check, you can also make a new Panda scan and see if it finds anything..

Please take the following into consideration to maintain a clean computer.

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Sygate

I'll also recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.

Winpatrol

Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#11
denB
Posted 18 October 2005 - 10:34 AM

denB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ArmoDeluxe,
When I was scanning it was finding spyware not cookies. But I did change my settings as you suggested. I deleted the backup files and rescanned, everything looked good. The virus is GONE!!!! :tazz: . The only thing now is whenever my daugher goes online I keep finding spyware. She has a MYSPACE account. It has to be coming from there. Even with all the protection now in place I still get infected. They do get removed when I scan. I guess I just have to scan once or twice a week.
Anyway, thanks for all your help, you guys are good. Hey I was reading thru some of your articles, just how does one become one of the geekstogo fixeruppers?
  • 0

#12
Armodeluxe
Posted 18 October 2005 - 07:41 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi denB,

Looks like that Myspace is a real magnet for spyware. If you enter myspace,spyware as a search into Google you'll find a ton of entries. See this as one of them, which mentions New York State took the parent company of Myspace to court for secretly installing spyware on users' computers:

http://blog.myspace....blogID=37094680

It looks like the site is very popular, especially among teens, and recently Rupert Murdoch bought it. If she insists on going there, have her to stick to Firefox only. Then again, she should scan anything she downloads before clicking on it..tell her to scan with both antivirus and Ewido..

You're very welcome to join us if you like..just follow the instructions in this thread, it's free to join and it's a fact that we are understaffed..so anyone willing to join is welcome..

http://www.geekstogo...?showtopic=4817

Hope to see you soon in Geek University :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP