Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Does my log seem clean?


  • Please log in to reply
4 replies to this topic

#1 TinyFingaz

TinyFingaz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 26 May 2005 - 07:57 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:54:31 AM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\Grxp4exe.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\STREAM~1\Remote\zremote.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
C:\Program Files\PowerCheck\PowerCheck.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\HiJackTHis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Response Class - {81A99149-F047-4090-8AAD-D11FF4EFB734} - C:\WINDOWS\system32\dae.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [StreamZap Remote] C:\PROGRA~1\STREAM~1\Remote\zremote.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AllerCalc] "C:\Program Files\AllerCalc\AllerCalc.exe" /i
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Hosts Manager.lnk = C:\Program Files\HOSTS File Manager\HOSTS_Back.exe
O4 - Startup: Shortcut to Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: PowerCheck.lnk = C:\Program Files\PowerCheck\PowerCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096063582300
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.cinemanow.com/dlControl_2_9.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

BC AdBot (Login to Remove)

 


#2 jboz24

jboz24

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 26 May 2005 - 10:45 AM

TinyFingaz -- I'm working on a response now. I'll post back in a little bit with some instructions...

#3 jboz24

jboz24

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 26 May 2005 - 11:25 AM

TinyFingaz -- Things aren't looking too bad. Please run the following scans and let me know if you run into problems with any of the steps.

I. Please Launch HijackThis and place a check mark next to the following items that still exist:

R3 - Default URLSearchHook is missing
O2 - BHO: Response Class - {81A99149-F047-4090-8AAD-D11FF4EFB734} - C:\WINDOWS\system32\dae.dll

Please close all open windows except for HijackThis and then click "Fix Checked".

II. Download CCleaner

CCleaner is a tool for cleaning temporary files stored on your computer which may help improve performance. Please be careful using CCleaner and use only the functions listed below. Please download CCleaner from http://www.ccleaner.com/download118p.asp

Once installed, run CCleaner and click on the "Windows" tab.
Please Check the following:

Under Internet Explorer:
Temporary Internet Files
History
Recently Typed URLs
Delete Index.dat files

Under System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data

Next: click the "Options" button (top right) and then click the "Settings" tab
Uncheck: "Only delete files older than 48 hrs." and click OK

Then click the "Run Cleaner" button (bottom right). You can exit when it is done.

III. Ad-Aware Scan:

1. Download and install Ad-Aware SE version 1.05 from http://www.download.com/3000-2144-10045910...page&tag=button
If during the install it asks to remove any older versions, allow it to do so.
2. Click on the "Earth" icon (top right) and retrieve the latest definition file.
3. Close all other programs except for Ad-Aware.
4. Select 'Use custom scanning options' and click on the 'Customize' link to the right.

  A.  Click on 'General' (on the top left) and make sure the following are checked and colored green:
      · Automatically save log-file
      · Automatically quarantine objects prior to removal
      · Safe Mode (always request confirmation)
  B.  Click on ‘Scanning’ (second from top on the left) and make sure the following are checked and colored green:
      · Scan Within Archives
      · Scan Active Processes
      · Scan Registry
      · Deep Scan Registry
      · Scan my IE favorites for banned URL’s
      · Scan my Hosts file
      · Click 'Select drives & folders to scan’ and select all of your hard drives.
  C.  Click on ‘Advanced’ (second from top on the left) and make sure the following are checked and colored green:
      · Include additional object information
      · Include environment information
      · DESELECT Include negligible objects information -- Checkbox should be red with an 'X'
  D.  Click the ‘Tweak’ button (on the bottom left):
      Expand ‘Scanning Engine’ and make sure the following are checked and colored green:
      · Unload recognized processes & modules during scan
      · Scan registry for all users instead of current user only
      Expand ‘Cleaning Engine’ and make sure the following are checked and colored green:     
      · Let Windows remove files in use at next reboot
      Expand ‘Log Files’ and make sure the following are checked and colored green:     
      · Include basic Ad-aware settings in log file
      · Include additional Ad-aware settings in log file
  E.  Click 'Proceed' in the bottom-right corner to save your settings.

6. Click ‘Next’ to begin the scan. When the scan is complete, Click ‘Next’ again. Select the 'Critical Objects' tab and select all entries. This is easily done by right-clicking in the results and selecting 'Select all objects'
7. Reboot your computer

IV. Spybot Search and Destroy:

1a. Download and install Spybot Search and Destroy version 1.3.0 from http://computercops.biz/downloads-file-108.html
1b. Download and install the Spybot Search and Destroy DSO Exploit hot fix from http://www.majorgeeks.com/download4392.html -- Please make sure Spybot is closed when you launch this. When you re-open, the version of Spybot will read 1.3.1TX
2. Click the button to ‘Search for Updates’ and then "Download Updates" should any be available.
3. Close ALL windows except Spybot S&D. Now, click on the 'Search and Destroy' icon and then click the button ‘Check for Problems’
6. When Spybot is complete, it will be showing ‘RED’ entries ‘BLACK’ entries and ‘GREEN’ entries in the window. Put a check mark beside the RED entries ONLY.
7. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
8. Reboot your computer

V. Please run the following online scan

Panda Software -- http://www.pandasoftware.com/activescan/co...n_principal.htm

Click on "Scan your PC"
A box will pop-up, click "Next"; Then, type in your email address and click "Send"
Select your Country and State/Region. Click "Start"
A message may appear asking you to agree to the installation of ActiveX components on your system, click "Yes".
Please make sure all five options are checked and then click "All my computer"
Another box will pop-up, click "Close". Your scan should then begin.
When it is finished, please click "See Report" then click "Save Report"
Please post the contents of the saved file.

VI. Please reboot your computer. Repost with a new HijackThis log and the Panda scan results

#4 TinyFingaz

TinyFingaz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 27 May 2005 - 08:29 AM

Ok here is my updated logs including panda log

Logfile of HijackThis v1.99.1
Scan saved at 9:27:07 AM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\Grxp4exe.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\PROGRA~1\STREAM~1\Remote\zremote.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackTHis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [StreamZap Remote] C:\PROGRA~1\STREAM~1\Remote\zremote.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AllerCalc] "C:\Program Files\AllerCalc\AllerCalc.exe" /i
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Hosts Manager.lnk = C:\Program Files\HOSTS File Manager\HOSTS_Back.exe
O4 - Startup: Shortcut to Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: PowerCheck.lnk = C:\Program Files\PowerCheck\PowerCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096063582300
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.cinemanow.com/dlControl_2_9.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

Panda 05/27/05
Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.???
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\inf\twaintec.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.ini
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\inf\twaintec.inf
Adware:Adware/nCase No disinfected Local Folders\Sent Items\Re: DVD\[start.exe]

#5 jboz24

jboz24

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 28 May 2005 - 03:55 PM

Okay, just a couple more steps. Your computer looks fairly clean. I'd like you to clean up the rest of the files from the Panda scan and then run two more scans just to be sure.


I. Please delete the following files listed in RED if they still exist

Please find and delete ONLY the files listed below. There may be other files with similar names in the folders listed below, please make sure you are deleting the correct file.

C:\WINDOWS\alchem.ini
C:\WINDOWS\inf\alchem.inf
C:\WINDOWS\inf\twaintec.inf

II. Please run the following online scan

Housecall -- http://housecall.antivirus.com/housecall/start_frame.asp

Select your location and then hit "Go"
A box may appear requesting installation of an ActiveX object, allow it to do so.
After downloading any virus updates, you should place a check next to of your hard drives and in the "Auto Clean" box.
Then select "Scan".
When the scan is complete, a results box will be displayed with the option to delete the files.
Please click the delete button for all files listed in the box.

BitDefender -- http://www.bitdefender.com/scan/licence.php

Click "Start BitDefender Online Scanner..." and then "I Agree"
While the scanner loads, it may request the installation of some ActiveX objects. Allow it to do so.
Click "Click here to scan"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users