Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
14 replies to this topic

#1 ybss

ybss

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 09 April 2006 - 06:43 AM

i recently noticed sysprotect pop ups whenever i start up internet explorer (not so when i use navigator), and my explorer.exe is running about 50% or more of my cpu. i have run ad-aware, spybot, house call, and stinger to no avail. i've run hijack this and the log is below. thank you so much for your help!

Logfile of HijackThis v1.99.1
Scan saved at 7:41:40 AM, on 4/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\Lauren Moir\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\awtst.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: awtst - C:\WINDOWS\system32\awtst.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:06 AM

Posted 09 April 2006 - 07:46 AM

Hello and welcome.. :thumbsup:

Lets get started.

Please print these instructions out, or save them to a notepad file, as you can't read them during the fix.

Please do the following first:
  • Click on the Start button.
  • Click on the Run option.
  • In the Open: field paste the following: cmd /k sc delete $sys$aries and hit OK.
  • Please reboot.
  • Delete the following file after reboot: C:\WINDOWS\system32\$sys$filesystem\aries.sys
==

Next:

Please download the trial version of Ewido Anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

Please run a scan with Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily. (Maybe Desktop)
  • Close Ewido Anti-Malware.
==

Now, reboot back into Normal mode, open the Report.txt file and copy & paste it's content to this thread along with a fresh HijackThis log. :flowers:
Hi there, stranger!

#3 ybss

ybss
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 09 April 2006 - 08:16 AM

when i go to run the command line, i get a message that says:

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

and then puts me at a dos prompt.

also, the C:\WINDOWS\system32\$sys$filesystem\aries.sys is not in that file. the .sys files in that folder are crater.sys, oct.sys, and lin.sys

should i continue with the rest of the instructions still?

thank you!

Edited by ybss, 09 April 2006 - 08:25 AM.


#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:06 AM

Posted 09 April 2006 - 08:29 AM

Do this first.. http://updates.xcp-aurora.com/
Hi there, stranger!

#5 ybss

ybss
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 09 April 2006 - 08:45 PM

i am still getting the same message, even with the update. should i still continue with the other steps?

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:06 AM

Posted 10 April 2006 - 07:25 AM

Yes, please run Ewido. :thumbsup:
Hi there, stranger!

#7 ybss

ybss
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 11 April 2006 - 05:36 AM

ok..sorry for the late reply..

here is the report.txt from ewido:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:23:47 AM, 4/11/2006
+ Report-Checksum: D0FFA938

+ Scan result:

:mozilla.20:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@ads.euniverseads[2].txt -> TrackingCookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@anheuserbusch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@cbs.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@e-2dj6wjloeiczcgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@hbo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@volkswagen.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Lauren Moir\Cookies\lauren moir@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup


::Report End



and here is the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:32 AM, on 4/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lauren Moir\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\awtst.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: awtst - C:\WINDOWS\system32\awtst.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



thank you!

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:06 AM

Posted 11 April 2006 - 08:35 AM

Hi again.. :thumbsup:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Check the Run VundoFix as a task box.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a fresh HiJackThis log.

Hi there, stranger!

#9 ybss

ybss
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 11 April 2006 - 09:24 PM

okdokey, here is the vundofix.txt:


VundoFix V4.2.57

Checking Java version...

Java version is 1.4.2.3

Scan started at 10:15:49 PM 4/11/2006

Listing files found while scanning....

C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tstwa.tmp

C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.tmp
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.tmp
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\awtst.dll
Attempting to delete C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tstwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tstwa.tmp
C:\WINDOWS\system32\tstwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!



and here is the new hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:21:43 PM, on 4/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Lauren Moir\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



thanks!

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:06 AM

Posted 12 April 2006 - 07:42 AM

Ok then, lets continue. Go ahead and delete VundoFix aswell as Ewido. :thumbsup:

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
==

Then:

Please download and save Blacklight to your desktop:
  • Double-click blbeta.exe.
  • Accept the agreement.
  • Click Scan.
  • Click Next.
You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there.
Hi there, stranger!

#11 ybss

ybss
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 12 April 2006 - 04:37 PM

here's the log:

04/12/06 17:32:32 [Info]: BlackLight Engine 1.0.35 initialized
04/12/06 17:32:32 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/12/06 17:32:32 [Note]: 7019 4
04/12/06 17:32:32 [Note]: 7005 0
04/12/06 17:33:08 [Note]: 7006 0
04/12/06 17:33:08 [Note]: 7011 1548
04/12/06 17:33:08 [Note]: 7026 0
04/12/06 17:33:08 [Note]: 7026 0
04/12/06 17:33:08 [Note]: FSRAW library version 1.7.1015

it said it didn't find anything hidden though..

and you didn't ask for it this time, but here's the latest hijackthis log just for kicks and giggles :thumbsup: :
Logfile of HijackThis v1.99.1
Scan saved at 5:35:52 PM, on 4/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Lauren Moir\Desktop\blbeta.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lauren Moir\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lauren Moir\Application Data\Mozilla\Profiles\default\4bk7e82m.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


thanks!!

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:06 AM

Posted 13 April 2006 - 07:32 AM

Run a scan with HijackThis and check the following objects for removal:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Please reboot.

==

How's the system running at the moment? :thumbsup:
Hi there, stranger!

#13 ybss

ybss
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 13 April 2006 - 08:53 AM

excellent! i'm not seeing the popups when i run ie and explorer.exe isn't hogging my cpu anymore. thank you so much for all of your help!

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:06 AM

Posted 13 April 2006 - 09:11 AM

You're quite welcome :thumbsup:

==

Please read here how to clear old restore points and create a new one.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)
Hi there, stranger!

#15 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:06 AM

Posted 16 April 2006 - 04:57 AM

Since this issue appears to be resolved, this Topic has been closed. Should you need this Topic reopened, please PM a Staff member with the address of this thread. :thumbsup:
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users