Problem started with pop-up ads in early Sep 2005, particularly when in IE. Winfixer 2005 was almost always one of the pop-up ads! Based on Kim Komando info, downloaded and replaced my HOSTS file. It stopped almost all pop-ups, but then would get 50-60 notices w/i 10 seconds, all saying could not access websites (is this result of HOSTS file change)?
On 14 Oct got Symantic AntiVirus Notification of Trojan.Vundo from Realtime Protection Scan. I tried to delete the notification but it continued to provide more notifications about every 2 seconds. I shutdown my PC and disabled connection to internet while researching (problem since my phone system is VOIP and also shuts down when disable internet connection). After researching your site using friend's PC, spent 10 hours last nite doing all the downloads and scans and tests per your website for suspected malware.
Results:
1. No problem connecting to internet other than getting very slow (did NOT run WinsockXPFix;
2. Ran Clean manager;
3. downloaded new version of Ad-aware SE (uninstalled old version) - no problems identified;
4. downloaded and ran CWShredder - no problems identified;
5. checked Rogue/Suspect lists - no problems identified;
6. downloaded and ran Ewido Scty Suite - found and cleaned 10 items: 6 Spyware.Mini-bug, 1 Spyware.MySearch, 1 Spyware.Cookie.com and 2 Heuristic.Win32.AVKiller (will add log at end);
7. ran Trend Housecall - took over 150 minutes to run
- found 1 med risk vulnerability in ASP.NET (said fix in MS05-004 but could not open link); 8. downloaded and ran TrojanHunter - took over 60 minutes - no problems identified;
9. have all Windows Update EXCEPT Windows XP SP2 (wanted to change browser before downloading but.....);
10. did reboot and test and still get the Symantic AV Notification for Trojan.Vundo. Since it was after 3:00 am shut down for night (had received over 7000 Trojan.Vundo notifications from Symantic by then!);
11. downloaded and ran Hijack This - will add log at end.
System info:
1. Run Windows XP home Edition;
2. Use IE as browser;
3. Use MS Office 2000;
4. Use Norton Anti-Virus Corporate edition with daily scan and auto live updates;
5. Use Spybot Search and Destroy weekly;
6. Use Ad-aware weekly;
7. Have hi-speed DSL thru cable TV company and VOIP (Packet 8 or 8x8.inc) also thru cable TV using cable modem;
8. Have Freedom Zone Alarm firewall that came with PC but not confident it is working right ?
9. Have Belkin Etherfast Cable/DSL router (NOT wireless);
10. Have HP Pavilion 754n system bought in Sep 2003.
Other problem information:
1. Have used AWS Weatherbug since new until about 30 days ago when I upgraded? it and it will no longer provide the local radar and satellite images (in folder says MiniBugTransporterXClass file damaged ?) Would like to continue using it if we can get it to work but some threads on Google says this file is ad-ware and should not be loaded. Your comments and help please?
2. Occasionally get message when trying to shutdown PC for the night that sgtray.exe is not responding to shut down process. Eventually will close if I leave it running. What is problem here?
3. GeeksToGo website login: have registered on your website and tried to login probably 5 times over last 2 days and it keeps saying wrong password every time! I finally use Lost Password option to reset it and access your website. Next time I try to login I get wrong password again. I am positive I am using correct password. What is my problem here?
4. I know I need to download the Windows XP SP2 as soon as this is all fixed. After analyzing all my info, logs and reports, providing any additional guidance, comments, recommendations to do PRIOR to downloading SP2 would be greatly appreciated.....
SCAN REPORTS/LOGS (Ewido Scty Suite, Hijack This) follow:
EWIDO SECURITY SUITE
---------------------------------------------------------
ewido security suite - Connection report
---------------------------------------------------------
+ Created on: 11:03:09 PM, 10/16/2005
+ Report-Checksum: 2356619F
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2342 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
TCP 127.0.0.1:2342 127.0.0.1:51202 CLOSE_WAIT
TCP 127.0.0.1:51201 0.0.0.0:0 LISTENING
TCP 127.0.0.1:51202 0.0.0.0:0 LISTENING
TCP 127.0.0.1:51203 0.0.0.0:0 LISTENING
TCP 127.0.0.1:51204 0.0.0.0:0 LISTENING
TCP 127.0.0.1:51206 0.0.0.0:0 LISTENING
TCP 192.168.1.101:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445
UDP 0.0.0.0:500
UDP 0.0.0.0:1029
UDP 0.0.0.0:1052
UDP 0.0.0.0:1053
UDP 0.0.0.0:1055
UDP 0.0.0.0:1068
UDP 127.0.0.1:123
UDP 127.0.0.1:1033
UDP 127.0.0.1:1045
UDP 127.0.0.1:1064
UDP 127.0.0.1:1900
UDP 192.168.1.101:123
UDP 192.168.1.101:137
UDP 192.168.1.101:138
UDP 192.168.1.101:1900
---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------
+ Created on: 11:03:42 PM, 10/16/2005
+ Report-Checksum: 2A041F65
0: System Process
4: System Process
144: C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
308: c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
652: C:\HP\KBD\KBD.EXE
748: C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
828: \SystemRoot\System32\smss.exe
844: C:\windows\system\hpsysdrv.exe
864: C:\WINDOWS\System32\hkcmd.exe
876: \??\C:\WINDOWS\system32\csrss.exe
900: \??\C:\WINDOWS\system32\winlogon.exe
920: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
944: C:\WINDOWS\system32\services.exe
956: C:\WINDOWS\system32\lsass.exe
1100: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
1128: C:\WINDOWS\system32\svchost.exe
1312: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
1356: C:\WINDOWS\System32\svchost.exe
1568: C:\Program Files\Internet Explorer\IEXPLORE.EXE
1612: C:\WINDOWS\System32\svchost.exe
1648: C:\WINDOWS\System32\svchost.exe
1820: C:\WINDOWS\system32\LEXBCES.EXE
1848: C:\WINDOWS\system32\spoolsv.exe
1856: C:\WINDOWS\system32\LEXPPS.EXE
2004: C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
2016: C:\Program Files\Common Files\Command Software\dvpapi.exe
2092: C:\WINDOWS\ALCXMNTR.EXE
2132: C:\WINDOWS\System32\shpc32.exe
2156: C:\Program Files\Ewido Scty Suites\security suite\securitysuite.exe
2188: C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\PORTCTRL.EXE
2236: C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
2436: C:\Program Files\Ewido Scty Suites\security suite\ewidoguard.exe
2572: C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
2616: C:\WINDOWS\System32\wuauclt.exe
2908: C:\Program Files\Ewido Scty Suites\security suite\ewidoctrl.exe
3128: C:\WINDOWS\System32\svchost.exe
3704: C:\WINDOWS\explorer.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:01:32 PM, 10/16/2005
+ Report-Checksum: 5B3BE917
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll\\.Owner -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll\\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKU\S-1-5-21-1825742884-1222602259-1949773262-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\464ff1fc477d74c6820da4f114404e4c75de8f78/mrt.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\464ff1fc477d74c6820da4f114404e4c75de8f78/mrt.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
::Report End
---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------
+ Created on: 11:02:50 PM, 10/16/2005
+ Report-Checksum: 41405CF
Reg\HKLM\Run GW Port Controller C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\PORTCTRL.EXE
Reg\HKLM\Run nwiz nwiz.exe /installquiet /keeploaded
Reg\HKLM\Run Zero Knowledge Freedom C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
Reg\HKLM\Run SHPC32 shpc32.exe
Reg\HKLM\Run xkstartup RunDll32 InstZ82.dll,SetUsbPrinterPort
Reg\HKCU\Run NVIEW rundll32.exe nview.dll,nViewLoadHook
Reg\HKCU\Run Weather C:\Program Files\AWS\WeatherBug\Weather.exe 1
Reg\HKCU\Run Freedom C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
Reg\HKLM\Run BlockTracker c:\hp\bin\BlockTracker.exe
Reg\HKLM\Run HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
Reg\HKLM\Run Share-to-Web Namespace Daemon c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Reg\HKLM\Run CamMonitor c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Reg\HKLM\Run KBD C:\HP\KBD\KBD.EXE
Reg\HKLM\Run StorageGuard "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
Reg\HKLM\Run AutoTBar C:\hp\bin\autotbar.exe
Reg\HKLM\Run Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
Reg\HKCU\Run SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Reg\HKLM\Run PS2 C:\WINDOWS\system32\ps2.exe
Reg\HKLM\Run LexStart lexstart.exe
Reg\HKLM\Run vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Reg\HKLM\Run REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
Reg\HKLM\Run AlcxMonitor ALCXMNTR.EXE
Reg\HKLM\Run hpsysdrv c:\windows\system\hpsysdrv.exe
Reg\HKLM\Run IgfxTray C:\WINDOWS\System32\igfxtray.exe
Shell\CommonStartup hp center UI.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk
Shell\CommonStartup hp center.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk
Shell\CommonStartup Microsoft Office.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
Shell\CommonStartup Quicken Scheduled Updates.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
Shell\CommonStartup SmarThru Engine.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmarThru Engine.lnk
Shell\UserStartup WxBugManUpgrade605.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WxBugManUpgrade605.exe
Shell\CommonStartup Adobe Reader Speed Launch.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
HIJACK THIS SCAN
Logfile of HijackThis v1.99.1
Scan saved at 9:22:14 PM, on 10/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Ewido Scty Suites\security suite\ewidoctrl.exe
C:\Program Files\Ewido Scty Suites\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\shpc32.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\PORTCTRL.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: ads.weather.com
O1 - Hosts: tracker.com
O1 - Hosts: r.Exploit]
O1 - Hosts: tracker.com
O1 - Hosts: gecash.com
O1 - Hosts: iondrugs.com
O1 - Hosts: r.Exploit]
O1 - Hosts: tracker.com
O1 - Hosts: 127.0.
O1 - Hosts: .0.0.1 adrevservice.com
O1 - Hosts: 127.0.
O1 - Hosts: .1 stats.adrevservice.com #[Linkzilla Control]
O1 - Hosts: gecash.com
O1 - Hosts: iondrugs.com
O1 - Hosts: r.Exploit]
O1 - Hosts: tracker.com
O1 - Hosts: t][Adware.Istbar]
O1 - Hosts: 127.0.
O1 - Hosts: .0.0.1 adrevservice.com
O1 - Hosts: 127.0.
O1 - Hosts: .1 stats.adrevservice.com #[Linkzilla Control]
O1 - Hosts: gecash.com
O1 - Hosts: iondrugs.com
O1 - Hosts: r.Exploit]
O1 - Hosts: tracker.com
O1 - Hosts: stx12.sextracker.com
O1 - Hosts: .0.0.1 stx15.sextracker.com
O1 - Hosts: t][Adware.Istbar]
O1 - Hosts: 127.0.
O1 - Hosts: .0.0.1 adrevservice.com
O1 - Hosts: 127.0.
O1 - Hosts: .1 stats.adrevservice.com #[Linkzilla Control]
O1 - Hosts: gecash.com
O1 - Hosts: iondrugs.com
O1 - Hosts: r.Exploit]
O1 - Hosts: boss.com #[IE-SpyAd]
O1 - Hosts: www.engine-find.info
O1 - Hosts: tracker.com
O1 - Hosts: stx12.sextracker.com
O1 - Hosts: .0.0.1 stx15.sextracker.com
O1 - Hosts: t][Adware.Istbar]
O1 - Hosts: 127.0.
O1 - Hosts: .0.0.1 adrevservice.com
O1 - Hosts: 127.0.
O1 - Hosts: .1 stats.adrevservice.com #[Linkzilla Control]
O1 - Hosts: gecash.com
O1 - Hosts: iondrugs.com
O1 - Hosts: r.Exploit]
O1 - Hosts: .0.0.1 searchforit.com #[eTrust.AdShooter.SearchForIt]
O1 - Hosts: boss.com #[IE-SpyAd]
O1 - Hosts: www.engine-find.info
O1 - Hosts: tracker.com
O1 - Hosts: stx12.sextracker.com
O1 - Hosts: .0.0.1 stx15.sextracker.com
O1 - Hosts: t][Adware.Istbar]
O1 - Hosts: 127.0.
O1 - Hosts: .0.0.1 adrevservice.com
O1 - Hosts: 127.0.
O1 - Hosts: .1 stats.adrevservice.com #[Linkzilla Control]
O1 - Hosts: c3.thecounter.com
O1 - Hosts: gecash.com
O1 - Hosts: iondrugs.com
O1 - Hosts: r.Exploit]
O1 - Hosts: .0.0.1 searchforit.com #[eTrust.AdShooter.SearchForIt]
O1 - Hosts: boss.com #[IE-SpyAd]
O1 - Hosts: www.engine-find.info
O1 - Hosts: tracker.com
O1 - Hosts: stx12.sextracker.com
O1 - Hosts: .0.0.1 stx15.sextracker.com
O1 - Hosts: iendfinder.com
O1 - Hosts: pyAd]
O1 - Hosts: t][Adware.Istbar]
O1 - Hosts: 127.0.
O1 - Hosts: .0.0.1 adrevservice.com
O1 - Hosts: 127.0.
O1 - Hosts: .1 stats.adrevservice.com #[Linkzilla Control]
O1 - Hosts: c3.thecounter.com
O1 - Hosts: gecash.com
O1 - Hosts: iondrugs.com
O1 - Hosts: r.Exploit]
O1 - Hosts: .0.0.1 searchforit.com #[eTrust.AdShooter.SearchForIt]
O1 - Hosts: boss.com #[IE-SpyAd]
O1 - Hosts: www.engine-find.info
O1 - Hosts: tracker.com
O1 - Hosts: 0.1 clit10.sextracker.com
O1 - Hosts: xtracker.com
O1 - Hosts: stx12.sextracker.com
O1 - Hosts: .0.0.1 stx15.sextracker.com
O1 - Hosts: iendfinder.com
O1 - Hosts: pyAd]
O1 - Hosts: t][Adware.Istbar]
O1 - Hosts: 127.0.
O1 - Hosts: .0.0.1 adrevservice.com
O1 - Hosts: 127.0.
O1 - Hosts: .1 stats.adrevservice.com #[Linkzilla Control]
O1 - Hosts: c3.thecounter.com
O1 - Hosts: gecash.com
O1 - Hosts: iondrugs.com
O1 - Hosts: r.Exploit]
O1 - Hosts: .0.0.1 searchforit.com #[eTrust.AdShooter.SearchForIt]
O1 - Hosts: 1 dl.surfenhance.com #[IE-SpyAd]
O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\System32\ddccb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
O4 - HKLM\..\Run: [SHPC32] shpc32.exe
O4 - HKLM\..\Run: [xkstartup] RunDll32 InstZ82.dll,SetUsbPrinterPort
O4 - HKLM\..\Run: [GW Port Controller] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\PORTCTRL.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WxBugManUpgrade605.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SmarThru Engine.lnk = C:\Program Files\Lexmark\SmarThru\QS.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.hotmail.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O20 - Winlogon Notify: ddccb - C:\WINDOWS\System32\ddccb.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Scty Suites\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Ewido Scty Suites\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
I am new to this type of forum use (as well as first trojan infection) .....do I need to continuously check this forum to watch for a reply or is a notice/message sent to my email? If I selected anonymous use of the forum, will this prevent you from providing feedback? What is approx time to expect response (minutes, hours, days, weeks ? )
Thanks in advance.........ruegemeraa
Sign In
Create Account
