Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sysprotector And Other Pop Ups


  • This topic is locked This topic is locked
4 replies to this topic

#1 holmtalk

holmtalk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 15 May 2006 - 09:27 PM

I have been plagued by Sysprotector popups, winfixer popups - offers for adult companionship... In looking at previous logs, I have already done the following:
Installed and ran Vundofix.exe
Installed and ran ATF cleaner
Ran Panda Activescan
removed my old version of Java and installed an updated version.

This is the Vundofix log

VundoFix V4.2.74

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Scan started at 7:52:07 PM 5/15/2006

Listing files found while scanning....

C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini2

C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\mljjg.dll
Attempting to delete C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V4.2.74

Checking Java version...

Scan started at 8:27:26 PM 5/15/2006

Listing files found while scanning....


No infected files were found.

This is the Activescan.txt:

Incident Status Location

Adware:adware/block-checker Not disinfected Windows Registry
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.stats1.reliablestats.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.stats1.reliablestats.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.stats1.reliablestats.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.stats1.reliablestats.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[statse.webtrendslive.com/S002-00-7-28-167600-20431]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.www48.seeq.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.www.web-stat.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.target.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.stats1.clicktracks.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.stats1.clicktracks.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Anita\Cookies\anita@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Anita\Cookies\anita@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Anita\Cookies\anita@ads.pointroll[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Anita\Cookies\anita@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Anita\Cookies\anita@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Anita\Cookies\anita@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Anita\Cookies\anita@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Anita\Cookies\anita@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Anita\Cookies\anita@bfast[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Anita\Cookies\anita@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Anita\Cookies\anita@casalemedia[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Anita\Cookies\anita@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Anita\Cookies\anita@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Anita\Cookies\anita@fastclick[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Anita\Cookies\anita@linksynergy[2].txt
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Anita\Cookies\anita@peel[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Anita\Cookies\anita@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Anita\Cookies\anita@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Anita\Cookies\anita@realmedia[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Anita\Cookies\anita@server.iad.liveperson[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Anita\Cookies\anita@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Anita\Cookies\anita@stats1.reliablestats[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Anita\Cookies\anita@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Anita\Cookies\anita@tribalfusion[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Anita\Cookies\anita@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Anita\Cookies\anita@www.burstbeacon[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Anita\Cookies\anita@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Anita\Cookies\anita@zedo[1].txt

(I cleaned out all the cookies)

This is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:29:58 PM, on 5/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Anita\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = direcwaysupport.com;192.168.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.188.120.107/activex/AxisCamControl.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - https://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {FE37B651-B02A-4001-B56B-B4AC65395365} (XFCon Class) - http://www.fxfoto.com/download/fxviewer.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Can you tell me if I am now clean or if there is anything else I need to do?
Thanks in advance!
holmtalk
:thumbsup:

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:01 AM

Posted 18 May 2006 - 06:39 PM

Hello,

Welcome to Bleeping Computer :thumbsup: You did a pretty good job there! :flowers:

Your Java shows NOT to be updated. \Java\j2re1.4.2 is VERY old.

Updating Java:
  • Go to Start > Control Panel double-click > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have the coffee cup icon next to it
    Select it and click Remove.
  • Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp
After you complete that task, use 'Control Panel > Add/Remove Programs' to remove ALL earlier versions of Sun java.

Be sure to remove the older versions, as you remain vulnerable as long as these remain on your system.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


Close all browser and other windows except for HijackThis!, and click "Fix Checked".

Please download, install, and update the free version of Ewido Anti-Malware:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run Ewido for the first time, you might get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main Ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes, the status bar at the bottom will display "Update successful"
  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
  • Close Ewido
In your reply please post the log from Ewido and a new HijackThis log. Let me know how your computer is running.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 holmtalk

holmtalk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 18 May 2006 - 08:04 PM

Thanks for the reply Tea! :thumbsup:

My computer is running much better

Here is the Ewido report:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:53:49 PM, 5/18/2006
+ Report-Checksum: B3396E69

+ Scan result:

:mozilla.11:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\171qyiue.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\anita@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\anita@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\anita@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Katie\Cookies\katie@www.res99[1].txt -> TrackingCookie.Res99 : Cleaned with backup


::Report End

Here is the new Hijackthis scan report:
Logfile of HijackThis v1.99.1
Scan saved at 7:58:05 PM, on 5/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJF\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = direcwaysupport.com;192.168.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.188.120.107/activex/AxisCamControl.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - https://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {FE37B651-B02A-4001-B56B-B4AC65395365} (XFCon Class) - http://www.fxfoto.com/download/fxviewer.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Am I clean now?
Thanks again for your help :flowers: This site is very helpful!
Anita

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:01 AM

Posted 19 May 2006 - 12:46 PM

Hi Anita,

I'm glad to see you got Java updated! :thumbsup: Everything looks good and your log looks clean.

You should definitely maintain a firewall. Some good free firewalls are ZoneAlarm, or Outpost
A tutorial on understanding and using firewalls may be found here.

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:01 AM

Posted 29 May 2006 - 03:38 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users