Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Isearch removal help needed[RESOLVED]

Started by Chuck521 , Apr 19 2005 06:49 PM

  • This topic is locked This topic is locked

#16
Chuck521
Posted 23 April 2005 - 01:41 AM

Chuck521

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Don,

I found the way to the free PandaActiveScan. It was, of course, on the first page of "start here" if you are having a Malware problem. Here is the log:


Incident Status Location

Virus:Trj/Agent.PF Disinfected Operating system
Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/SaveNow No disinfected C:\WINDOWS\Downloaded Program Files\WUInst.inf
Adware:Adware/MyWay No disinfected Windows Registry
Adware:Adware/PortalScan No disinfected C:\Program Files\stc
Adware:Adware/Xupiter No disinfected C:\Program Files\Sqwire
Adware:Adware/FunWeb No disinfected C:\Program Files\FunWebProducts
Adware:Adware/AdDestroyer No disinfected Windows Registry
Adware:Adware/VirtualBouncer No disinfected C:\Documents and Settings\All Users\Application Data\VBouncer
Spyware:Spyware/TVMedia No disinfected C:\Program Files\TV Media
Adware:Adware/DelFinMedia No disinfected Windows Registry
Adware:Adware/ILookup No disinfected C:\Documents and Settings\Owner\Favorites\Gambling
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs
Adware:Adware/Twain-Tech No disinfected C:\DOCUME~1\Owner\LOCALS~1\Temp\THI*.tmp
Spyware:Spyware/Virtumonde No disinfected C:\DOCUME~1\Owner\LOCALS~1\Temp\bw2.com
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\B71122467\build2.exe
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\TvmUpdater.exe
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Owner\My Documents\Computing stuff\backups\backup-20050420-075911-788.dll
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Owner\My Documents\Computing stuff\backups\backup-20050420-205959-838.dll
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12396828.asw
Adware:Adware/FunWeb No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12396984.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397609.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397625.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397656.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397671.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397687.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397718.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397734.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397765.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397843.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397859.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397921.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397953.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397984.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398015.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398093.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398140.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398312.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398328.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398375.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398406.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398437.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398484.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398546.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398593.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398656.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398687.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398718.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398812.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398875.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398890.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398937.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398968.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399000.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399015.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399031.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399078.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399140.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399203.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399234.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399265.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399281.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399343.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399390.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399437.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399453.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399500.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399531.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399562.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399625.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399671.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399718.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399750.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399781.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399812.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399859.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399921.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399968.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399984.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400015.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400062.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400125.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400140.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400187.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400218.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400234.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400281.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400312.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400343.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400390.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400421.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400453.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400500.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400562.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400609.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400656.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400734.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400750.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400812.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400828.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400875.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400921.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400953.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400984.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401031.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401046.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401109.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401140.asw
Spyware:Spyware/TVMedia No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401390.asw
Spyware:Spyware/TVMedia No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401500.asw
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402000.asw
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402125.asw
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402187.asw
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402250.asw
Adware:Adware/FunWeb No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402484.asw
Adware:Adware/FunWeb No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402562.asw
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/Sqwire No disinfected C:\Program Files\Sqwire\tsl_rc0.dll
Adware:Adware/eZula No disinfected C:\RECYCLER\S-1-5-21-1437861064-1930793718-3540063549-1003\Dc62.dll
Adware:Adware/eZula No disinfected C:\RECYCLER\S-1-5-21-1437861064-1930793718-3540063549-1003\Dc74\My Keywords.lnk
Adware:Adware/eZula No disinfected C:\RECYCLER\S-1-5-21-1437861064-1930793718-3540063549-1003\Dc74\My Preferences.lnk
Adware:Adware/eZula No disinfected C:\RECYCLER\S-1-5-21-1437861064-1930793718-3540063549-1003\Dc74\TopText Button Show - Hide.lnk
Spyware:Spyware/ClearSearch No disinfected C:\RECYCLER\S-1-5-21-1437861064-1930793718-3540063549-1003\Dc78\CSSSINST.DLL.dat
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Bolger.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/Look2Me No disinfected C:\WINDOWS\iconu.exe
Adware:Adware/FIsearch No disinfected C:\WINDOWS\isrvs\msdbhk.dll
Spyware:Spyware/DirectRevenue No disinfected C:\WINDOWS\Nail.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system\UpdInst.exe
Virus:Trj/Agent.PF Disinfected C:\WINDOWS\system32\DrPMon.dll
Adware:Adware/FunWeb No disinfected C:\WINDOWS\system32\f3pssavr.scr
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc\nsv.ocx
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc\nsvs.dll
Adware:Adware/Sqwire No disinfected C:\WINDOWS\Temp\tsl_rc0_wrap.exe

Blessings and More Thanks - Chuck
  • 0

Advertisements

#17
don77
Posted 23 April 2005 - 10:25 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Chuck if you could post a link to the topic of bookie's please.

Need you to go to Add/Remove programs, search for and remove if found,

SaveNow
PortalScan
Xupiter
FunWebProducts
VBouncer
TVMedia
And any other program you don't reconize,

Next,

Go Here download and install Cleanup!
Open up the program and click on the cleanup button, Let it do it’s thing.
It will ask you to reboot do so,
When the computer restarts it will open again again and finish running allow it to do so please,


Next,
Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.
Make sure you have checked Ad-aware for updates, Then run a scan with it, Have it fix all it finds,
Restart your computer,

Next,

Rescan with Active scan again, Let us know what it finds and post back a fresh HJT log please
  • 0

#18
Chuck521
Posted 23 April 2005 - 01:35 PM

Chuck521

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Don,

I tried to drag the heart Icon into this message and it just took me over to his thread. If you type "bookie" into the Geekstogo search box, it will bring him right up (along with this thread of course. Apparently you don't have too many bookies preying on the public here :tazz:. I will now go and remove those programs. Blessings - C.

Edited by Chuck521, 23 April 2005 - 02:26 PM.

  • 0

#19
don77
Posted 23 April 2005 - 01:47 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Thank you
  • 0

#20
Chuck521
Posted 23 April 2005 - 02:29 PM

Chuck521

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Again Don,

None of the programs you specified were in the Add/Remove section. Remember, you're asking an old man with a memory that gets shorter every day to remove all the programs he doesn't recognize. That's truly scary. I don't want to remove anything, for instance, which wouldn't let me play my Pogo games, especially the Texas Hold-em Poker. Also, there may be a number of things that I should recognize but don't. I'll give you a list of what's in there, triple asterick the ones I'd worry about removing, and let you tell me if there are any others I shouldn't remove. How's that.

These are the programs I know nothing at all about:

Betty Bad

Blackhawk Striker

Blasterball 2

Blasterball Wild

Broadband Blaster Interface

Coloreal ***

Dark Orbit

Display Utility ***

easy Internet sign-up ***

Intervideo WinDVD Player ***

KBD

Learn2Player (uninstall only)

Lernout & Hauspie Truvoice American English TTS Engine

Market Browser

NVIDIA WINDOWS 2000/XP Display Drivers ***

Pig Pen

PS2

Pure Networks Port Magic

Python 2.2 combined Win32 extensions

Python 2.2.1

Record Now

Record No Update Manager

S3 Display
S3 Gamma2
S3 Info 2
S3 Overlay

Simple Installer ***

Snowboard Extreme

Space Rocks

Viewpoint Media Player***

Virtual Warfare

Web Offer

Wild Tangent Channel Manager

Since It would probably be pointless to do the scans you suggested until I remove most of the above, I'll await your okay to proceed with removing them. More Thanks & Blessings - C.

Edited by Chuck521, 23 April 2005 - 02:32 PM.

  • 0

#21
don77
Posted 23 April 2005 - 02:45 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Thats fine Chuck,
If you have already run Cleanup, Please run the Active scan

I found bookies post.
Thank you
  • 0

#22
Chuck521
Posted 23 April 2005 - 06:44 PM

Chuck521

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Don,

I removed all the files but the triple astericked ones, my PC was still operating normally :tazz: Then I went through the clean-up which removed some eight thousand and some files. my PC is still operating normally ;) I ran the Ad-Aware SE with latest updates - NO NEW CRITICAL OBJECTS FOUND!

Now I'm running the Panda Active Scan (that's the really long one). After the first 100,000 files checked there were 14 "infected." When you say, let us know what happened, do you want a copy of the whole scan as before or just the summary of infected files found? Is there anything I should do with that program after it informs me of the files infected? It doesn't seem to take care of very many of them.

After the Active Scan, I'll run another HJT and plunk it in this thread. More Thanks & Blessings - Chuck
  • 0

#23
don77
Posted 23 April 2005 - 06:58 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Chuck,
You can post back what it find,
It does disinfected some but not all,
I'll be looking for your fresh HJT log and results from the Active scan
  • 0

#24
Chuck521
Posted 23 April 2005 - 07:41 PM

Chuck521

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Don,

Okay, here is the ActiveScan results, and at the end of those, the HJT log.


Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/SaveNow No disinfected C:\WINDOWS\Downloaded Program Files\WUInst.inf
Adware:Adware/MyWay No disinfected Windows Registry
Adware:Adware/PortalScan No disinfected C:\Program Files\stc
Adware:Adware/Xupiter No disinfected C:\Program Files\Sqwire
Adware:Adware/FunWeb No disinfected C:\Program Files\FunWebProducts
Adware:Adware/AdDestroyer No disinfected Windows Registry
Adware:Adware/VirtualBouncer No disinfected C:\Documents and Settings\All Users\Application Data\VBouncer
Spyware:Spyware/TVMedia No disinfected C:\Program Files\TV Media
Adware:Adware/DelFinMedia No disinfected Windows Registry
Adware:Adware/ILookup No disinfected C:\Documents and Settings\Owner\Favorites\Gambling
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Owner\My Documents\Computing stuff\backups\backup-20050420-075911-788.dll
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Owner\My Documents\Computing stuff\backups\backup-20050420-205959-838.dll
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12396828.asw
Adware:Adware/FunWeb No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12396984.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397609.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397625.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397656.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397671.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397687.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397718.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397734.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397765.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397843.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397859.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397921.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397953.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12397984.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398015.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398093.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398140.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398312.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398328.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398375.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398406.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398437.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398484.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398546.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398593.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398656.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398687.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398718.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398812.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398875.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398890.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398937.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12398968.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399000.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399015.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399031.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399078.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399140.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399203.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399234.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399265.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399281.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399343.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399390.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399437.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399453.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399500.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399531.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399562.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399625.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399671.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399718.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399750.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399781.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399812.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399859.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399921.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399968.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12399984.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400015.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400062.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400125.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400140.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400187.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400218.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400234.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400281.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400312.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400343.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400390.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400421.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400453.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400500.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400562.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400609.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400656.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400734.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400750.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400812.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400828.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400875.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400921.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400953.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12400984.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401031.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401046.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401109.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401140.asw
Spyware:Spyware/TVMedia No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401390.asw
Spyware:Spyware/TVMedia No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12401500.asw
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402000.asw
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402125.asw
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402187.asw
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402250.asw
Adware:Adware/FunWeb No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402484.asw
Adware:Adware/FunWeb No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12402562.asw
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/Sqwire No disinfected C:\Program Files\Sqwire\tsl_rc0.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Bolger.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/Look2Me No disinfected C:\WINDOWS\iconu.exe
Adware:Adware/FIsearch No disinfected C:\WINDOWS\isrvs\msdbhk.dll
Spyware:Spyware/DirectRevenue No disinfected C:\WINDOWS\Nail.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system\UpdInst.exe
Adware:Adware/FunWeb No disinfected C:\WINDOWS\system32\f3pssavr.scr
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc\nsv.ocx
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc\nsvs.dll
HJT log starts Here:


Logfile of HijackThis v1.99.1
Scan saved at 6:36:43 PM, on 4/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\PROGRA~1\COMMON~1\AOL\110716~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110716~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\freecell.exe
C:\Documents and Settings\Owner\My Documents\Computing stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.c...0409&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107160081\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: MsnFixer.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Keno by pogo - http://keno.pogo.com...o-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game5.pogo.co...s-ob-assets.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol....ne/aolcinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

More Thanks & Blessings - Chuck
  • 0

#25
don77
Posted 23 April 2005 - 09:20 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK Chuck lets see if we can get this cleaned up now,

Download the following program, They have a free verison you can download.

Ewido Security Suite
http://www.ewido.net/en/

Be sure to get the updates first before scanning. Close out the program


Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD

C:\WINDOWS\svcproc.exe
C:\WINDOWS\Downloaded Program Files\WUInst.inf
C:\Program Files\stc <--Folder
C:\Program Files\Sqwire <--Folder
C:\Program Files\FunWebProducts <--Folder
C:\Documents and Settings\All Users\Application Data\VBouncer
C:\Program Files\TV Media <--Folder
C:\Documents and Settings\Owner\Favorites\Gambling
C:\WINDOWS\isrvs
C:\WINDOWS\Bolger.dll
C:\WINDOWS\delprot.ini
C:\WINDOWS\iconu.exe
C:\WINDOWS\Nail.exe
C:\WINDOWS\system\UpdInst.exe
C:\WINDOWS\system32\f3pssavr.scr
C:\WINDOWS\system32\nsvsvc <-- nsvsvc Folder Not the System32 folder

While still in safe mode open Ewido Security Suite and run a scan with it please


Restart your computer,

Post back a fresh log please
  • 0

Advertisements

#26
Chuck521
Posted 24 April 2005 - 12:49 AM

Chuck521

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Don, I took the bull by the horns and checked all the things you put in your last post for me to check on the HJT scan, even though on the first 4 there was something after the equal signs. Hope that was okay. The only three objects of those you wanted me to delete in the safe mode that were there were in the Documents and Settings files, i.e. VBouncer and Gambling. and that Isrvs file which I was delighted to get rid of. :tazz: .

I ran the Ewido Security Suite in safe mode and got 3 or 4 alerts to clean only.

Here is the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:47:34 AM, on 4/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\PROGRA~1\COMMON~1\AOL\110716~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110716~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Owner\My Documents\Computing stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.c...0409&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107160081\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: MsnFixer.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Keno by pogo - http://keno.pogo.com...o-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game5.pogo.co...s-ob-assets.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol....ne/aolcinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Blessings - Chuck

Edited by Chuck521, 24 April 2005 - 05:01 AM.

  • 0

#27
don77
Posted 24 April 2005 - 07:48 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Good deal Chuck, Looking much better,
Computer seem to be running better ?

Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the services called:

System Startup Service

or

SvcProc

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

SvcProc
Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

Post a new HiJackThis log after it reboots and let me know if you received any error messages.
  • 0

#28
Chuck521
Posted 24 April 2005 - 01:05 PM

Chuck521

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Don,

No error messages, and yes, my hp pavilion is operating beautifully again. You've done a [bleep] of a fine job. Here's the HJT log with Blessings - Chuck



Logfile of HijackThis v1.99.1
Scan saved at 11:52:08 AM, on 4/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital

Imaging\Unload\hpqcmon.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\America Online 9.0\waol.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\COMMON~1\AOL\110716~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110716~1\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 9.0\shellmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Computing

stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

= http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

= http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home

Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection

Wizard,ShellNext =

http://www.lexmark.c...tr=4406001

=00000409&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
O3 - Toolbar: hp toolkit -

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -

C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar -

{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL

Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan -

{BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program

Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program

Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS

Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program

Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program

Files\Zero Knowledge\Freedom\AutoStarterR.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program

Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection]

"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1107160081\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark

X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [VSOCheckTask]

"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online]

"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe]

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer

Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America

Online 9.0\AOL.EXE" -b
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp

center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp

center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: MsnFixer.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search -

res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar -

{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL

Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar -

{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL

Toolbar\toolbar.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: Keno by pogo -

http://keno.pogo.com...o-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo -

http://game5.pogo.co...s-ob-assets.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}

(QDiagAOLCCUpdateObj Class) -

http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com

Operating System Class) -

http://download.av.a...l/en-us/4,0,0,8

3/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai...usecall.trendmi

cro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}

(DwnldGroupMgr Class) -

http://download.av.a.../en-us/1,0,0,20

/mcgdmgr.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347}

(WebCoachDownload Class) -

http://esupport.aol....ne/aolcinst.cab
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America

Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) -

America Online, Inc - C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) -

Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware

Protection\aolserv.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -

C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International,

Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager

(mcupdmgr.exe) - Networks Associates Technology, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine

(MCVSRte) - Networks Associates Technology, Inc -

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) -

McAfee Corporation -

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService)

- America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Again, Many many thanks! :tazz:
  • 0

#29
don77
Posted 24 April 2005 - 01:13 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
My pleasure Chuck


Nice job your log is clean !

Please use the following suggestion to help prevent reinfection

Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep Ad-aware and Spybot handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program
Download and install Cleanup
Run "Cleanup" and when it has finished, Reboot

Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here Name it clean or something like that,
  • 0

#30
Chuck521
Posted 24 April 2005 - 02:14 PM

Chuck521

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Don,

A final big Thank You! :tazz: and an equally big Thank You to Geekstogo. It's a wonderful thing you and the others are doing here for us helpless lunks who let ourselves get invaded. I will do all that you've suggested, and say that paypal went smoothly this time. Blessings - Chuck
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP