Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with removing unwanted items [RESOLVED]


  • This topic is locked This topic is locked

#1
Cora

Cora

    New Member

  • Member
  • Pip
  • 6 posts
Good evening. I found this site after reading about hijack this. I went through every step as suggested. It removed alot of my problems, but I still have things that pop up when I reboot. Especially and ad that ask me if I want to scan my pc for virusus. It isn't one of my programs it is an ad. Please help me. I am posting the log file from hijack this and Ewido also as you suggested. Thank you so much.

Cora

Logfile of HijackThis v1.99.1
Scan saved at 12:24:28 AM, on 10/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Forward Design\CursorSkins\CursorSkins.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cora\Desktop\Cora's\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [j4BVG6vA] C:\documents and settings\cora\local settings\temp\j4BVG6vA.exe
O4 - HKLM\..\Run: [w6ylY9E] C:\windows\system32\w6ylY9E.exe
O4 - HKLM\..\Run: [56566c08c6df] C:\WINDOWS\system32\archlib0.exe
O4 - HKLM\..\Run: [flHhUyVJ.exe] C:\windows\system32\flHhUyVJ.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MISAggregator] C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\unzipped\gikul42p\FreeRAM XP Pro 1.30.exe" -win
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINDOWS\iecheck.exe
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /A "C:\WINDOWS\system32\E_S632.tmp"
O4 - Startup: AdSubtract.lnk = ?
O4 - Startup: CursorSkins.lnk = C:\Program Files\Forward Design\CursorSkins\CursorSkins.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure...ge/w4sgeen9.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com...stall/AxCtp.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...74/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1130642663687
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A6B13EE4-A974-11D2-8DB7-00C04FB6E8F6} - http://www.splashspo...ssviewer2/2.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?319
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O20 - AppInit_DLLs: C:\Program Files\Stardock\Object Desktop\WindowBlinds\skincast\
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:49:35 PM, 10/29/2005
+ Report-Checksum: 28FAD89A

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/btiein.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/btiein.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StarInstall.ocx\\.Owner -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StarInstall.ocx\\{E0B795B4-FD95-4ABD-A375-27962EFCE8CF} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0199DF25-9820-4BD5-9FEE-5A765AB4371E} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554} -> Spyware.MySearchBar : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{120E090D-9136-4B78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1678F7E1-C422-11D0-AD7D-00400515CAAA} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D60FF48-95BE-4956-B4C6-6BB168A70310} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC378B83-9577-44D0-B4F8-0DD965E176FC} -> Spyware.Esyndicate : Cleaned with backup
HKU\S-1-5-21-3133978997-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F14AABDD-0232-4E5A-9B52-4178AC0A62B5} -> Spyware.AdSubtract : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Cora\Application Data\Mozilla\Profiles\Default User1\3tiog86s.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Cora\Cookies\cora@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Cora\Cookies\cora@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@a.tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@e-2dj6wfkiohdpggo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@e-2dj6wfkyqmdzwko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@e-2dj6wflieldzaho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@e-2dj6wjkocod5ghp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@e-2dj6wjkyaiczwdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@e-2dj6wjnyaiazwao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@e-2dj6wjnysldjmkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@e-2dj6wjnyuiazacq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@e-2dj6wjnyukd5eco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@microsofteup.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@rbsinteractive.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Cookies\cora@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Temporary Internet Files\Content.IE5\0ZX3IYJ5\WinFixer2005ScannerInstall[1].cab/UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temp\Temporary Internet Files\Content.IE5\SXMR0H2F\SmileyCentralFWBInitialSetup1.0.0.15[1].exe -> Spyware.FunWeb : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temporary Internet Files\Content.IE5\4NFVYSH1\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temporary Internet Files\Content.IE5\4NFVYSH1\pokapoka79[1].exe -> Trojan.EliteBar : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temporary Internet Files\Content.IE5\6FQ7ELUJ\toolbar[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temporary Internet Files\Content.IE5\KBMNW9WD\mc-110-12-0000080[1].exe -> Spyware.Maxifiles : Cleaned with backup
C:\Documents and Settings\Cora\Local Settings\Temporary Internet Files\Content.IE5\XU8I584X\meeedi[1].exe -> Spyware.WinAD : Cleaned with backup
C:\ggaag.exe -> Backdoor.IRCBot.es : Cleaned with backup
C:\mc-110-12-0000080.exe -> Spyware.Maxifiles : Cleaned with backup
C:\meedia.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP199\A0022796.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP262\A0028704.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP270\A0029086.dll -> Trojan.EliteBar.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\etb\pokapoka79.exe -> Trojan.EliteBar : Cleaned with backup
C:\WINDOWS\serveraaa.exe -> Backdoor.IRCBot.es : Cleaned with backup
C:\WINDOWS\SYSTEM32\BO2202031216.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\BO2202031216.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\SYSTEM32\cm1.dll -> Spyware.ClientMan : Cleaned with backup
C:\WINDOWS\SYSTEM32\ctbv2.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\express.exe -> Backdoor.Aimbot.at : Cleaned with backup
C:\WINDOWS\SYSTEM32\mc-110-12-0000080.exe -> Spyware.Maxifiles : Cleaned with backup
C:\WINDOWS\SYSTEM32\nostalgia.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\nostalgia.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\nostalgia.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\nostalgia.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\SHAgent.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\sstep.dll -> TrojanDropper.Small.so : Cleaned with backup
  • 0

Advertisements


#2
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Cora, welcome to GeeksToGo

Right now I am going through your log, and will be back with a fix soon. Thanks for your patience. :tazz:

Regards,

Armodeluxe
  • 0

#3
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.

Open Microsoft AntiSpyware.
Click on Options, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Open HijackThis and click Scan. Put a check next to these:

O4 - HKLM\..\Run: [j4BVG6vA] C:\documents and settings\cora\local settings\temp\j4BVG6vA.exe
O4 - HKLM\..\Run: [w6ylY9E] C:\windows\system32\w6ylY9E.exe
O4 - HKLM\..\Run: [56566c08c6df] C:\WINDOWS\system32\archlib0.exe
O4 - HKLM\..\Run: [flHhUyVJ.exe] C:\windows\system32\flHhUyVJ.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure...ge/w4sgeen9.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab


The following are optionals:

O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot I strongly suggest that you get rid of AdwareAlert, as it appears on the rouge/suspect antispyware list. See this page for the relevant entry:
http://www.spywarewa...nti-spyware.htm
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present If you didn't put a restriction on the Control Panel via an application like Spybot, check this one as well.

Close all other windows except HijackThis and click Fix Checked.

Then, navigate to and delete these files:

C:\windows\system32\w6ylY9E.exe
C:\WINDOWS\system32\archlib0.exe
C:\windows\system32\flHhUyVJ.exe

If you decided to rid of AdwareAlert, uninstall it from Control Panel Add/Remove Programs and then delete this folder:

C:\Program Files\AdwareAlert

Next, go to Start>Run and type: cleanmgr

Run the DiskCleanup utility that comes up after putting a check next to these:

Temporary Files
Temporary Internet Files
Recycle Bin


After that, reboot.

Go here to make an online scan:

http://www.pandasoft.../activescan.htm

- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Then, please post a new HijackThis log along with the Panda results.
  • 0

#4
Cora

Cora

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello, I can't thank you enough for the help. I did what you said and here is the new hijack this logfile anlong with the Panda one:

Logfile of HijackThis v1.99.1
Scan saved at 4:54:13 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Forward Design\CursorSkins\CursorSkins.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Documents and Settings\Cora\Desktop\Cora's\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MISAggregator] C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\unzipped\gikul42p\FreeRAM XP Pro 1.30.exe" -win
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINDOWS\iecheck.exe
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /A "C:\WINDOWS\system32\E_S632.tmp"
O4 - Startup: AdSubtract.lnk = ?
O4 - Startup: CursorSkins.lnk = C:\Program Files\Forward Design\CursorSkins\CursorSkins.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com...stall/AxCtp.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...74/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1130642663687
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A6B13EE4-A974-11D2-8DB7-00C04FB6E8F6} - http://www.splashspo...ssviewer2/2.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?319
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O20 - AppInit_DLLs: C:\Program Files\Stardock\Object Desktop\WindowBlinds\skincast\
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe




Incident Status Location

Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\262908_1076_3256_256_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\393462_3184_1484_3444_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\393480_3784_1852_632_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\524536_2692_3304_2604_79.41.tst
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\backups\backup-20050312-182941-847.dll.tcf
Adware:Adware/TVMedia No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\tvmupdater.exe
Adware:Adware/BrilliantDigitalNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A44B62A0-BC2C-4BD1-84D5-08C8A5\129F82E1-410A-4D15-8B37-5046AD
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP269\A0029011.dll.tcf
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029575.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029578.exe
Adware:Adware/VirtualBouncer No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029581.exe
Adware:Adware/Exact.BargainBuddyNo disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029582.dll
Virus:Trj/Downloader.CHU Disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029583.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029585.exe
Adware:Adware/MSView No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029586.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029587.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029588.dll
Adware:Adware/SideStep No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029589.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029593.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029605.exe
Adware:Adware/RCSync No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029609.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029611.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP273\A0029829.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP273\A0029901.exe
Adware:Adware/KeenValue No disinfected C:\WINDOWS\Downloaded Program Files\imloader.exe.tcf
Adware:Adware/EliteBar No disinfected C:\WINDOWS\etb\nt_hide79.dll
Adware:Adware/Exact.BargainBuddyNo disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Adware:Adware/Exact.BargainBuddyNo disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Adware:Adware/Exact.BargainBuddyNo disinfected C:\WINDOWS\etb\xml\images\virus.bmp
Spyware:Spyware/ClearSearch No disinfected C:\WINDOWS\SYSTEM32\ClrSchP0121.dll
Adware:Adware/Exact.SearchBar No disinfected C:\WINDOWS\SYSTEM32\exactsetup.dlltmp
Adware:Adware/Specofer No disinfected C:\WINDOWS\SYSTEM32\httppost.exe
Virus:Trj/Multidropper.ADZ Disinfected C:\WINDOWS\SYSTEM32\lw.dll
Virus:Trj/Multidropper.AEO Disinfected C:\WINDOWS\SYSTEM32\mcea110.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\ncase.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\ncase2.dll
Spyware:Spyware/New.net No disinfected C:\WINDOWS\SYSTEM32\newnet.dll
Adware:Adware/Exact.BargainBuddyNo disinfected C:\WINDOWS\SYSTEM32\OMsetup.exe
Adware:Adware/RCSync No disinfected C:\WINDOWS\SYSTEM32\pr1ze5.dll.tcf
Adware:Adware/RCSync No disinfected C:\WINDOWS\SYSTEM32\prizesurfer_setup.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\SHAgent1007.dll.tcf
Adware:Adware/SideStep No disinfected C:\WINDOWS\SYSTEM32\SideStep.exe
Adware:Adware/Specofer No disinfected C:\WINDOWS\SYSTEM32\weatherb.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\Xcite.exe
  • 0

#5
Cora

Cora

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello, I can't thank you enough for the help. I did what you said and here is the new hijack this logfile anlong with the Panda one:

Logfile of HijackThis v1.99.1
Scan saved at 4:54:13 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Forward Design\CursorSkins\CursorSkins.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Documents and Settings\Cora\Desktop\Cora's\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MISAggregator] C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\unzipped\gikul42p\FreeRAM XP Pro 1.30.exe" -win
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINDOWS\iecheck.exe
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /A "C:\WINDOWS\system32\E_S632.tmp"
O4 - Startup: AdSubtract.lnk = ?
O4 - Startup: CursorSkins.lnk = C:\Program Files\Forward Design\CursorSkins\CursorSkins.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com...stall/AxCtp.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...74/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1130642663687
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A6B13EE4-A974-11D2-8DB7-00C04FB6E8F6} - http://www.splashspo...ssviewer2/2.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?319
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O20 - AppInit_DLLs: C:\Program Files\Stardock\Object Desktop\WindowBlinds\skincast\
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe




Incident Status Location

Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\262908_1076_3256_256_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\393462_3184_1484_3444_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\393480_3784_1852_632_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\524536_2692_3304_2604_79.41.tst
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\backups\backup-20050312-182941-847.dll.tcf
Adware:Adware/TVMedia No disinfected C:\Documents and Settings\Cora\Local Settings\Temp\tvmupdater.exe
Adware:Adware/BrilliantDigitalNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A44B62A0-BC2C-4BD1-84D5-08C8A5\129F82E1-410A-4D15-8B37-5046AD
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP269\A0029011.dll.tcf
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029575.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029578.exe
Adware:Adware/VirtualBouncer No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029581.exe
Adware:Adware/Exact.BargainBuddyNo disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029582.dll
Virus:Trj/Downloader.CHU Disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029583.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029585.exe
Adware:Adware/MSView No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029586.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029587.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029588.dll
Adware:Adware/SideStep No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029589.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029593.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029605.exe
Adware:Adware/RCSync No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029609.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP271\A0029611.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP273\A0029829.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP273\A0029901.exe
Adware:Adware/KeenValue No disinfected C:\WINDOWS\Downloaded Program Files\imloader.exe.tcf
Adware:Adware/EliteBar No disinfected C:\WINDOWS\etb\nt_hide79.dll
Adware:Adware/Exact.BargainBuddyNo disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Adware:Adware/Exact.BargainBuddyNo disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Adware:Adware/Exact.BargainBuddyNo disinfected C:\WINDOWS\etb\xml\images\virus.bmp
Spyware:Spyware/ClearSearch No disinfected C:\WINDOWS\SYSTEM32\ClrSchP0121.dll
Adware:Adware/Exact.SearchBar No disinfected C:\WINDOWS\SYSTEM32\exactsetup.dlltmp
Adware:Adware/Specofer No disinfected C:\WINDOWS\SYSTEM32\httppost.exe
Virus:Trj/Multidropper.ADZ Disinfected C:\WINDOWS\SYSTEM32\lw.dll
Virus:Trj/Multidropper.AEO Disinfected C:\WINDOWS\SYSTEM32\mcea110.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\ncase.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\ncase2.dll
Spyware:Spyware/New.net No disinfected C:\WINDOWS\SYSTEM32\newnet.dll
Adware:Adware/Exact.BargainBuddyNo disinfected C:\WINDOWS\SYSTEM32\OMsetup.exe
Adware:Adware/RCSync No disinfected C:\WINDOWS\SYSTEM32\pr1ze5.dll.tcf
Adware:Adware/RCSync No disinfected C:\WINDOWS\SYSTEM32\prizesurfer_setup.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\SHAgent1007.dll.tcf
Adware:Adware/SideStep No disinfected C:\WINDOWS\SYSTEM32\SideStep.exe
Adware:Adware/Specofer No disinfected C:\WINDOWS\SYSTEM32\weatherb.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\Xcite.exe
  • 0

#6
Cora

Cora

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry for posting twice but page couldn't be found kept coming up.
  • 0

#7
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Please first save these directions to the desktop as a text file, because you will need to copy and paste part of them later, once we are in Safe Mode.

Please download LQfix.exe from one of the following locations:
  • http://www.downloads.subratam.org/LQfix.exe
    http://miekiemoes.geekstogo.com/tools/LQfix.exe
  • Save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • You need an active Internet Connection, so make sure your you're not blocking any connection now.
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Next,

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM32\ClrSchP0121.dll
C:\WINDOWS\SYSTEM32\exactsetup.*
C:\WINDOWS\SYSTEM32\httppost.exe
C:\WINDOWS\SYSTEM32\ncase.dll
C:\WINDOWS\SYSTEM32\ncase2.dll
C:\WINDOWS\SYSTEM32\newnet.dll
C:\WINDOWS\SYSTEM32\OMsetup.exe
C:\WINDOWS\SYSTEM32\pr1ze5.dll.tcf
C:\WINDOWS\SYSTEM32\prizesurfer_setup.exe
C:\WINDOWS\SYSTEM32\SHAgent1007.dll.tcf
C:\WINDOWS\SYSTEM32\SideStep.exe
C:\WINDOWS\SYSTEM32\weatherb.dll
C:\WINDOWS\SYSTEM32\Xcite.exe
C:\Documents and Settings\Cora\Local Settings\Temp\262908_1076_3256_256_79.41.tst
C:\Documents and Settings\Cora\Local Settings\Temp\393462_3184_1484_3444_79.41.tst
C:\Documents and Settings\Cora\Local Settings\Temp\393480_3784_1852_632_79.41.tst
C:\Documents and Settings\Cora\Local Settings\Temp\524536_2692_3304_2604_79.41.tst
C:\Documents and Settings\Cora\Local Settings\Temp\backups\backup-20050312-182941-847.dll.tcf
C:\Documents and Settings\Cora\Local Settings\Temp\tvmupdater.exe
C:\WINDOWS\Downloaded Program Files\imloader.exe.tcf


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the Do You Want to Reboot Now prompt.

Reboot to normal mode and please post a new HijackThis log. How is the computer running now, any problems?
  • 0

#8
Cora

Cora

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you soo much. You have been a tremendous help. The computer seems to be working great. No unwanted popups. I wish I had half your knowledge. Thank you again. Cora
Here is the new logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:57:59 PM, on 11/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Forward Design\CursorSkins\CursorSkins.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cora\Desktop\Cora's\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MISAggregator] C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\unzipped\gikul42p\FreeRAM XP Pro 1.30.exe" -win
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINDOWS\iecheck.exe
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /A "C:\WINDOWS\system32\E_S632.tmp"
O4 - Startup: AdSubtract.lnk = ?
O4 - Startup: CursorSkins.lnk = C:\Program Files\Forward Design\CursorSkins\CursorSkins.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com...stall/AxCtp.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...74/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1130642663687
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A6B13EE4-A974-11D2-8DB7-00C04FB6E8F6} - http://www.splashspo...ssviewer2/2.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?319
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O20 - AppInit_DLLs: C:\Program Files\Stardock\Object Desktop\WindowBlinds\skincast\
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#9
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Looks good to me :tazz:

Now let's reset your restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Please take the following into consideration to maintain a clean computer.

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Sygate


Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#10
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP