Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Big Spyware Problems on HP Computer [RESOLVED]

Started by hulud , Mar 24 2006 11:45 AM

  • This topic is locked This topic is locked

#16
hulud
Posted 06 April 2006 - 10:47 AM

hulud

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 268 posts
hi Sari,

i am running the panda scan right now, its going verrry slowly... running so far for about 2 hours, ill post the logs when its done.

did all the other steps above, when i rebooted into safe mode the FFC.tmp file was not there - i assume this is because of the HJT scan?

thanks
  • 0

Advertisements

#17
hulud
Posted 06 April 2006 - 01:54 PM

hulud

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 268 posts
hi Sari,

here are my logs:

Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 12:53:34 PM, on 4/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe




Panda Activescan


Incident Status Location

Adware:Adware/PurityScan Not disinfected C:\PROGRAM FILES\SCTA\CEUM.EXE
Spyware:spyware/surfsidekick Not disinfected C:\WINDOWS\SYSTEM32\bk.exe
Adware:adware/adlogix Not disinfected C:\WINDOWS\SYSTEM32\guarnset.exe
Adware:adware/emediacodec Not disinfected C:\WINDOWS\SYSTEM32\ldD90A.tmp
Adware:adware/maxifiles Not disinfected C:\WINDOWS\SYSTEM32\mmxp2passion.exe
Spyware:spyware/marketscore Not disinfected C:\WINDOWS\SYSTEM32\rk.bin
Adware:adware/secure32 Not disinfected C:\secure32.html
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartloadb1.dat
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\uniq
Adware:adware/yazzlesudoku Not disinfected C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yazzle Sudoku
Adware:adware/fchelp Not disinfected C:\PROGRAM FILES\EQAdvice
Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\PROGRAM FILES\WinAntiVirus Pro 2006
Adware:adware/mediatickets Not disinfected Windows Registry
Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\awtsp.dll
Virus:Trj/sosmyn.A Not disinfected C:\!KillBox\errorhandler.exe
Virus:Trj/Downloader.AYV Not disinfected C:\!KillBox\expload.exe
Virus:Trj/Downloader.AYV Not disinfected C:\!KillBox\real.exe
Spyware:Spyware/Dluca Not disinfected C:\!KillBox\wzdmg.exe
Virus:Trj/VB.KN Not disinfected C:\31567.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\HP_Administrator\Desktop\backups\backup-20060330-065755-241.dll
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\compwiz.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{0D284675-137A-4B6A-ABC0-364F522CE88C}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{1AC3099B-0C15-4DE8-9C92-6286CE55CE1A}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{23516497-DDBE-47F0-AE67-C021F49D452E}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{2628238C-6A4B-4467-AFA0-6BAAF155D37A}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{57416304-E05F-40F5-A252-72A4CAA79E24}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{7EB81A24-2F2E-4D24-AC43-C34F8C80E7E2}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{8343E55F-785A-4BC3-B684-FCAA85C9C092}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{A9C50331-63B2-4909-9460-CCB7D0ADB347}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{B03CC8F6-5D16-4BEB-850B-80E850F1960C}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{C3893CAD-2FC1-4566-84DD-50B5058CFD04}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{D242FE06-015B-4F0A-B4EA-02FAFCCE83B6}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{D88DAE1B-819F-450F-8754-2157EC8BA229}.dll
Spyware:Spyware/Overpro Not disinfected C:\Program Files\MediaPipe\insdl.dll
Spyware:Spyware/Overpro Not disinfected C:\Program Files\MediaPipe\register.dll
Adware:Adware/PurityScan Not disinfected C:\Program Files\scta\ceum.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Yazzle Sudoku\uninstaller.exe
Adware:Adware/PurityScan Not disinfected C:\Veracruz.exe
Virus:Trj/SCBop.E Not disinfected C:\WINDOWS\CheckS02.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\IA\KE.vbs
Spyware:Spyware/DCToolbar Not disinfected C:\WINDOWS\keyboard5.exe
Adware:Adware/ConsumerAlertSystem Not disinfected C:\WINDOWS\lvcshmdA.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\pf78bb.exe
Virus:Bck/Sanyn.N Not disinfected C:\WINDOWS\sys0396137000-17.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\2.exe
Adware:Adware/Adservice Not disinfected C:\WINDOWS\system32\AdService.dll
Virus:Trj/Haxdoor.HY Not disinfected C:\WINDOWS\system32\directprt.sys
Dialer:Dialer.FKM Not disinfected C:\WINDOWS\system32\dmm.exe
Adware:Adware/AdLogix Not disinfected C:\WINDOWS\system32\hhagyei.sys
Adware:Adware/AdLogix Not disinfected C:\WINDOWS\system32\hoiiyff.vxd
Adware:Adware/AdLogix Not disinfected C:\WINDOWS\system32\kgwwbc.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\ldD90A.tmp
Virus:Trj/Downloader.CIM Not disinfected C:\WINDOWS\system32\mmxp2passion.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\m?config.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\pre1.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\pre2.exe
Virus:Trj/Agent.BPC Not disinfected C:\WINDOWS\system32\swinosag.exe
Adware:Adware/Zeno Not disinfected C:\WINDOWS\system32\swinosap.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\S?mantec\S?mantec\!update-3655.0000
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\S?mantec\wuaclt.exe
Adware:Adware/AdLogix Not disinfected C:\WINDOWS\system32\unpack.exe
Adware:Adware/AdLogix Not disinfected C:\WINDOWS\system32\wizqec.exe
Adware:Adware/AdLogix Not disinfected C:\WINDOWS\system32\wizqed.exe
Virus:Trj/Haxdoor.HY Not disinfected C:\WINDOWS\system32\__delete_on_reboot__directpt.dll
Adware:Adware/Zenosearch Not disinfected C:\ZICORN001.exe


___________________________________________

again, thanks for all this help!
  • 0

#18
therock247uk
Posted 07 April 2006 - 03:06 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
sari is away.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\bk.exe
    C:\WINDOWS\SYSTEM32\guarnset.exe
    C:\WINDOWS\SYSTEM32\ldD90A.tmp
    C:\WINDOWS\SYSTEM32\mmxp2passion.exe
    C:\WINDOWS\SYSTEM32\rk.bin
    C:\secure32.html
    C:\WINDOWS\drsmartloadb1.dat
    C:\WINDOWS\uniq
    C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yazzle Sudoku
    C:\PROGRAM FILES\EQAdvice
    C:\PROGRAM FILES\WinAntiVirus Pro 2006
    C:\31567.exe
    C:\Documents and Settings\HP_Administrator\Desktop\backups\backup-20060330-065755-241.dll
    C:\Program Files\MediaPipe
    C:\Program Files\scta
    C:\Program Files\Yazzle Sudoku
    C:\Veracruz.exe
    C:\WINDOWS\CheckS02.exe
    C:\WINDOWS\IA\KE.vbs
    C:\WINDOWS\keyboard5.exe
    C:\WINDOWS\lvcshmdA.exe
    C:\WINDOWS\pf78bb.exe
    C:\WINDOWS\sys0396137000-17.exe
    C:\WINDOWS\system32\2.exe
    C:\WINDOWS\system32\AdService.dll
    C:\WINDOWS\system32\directprt.sys
    C:\WINDOWS\system32\dmm.exe
    C:\WINDOWS\system32\hhagyei.sys
    C:\WINDOWS\system32\hoiiyff.vxd
    C:\WINDOWS\system32\kgwwbc.exe
    C:\WINDOWS\system32\ldD90A.tmp
    C:\WINDOWS\system32\mmxp2passion.exe
    C:\WINDOWS\system32\pre1.exe
    C:\WINDOWS\system32\pre2.exe
    C:\WINDOWS\system32\swinosag.exe
    :\WINDOWS\system32\swinosap.exe
    C:\WINDOWS\system32\unpack.exe
    C:\WINDOWS\system32\wizqec.exe
    C:\WINDOWS\system32\wizqed.exe
    C:\ZICORN001.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Then run Panda again and post the log it makes like last time.
  • 0

#19
hulud
Posted 07 April 2006 - 03:45 PM

hulud

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 268 posts
hi therock,

i am running panda now, ran killbox without any errors at all.

thanks for your reply, i will post my panda log asap, took a few hours to run last time!
  • 0

#20
hulud
Posted 09 April 2006 - 04:13 PM

hulud

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 268 posts
had a power outage, im running the panda scan again now, will have the log asap
  • 0

#21
hulud
Posted 10 April 2006 - 07:37 AM

hulud

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 268 posts
hi, here is my updated activescan report. thanks!

___________________________________________________________


Incident Status Location

Adware:Adware/PurityScan Not disinfected C:\PROGRAM FILES\SCTA\CEUM.EXE
Spyware:spyware/marketscore Not disinfected C:\WINDOWS\SYSTEM32\rlvknlg.exe
Adware:adware/emediacodec Not disinfected C:\WINDOWS\SYSTEM32\1024\ld2C07.tmp
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\enewsletterpro1.dat
Adware:adware/yazzlesudoku Not disinfected C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yazzle Sudoku
Adware:adware/fchelp Not disinfected C:\PROGRAM FILES\EQAdvice
Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\PROGRAM FILES\WinAntiVirus Pro 2006
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\Windows
Adware:adware/mediatickets Not disinfected Windows Registry
Virus:Trj/Downloader.AYV Not disinfected C:\!KillBox\2.exe
Virus:Trj/VB.KN Not disinfected C:\!KillBox\31567.exe
Adware:Adware/Adservice Not disinfected C:\!KillBox\AdService.dll
Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\awtsp.dll
Adware:Adware/PurityScan Not disinfected C:\!KillBox\backup-20060330-065755-241.dll
Virus:Trj/SCBop.E Not disinfected C:\!KillBox\CheckS02.exe
Virus:Trj/Haxdoor.HY Not disinfected C:\!KillBox\directprt.sys
Dialer:Dialer.FKM Not disinfected C:\!KillBox\dmm.exe
Virus:Trj/sosmyn.A Not disinfected C:\!KillBox\errorhandler.exe
Virus:Trj/Downloader.AYV Not disinfected C:\!KillBox\expload.exe
Adware:Adware/AdLogix Not disinfected C:\!KillBox\hhagyei.sys
Adware:Adware/AdLogix Not disinfected C:\!KillBox\hoiiyff.vxd
Adware:Adware/CommAd Not disinfected C:\!KillBox\KE.vbs
Spyware:Spyware/DCToolbar Not disinfected C:\!KillBox\keyboard5.exe
Adware:Adware/AdLogix Not disinfected C:\!KillBox\kgwwbc.exe
Adware:Adware/SecurityError Not disinfected C:\!KillBox\ldD90A.tmp
Adware:Adware/ConsumerAlertSystem Not disinfected C:\!KillBox\lvcshmdA.exe
Virus:Trj/Downloader.CIM Not disinfected C:\!KillBox\mmxp2passion.exe
Adware:Adware/DigInk Not disinfected C:\!KillBox\pf78bb.exe
Virus:Trj/Downloader.AYV Not disinfected C:\!KillBox\pre1.exe
Virus:Trj/Downloader.AYV Not disinfected C:\!KillBox\pre2.exe
Virus:Trj/Downloader.AYV Not disinfected C:\!KillBox\real.exe
Virus:Trj/Agent.BPC Not disinfected C:\!KillBox\swinosag.exe
Virus:Bck/Sanyn.N Not disinfected C:\!KillBox\sys0396137000-17.exe
Adware:Adware/AdLogix Not disinfected C:\!KillBox\unpack.exe
Adware:Adware/PurityScan Not disinfected C:\!KillBox\Veracruz.exe
Adware:Adware/AdLogix Not disinfected C:\!KillBox\wizqec.exe
Adware:Adware/AdLogix Not disinfected C:\!KillBox\wizqed.exe
Spyware:Spyware/Dluca Not disinfected C:\!KillBox\wzdmg.exe
Adware:Adware/Zenosearch Not disinfected C:\!KillBox\ZICORN001.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\compwiz.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{0D284675-137A-4B6A-ABC0-364F522CE88C}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{1AC3099B-0C15-4DE8-9C92-6286CE55CE1A}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{23516497-DDBE-47F0-AE67-C021F49D452E}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{2628238C-6A4B-4467-AFA0-6BAAF155D37A}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{57416304-E05F-40F5-A252-72A4CAA79E24}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{7EB81A24-2F2E-4D24-AC43-C34F8C80E7E2}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{8343E55F-785A-4BC3-B684-FCAA85C9C092}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{A9C50331-63B2-4909-9460-CCB7D0ADB347}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{B03CC8F6-5D16-4BEB-850B-80E850F1960C}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{C3893CAD-2FC1-4566-84DD-50B5058CFD04}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{D242FE06-015B-4F0A-B4EA-02FAFCCE83B6}.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{D88DAE1B-819F-450F-8754-2157EC8BA229}.dll
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\insdl.dll
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\register.dll
Adware:Adware/PurityScan Not disinfected C:\Program Files\scta\ceum.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Yazzle Sudoku\uninstaller.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\m?config.exe
Adware:Adware/Zeno Not disinfected C:\WINDOWS\system32\swinosap.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\S?mantec\S?mantec\!update-3655.0000
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\S?mantec\wuaclt.exe
Virus:Trj/Haxdoor.HY Not disinfected C:\WINDOWS\system32\__delete_on_reboot__directpt.dll
  • 0

#22
therock247uk
Posted 11 April 2006 - 07:02 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\scta
    C:\WINDOWS\SYSTEM32\rlvknlg.exe
    C:\WINDOWS\SYSTEM32\1024\ld2C07.tmp
    C:\WINDOWS\enewsletterpro1.dat
    C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yazzle Sudoku
    C:\PROGRAM FILES\EQAdvice
    C:\PROGRAM FILES\WinAntiVirus Pro 2006
    C:\PROGRAM FILES\COMMON FILES\Windows
    C:\Program Files\Common Files\Companion Wizard
    C:\Program Files\MediaPipe
    C:\Program Files\Yazzle Sudoku
    C:\WINDOWS\system32\swinosap.exe
    C:\WINDOWS\system32\__delete_on_reboot__directpt.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Delete the folders. (if present)

C:\!KillBox

Then post a new Hijackthis log here in a reply.
  • 0

#23
hulud
Posted 11 April 2006 - 07:54 AM

hulud

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 268 posts
hi therock,

here is my HJT log. i did not get the pendingfilerenamesoperations prompt, and i did delete the c:\!KillBox folder, as it was present

thanks!

_____________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 6:53:30 AM, on 4/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#24
therock247uk
Posted 11 April 2006 - 11:35 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Your log is clean :whistling:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.
  • 0

#25
hulud
Posted 11 April 2006 - 11:39 AM

hulud

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 268 posts
thank you both for all of your help sari and therock, much appreciated!!!
  • 0

Advertisements

#26
therock247uk
Posted 12 April 2006 - 07:25 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP