Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

adyieldmamnager, oinadserve, hbmediapro, z1adserver, etc. Need help i

Started by dougthemusicman , Jan 11 2006 12:27 PM

  • This topic is locked This topic is locked

#1
dougthemusicman
Posted 11 January 2006 - 12:27 PM

dougthemusicman

    New Member

  • Member
  • Pip
  • 7 posts
Greetings! Here is my hijack log. Thank you very much in advance for yourt assistance in this matter. I use Mozilla Firefox however, some pages like Bank of America require Internet Explorer for online banking so I have to use it in those instances.......


Logfile of HijackThis v1.99.1
Scan saved at 10:24:48 AM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\PCSecurityShield\Shieldfirewall\FWMain.exe
C:\WINDOWS\system32\Ascentive\abbg32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\Ascentive\csrss.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\AOL\1124370153\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124370153\ee\AOLServiceHost.exe
C:\Program Files\PCSecurityShield\Shieldfirewall\FWCOM.exe
C:\WINDOWS\system32\Ascentive\bwuu32.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\WINDOWS\system32\Ascentive\MSOTL.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Douglas\aim.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\W?nSxS\alg.exe
C:\Program Files\ohua\ibtm.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\AOL\1124370153\ee\AOLServiceHost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Douglas\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {C0C5699C-C9DD-BB4C-7399-A1FD1C34A6A9} - (no file)
O2 - BHO: Farstone Webflt1 - {F0CABD54-804C-452A-AAA0-C8264997FC6D} - C:\Program Files\PCSecurityShield\Shieldfirewall\webflt.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Program Files\FraudEliminator\2.4.0\FETB.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [mm_server] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe"
O4 - HKLM\..\Run: [PhilipsRemote] "C:\Program Files\Musicmatch\Musicmatch Jukebox\PhilipsRemote.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HS3_AutoRun] C:\Program Files\PCSecurityShield\Shieldfirewall\FWMain.exe
O4 - HKLM\..\Run: [ABBG] C:\WINDOWS\system32\Ascentive\abbg32.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124370153\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\Douglas\LOCALS~1\Temp\{53E60B6A-1E22-4622-9E8A-FE1CAC5E6184}\{EEBA9416-3207-47E0-9022-116440599DBC}\..\..\P2006tmp\Install.exe" /SETUP:"/l0x0009"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\Douglas\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ABBG] C:\WINDOWS\system32\Ascentive\abbg32.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Kmwbxqib] C:\WINDOWS\system32\W?nSxS\alg.exe
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Douglas\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [Csia] "C:\Program Files\ohua\ibtm.exe" -vt mtx
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZRxdm069YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Douglas\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.dwisp.net
O15 - Trusted Zone: http://www.fraudeliminator.com
O15 - Trusted Zone: http://*.kfi640.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110572446546
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.bro...in/Download.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FWCOM - PCSecurityShield, Inc. - C:\Program Files\PCSecurityShield\Shieldfirewall\FWCOM.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
  • 0

Advertisements

#2
loophole
Posted 20 January 2006 - 04:30 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :tazz:

Sorry for the delayed response, it has been very busy lately.

If you still require help please post a new Hijack log in this
thread and I will help you. If your problem has been fixed please
respond and let us know.

Thanks
  • 0

#3
dougthemusicman
Posted 20 January 2006 - 05:08 PM

dougthemusicman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hello :tazz:

Sorry for the delayed response, it has been very busy lately.

If you still require help please post a new Hijack log in this
thread and I will help you. If your problem has been fixed please
respond and let us know.

Thanks



Greetings again and thanks so much for the reply. Here is my updated hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:06:10 PM, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\PCSecurityShield\Shieldfirewall\FWMain.exe
C:\WINDOWS\system32\Ascentive\abbg32.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\WINDOWS\system32\Ascentive\csrss.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\AOL\1124370153\ee\AOLHostManager.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyc.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\AOL\1124370153\ee\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Douglas\aim.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\Ascentive\MSOTL.exe
C:\WINDOWS\system32\W?nSxS\alg.exe
C:\Program Files\PCSecurityShield\Shieldfirewall\FWCOM.exe
C:\Program Files\ohua\ibtm.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\AOL\1124370153\ee\AOLServiceHost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\Ascentive\bwuu32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Douglas\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {C0C5699C-C9DD-BB4C-7399-A1FD1C34A6A9} - (no file)
O2 - BHO: Farstone Webflt1 - {F0CABD54-804C-452A-AAA0-C8264997FC6D} - C:\Program Files\PCSecurityShield\Shieldfirewall\webflt.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Program Files\FraudEliminator\2.4.0\FETB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [mm_server] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe"
O4 - HKLM\..\Run: [PhilipsRemote] "C:\Program Files\Musicmatch\Musicmatch Jukebox\PhilipsRemote.exe"
O4 - HKLM\..\Run: [HS3_AutoRun] C:\Program Files\PCSecurityShield\Shieldfirewall\FWMain.exe
O4 - HKLM\..\Run: [ABBG] C:\WINDOWS\system32\Ascentive\abbg32.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124370153\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [VrProxyc] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyc.exe
O4 - HKLM\..\Run: [VrProxyd] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\Douglas\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ABBG] C:\WINDOWS\system32\Ascentive\abbg32.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Kmwbxqib] C:\WINDOWS\system32\W?nSxS\alg.exe
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Douglas\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [Csia] "C:\Program Files\ohua\ibtm.exe" -vt mtx
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZRxdm069YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Douglas\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.dwisp.net
O15 - Trusted Zone: http://www.fraudeliminator.com
O15 - Trusted Zone: http://*.kfi640.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110572446546
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.bro...in/Download.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FWCOM - PCSecurityShield, Inc. - C:\Program Files\PCSecurityShield\Shieldfirewall\FWCOM.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe



I'll await your response......
  • 0

#4
loophole
Posted 20 January 2006 - 06:04 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK lets get going :tazz:

Hijack fixes

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [Kmwbxqib] C:\WINDOWS\system32\W?nSxS\alg.exe

O4 - HKCU\..\Run: [Csia] "C:\Program Files\ohua\ibtm.exe" -vt mtx


Now close all windows other than HiJackThis, then click Fix Checked\


Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Folder deletions

Please delete the folders in red using Windows Explorer(if present):

C:\WINDOWS\system32\W?nSxS <> Note the question mark can be any thing. There shouldn't be a folder with a name close to that. If you find another one with a name close to that just post back and we can delete the correct one

C:\Program Files\ohua


After that, Reboot.


Please run this online virus scan:
Panda Active Scan You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here. Also post a new Hijack log

  • 0

#5
dougthemusicman
Posted 21 January 2006 - 05:40 AM

dougthemusicman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sure do appreciate your assistance. Ok, here's the Panda Active Scan Results.


Incident Status Location

Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.revenue.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.apmebf.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.go.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[server.iad.liveperson.net/hc/46842095]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[server.iad.liveperson.net/hc/46842095]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[server.iad.liveperson.net/hc/80570461]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.statcounter.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.serving-sys.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.888.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[c.goclick.com/]
Spyware:Cookie/Abcsearch Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.abcsearch.com/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.ask.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.target.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.zedo.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.clickbank.net/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[.gostats.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[c3.gostats.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[46842095]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[46842095]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[80570461]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\26kbhld5.Douglas Rayburn\cookies.txt[]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6b0359e6-64f75f80.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6b0359e6-64f75f80.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6b0359e6-64f75f80.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6b0359e6-64f75f80.zip[Beyond.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-10015c94-21518fd4.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-10015c94-21518fd4.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-10015c94-21518fd4.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-10015c94-21518fd4.zip[NewURLClassLoader.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-670a7c0b.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-670a7c0b.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-670a7c0b.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-670a7c0b.zip[NewURLClassLoader.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1148221e-5db2fee6.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1148221e-5db2fee6.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1148221e-5db2fee6.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1148221e-5db2fee6.zip[NewURLClassLoader.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3ce7aa1-37075283.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3ce7aa1-37075283.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3ce7aa1-37075283.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3ce7aa1-37075283.zip[NewURLClassLoader.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bb2613b-5a7e3cb4.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bb2613b-5a7e3cb4.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bb2613b-5a7e3cb4.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bb2613b-5a7e3cb4.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv416.jar-1be52542-263f7c3d.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv416.jar-1be52542-263f7c3d.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv416.jar-1be52542-263f7c3d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv416.jar-1be52542-263f7c3d.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv428.jar-79a2800c-409eb195.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv441.jar-1b65e58a-43918872.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv441.jar-1b65e58a-43918872.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv441.jar-1b65e58a-43918872.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv441.jar-1b65e58a-43918872.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv479.jar-238d2a8-590fc36b.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv479.jar-238d2a8-590fc36b.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5d941347-3be3d7fa.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5d941347-3be3d7fa.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5d941347-3be3d7fa.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5d941347-3be3d7fa.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv645.jar-66ae6149-2b1d12f9.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv645.jar-66ae6149-2b1d12f9.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv655.jar-7f3bac15-4d426a57.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv655.jar-7f3bac15-4d426a57.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv655.jar-7f3bac15-4d426a57.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv655.jar-7f3bac15-4d426a57.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv687.jar-54a3f6f1-563cfa9d.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv687.jar-54a3f6f1-563cfa9d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv740.jar-3fa040af-6461ffee.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv740.jar-3fa040af-6461ffee.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv740.jar-3fa040af-6461ffee.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv740.jar-3fa040af-6461ffee.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-73aace24-3720a738.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-73aace24-3720a738.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-73aace24-3720a738.zip[NudeBox.class]
Virus:Trj/ClassLoader.P Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-73aace24-3720a738.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-73aace24-3720a738.zip[VerifierBug.class]
Virus:Trj/Downloader.HFC Disinfected C:\Documents and Settings\Douglas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-73aace24-3720a738.zip[javautil.zip]
Hacktool:HackTool/Cain Not disinfected C:\Program Files\Cain\Abel.exe
Adware:Adware/WebHancer Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\052A8F01-DFFB-4A9A-ACE4-AF9E2A\63470EFD-80E8-47C5-847E-5996EF
Adware:Adware/WebHancer Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\052A8F01-DFFB-4A9A-ACE4-AF9E2A\F026C8A2-1835-42CC-B7FD-FBAA76
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\S-1-5-21-1144839148-3113373184-1531724324-1006\Dc2.exe


And here is my new Hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 3:39:06 AM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\PCSecurityShield\Shieldfirewall\FWMain.exe
C:\WINDOWS\system32\Ascentive\abbg32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\Ascentive\csrss.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\AOL\1124370153\ee\AOLHostManager.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyc.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyd.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Common Files\AOL\1124370153\ee\AOLServiceHost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Douglas\aim.exe
C:\Program Files\Eraser\eraser.exe
C:\WINDOWS\system32\Ascentive\bwuu32.exe
C:\WINDOWS\system32\Ascentive\MSOTL.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\PCSecurityShield\Shieldfirewall\FWCOM.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\AOL\1124370153\ee\AOLServiceHost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Douglas\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {C0C5699C-C9DD-BB4C-7399-A1FD1C34A6A9} - (no file)
O2 - BHO: Farstone Webflt1 - {F0CABD54-804C-452A-AAA0-C8264997FC6D} - C:\Program Files\PCSecurityShield\Shieldfirewall\webflt.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Program Files\FraudEliminator\2.4.0\FETB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [mm_server] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe"
O4 - HKLM\..\Run: [PhilipsRemote] "C:\Program Files\Musicmatch\Musicmatch Jukebox\PhilipsRemote.exe"
O4 - HKLM\..\Run: [HS3_AutoRun] C:\Program Files\PCSecurityShield\Shieldfirewall\FWMain.exe
O4 - HKLM\..\Run: [ABBG] C:\WINDOWS\system32\Ascentive\abbg32.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124370153\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [VrProxyc] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyc.exe
O4 - HKLM\..\Run: [VrProxyd] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrproxyd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\Douglas\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ABBG] C:\WINDOWS\system32\Ascentive\abbg32.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Douglas\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZRxdm069YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Douglas\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.dwisp.net
O15 - Trusted Zone: http://www.fraudeliminator.com
O15 - Trusted Zone: http://*.kfi640.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110572446546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.bro...in/Download.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FWCOM - PCSecurityShield, Inc. - C:\Program Files\PCSecurityShield\Shieldfirewall\FWCOM.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe


I can see the spyware that I can remove myself. At least, I'll try for now. Again, thanks so much for your help.
  • 0

#6
loophole
Posted 21 January 2006 - 11:55 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
This can be cleaned easily

Do you know about this program C:\Program Files\Cain\Abel.exe

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
  • 0

#7
dougthemusicman
Posted 22 January 2006 - 01:04 AM

dougthemusicman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Many thanks again. Took your advice and used the above program. Quick and simple and works great. Also, I do know what Cain is: I used it to find passwords my daughter tried to hide from me. Found 'em and cuaght her red handed. Should I delete the program or is there any danger in having it installed?
  • 0

#8
loophole
Posted 22 January 2006 - 11:03 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK you should be good to go. You can keep the cain program if you wish. we just like to point out anytime someone has a program like that just incase you didn't install it :tazz:

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Anti virus- An anti-virus is a must, here are a few good free ones.

  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#9
dougthemusicman
Posted 23 January 2006 - 04:20 AM

dougthemusicman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
All be darned. You were 100% right. Everything is gone. Every scan comes up perfectly clean and I tookyour adviceon the downloads. The only thing I noticed about the Marina Marissa Melissa Mona (or whatever it's called) IM program is that I cannot text message a mobile phone from my PC as I normally do on Yahoo IM or MSN IM. The program did not import that contavt information. Can't have everything, though. Still, it's definately worth it.

I cannot thank you enough for your assistance and expertise. Tax return comes this Friday and I'll be making a donation for certain. Very thoughtful and kind to do what you do. Thaks again for your valuable time.

DR
  • 0

#10
loophole
Posted 23 January 2006 - 05:18 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Your very welcome :tazz:
  • 0

#11
loophole
Posted 03 February 2006 - 06:37 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP