Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me Remove Dialer.dialplatform


  • Please log in to reply
35 replies to this topic

#1 Recluse89

Recluse89

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:03:59 AM

Posted 12 June 2006 - 03:06 AM

I've been having trouble with Dialer.Dialplatform. I get Norton telling me to scan it every 20 or 30 minutes. I scan it and delete it each time but it keeps coming back. Please help!

Here is my HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 4:01:53 AM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Program Installers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: svchosts.cMapp_2F47968E9FBE - {D3150260-5753-454D-9923-26CF37C6FECC} - C:\WINDOWS\system32\{D3150260-5753-454D-9923-26CF37C6FECC}.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LanzarT2006] "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\{ECF2C21D-5D5E-43EC-93FB-86DA26590B22}\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\..\..\T2006tmp\Install.exe" /SETUP:"/l0x0009"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0ECA3EA4-4770-0FEA-B6F0-5487412755F1} - http://85.255.113.214/1/gdnUS2338.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - AppInit_DLLs: taskmgr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:59 AM

Posted 17 June 2006 - 11:14 AM

Hi there and welcome to Bleeping Computer !
As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!
We look at the oldest logs first, and we were wondering that if you still need help, please start by posting a new HijackThis log in this topic and i will then be able to take a look!
Thanks very much :thumbsup:
David

#3 Recluse89

Recluse89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:03:59 AM

Posted 17 June 2006 - 12:06 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:05:46 PM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\TEMP\win1A34.tmp.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Program Installers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\T2006tmp\"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0ECA3EA4-4770-0FEA-B6F0-5487412755F1} - http://85.255.113.214/1/gdnUS2338.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - AppInit_DLLs: taskmgr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



I've also been having these two windows pop up called UL Window Seek and UL Window Url. Are those associated with the Dialer problem too or is that something different?

Edited by Recluse89, 17 June 2006 - 12:14 PM.


#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:59 AM

Posted 17 June 2006 - 12:21 PM

Hi Recluse89

Have you used Msconfig to disable start-up programs? This entry has led me to believe that:
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Before we begin could you please please go to
Start / Run and type MSConfig in the 'Run' box.
When the System Configuration Utility opens,
click on the 'Startup Tab'
and make sure there is a checkmark beside each entry.
DO NOT REBOOT when asked to by Windows to complete the change.

Then post a new HJT log
David

#5 Recluse89

Recluse89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:03:59 AM

Posted 17 June 2006 - 02:24 PM

Yes I have used Msconfig to disable some programs. Here's the new log:



Logfile of HijackThis v1.99.1
Scan saved at 3:24:33 PM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\TEMP\win1A34.tmp.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Program Installers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [{91-19-9D-D8-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [ms066744-40205] C:\WINDOWS\ms066744-40205.exe
O4 - HKLM\..\Run: [ms0556744-4020] C:\WINDOWS\ms0556744-4020.exe
O4 - HKLM\..\Run: [ms04056744-402] C:\WINDOWS\ms04056744-402.exe
O4 - HKLM\..\Run: [mousepad] c:\\mousepad1.exe
O4 - HKLM\..\Run: [kVdtBOn] "C:\WINDOWS\system32\spytiqwuy.exe"
O4 - HKLM\..\Run: [kmgzdunA] C:\WINDOWS\kmgzdunA.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard1.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138323902\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [gimmysmileys] c:\\gimmysmileys1.exe
O4 - HKLM\..\Run: [fb6eb52a.exe] C:\WINDOWS\system32\fb6eb52a.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [egtabhdA] C:\WINDOWS\egtabhdA.exe
O4 - HKLM\..\Run: [E1E2E3E7E7E7E3E] 2122232727272.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [5c0664ec.exe] C:\WINDOWS\system32\5c0664ec.exe
O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\T2006tmp\"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\COMPAQ~1\MYDOCU~1\CROSOF~1.NET\javaw.exe" -vt tzt
O4 - HKCU\..\Run: [Pmap] C:\DOCUME~1\COMPAQ~1\MYDOCU~1\SMANTE~1\RGSVR3~1.EXE
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fkkr] C:\PROGRA~1\COMMON~1\fkkr\fkkrm.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Z_Start.lnk = C:\ZICORN001.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0ECA3EA4-4770-0FEA-B6F0-5487412755F1} - http://85.255.113.214/1/gdnUS2338.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - AppInit_DLLs: taskmgr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:59 AM

Posted 17 June 2006 - 04:41 PM

Hey there Recluse89 :thumbsup:

That's quite a lot of malware you have installed there, probably the most I've seen in a log for a whole year of doing malware removal, so congrats on that! Basically to make life easier for both of us, I recommend that we do a few scans before trying to delete files manually and fix entries with Hijackthis as that would take ages. You do have masses of spyware/trojans, you name it so my advice would be to keep the computer off the Internet as much as humanly possible as your computer is most likely downloading more and more malware using the Internet without you knowing. There are a few infections that will no doubt be stubborn, so this will take a few stages. Don't worry though I'll be behind you all the way!

I want to start by getting a list of the programs you have listed in your add/remove in the control panel, no doubt there are many entries/programs that we can delete. I want to do that before running any scans as often the scanners can delete the uninstallers for the programs, making them very hard to uninstall. This utility "List Installed Programs" will provide a list of installed programs. It is found half way down the page. Click on the little arrow and then the download icon that is on the new window that opens up. You can download the script and run it from your hard disk or run it without downloading.
When asked to enter the PC details - leave it blank and click OK. Ask to view the results and copy the Notepad list. Paste it in a reply to this thread.

David

#7 Recluse89

Recluse89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:03:59 AM

Posted 17 June 2006 - 10:00 PM

INSTALLED SOFTWARE (199) - THE-JUKEBOX - 6/17/2006 11:26:16 PM

Ad-aware 6 Professional Ver: 6.0.1.158
Adobe Bridge 1.0 Ver: 001.000.000 Installed: 6/9/2006
Adobe Common File Installer Ver: 1.00.0000 Installed: 6/9/2006
Adobe Help Center 1.0 Ver: 001.000.000 Installed: 6/9/2006
Adobe Photoshop CS2 Ver: 9.0
Adobe Photoshop CS2 Ver: 9.0 Installed: 6/9/2006
Adobe Reader 7.0 Ver: 7.0.0 Installed: 11/11/2005
Adobe Stock Photos 1.0 Ver: 001.000.000 Installed: 6/9/2006
Agere Systems PCI-SV92PP Soft Modem
ATI Control Panel Ver: 6.14.10.5166
ATI Display Driver Ver: 8.17-050813a1-025991C-HP
AutoUpdate Ver: 1.1
BitTorrent 4.4.1
BufferChm Ver: 53.0.13.000 Installed: 11/11/2005
CC_ccProxyExt Ver: 103.5.0.90 Installed: 11/11/2005
ccCommon Ver: 103.5.0.90 Installed: 11/11/2005
ccPxyCore Ver: 103.5.0.90 Installed: 11/11/2005
Compaq Multimedia Keyboard Software
CP_AtenaShokunin1Config Ver: 53.0.13.000 Installed: 11/11/2005
CP_CalendarTemplates1 Ver: 53.0.13.000 Installed: 11/11/2005
cp_LightScribeConfig Ver: 53.0.24.000 Installed: 11/11/2005
cp_LightScribePlugin Ver: 53.0.24.000 Installed: 11/11/2005
CP_Package_Basic1 Ver: 53.0.13.000 Installed: 11/11/2005
CP_Package_Variety1 Ver: 53.0.13.000 Installed: 11/11/2005
CP_Package_Variety2 Ver: 53.0.13.000 Installed: 11/11/2005
CP_Package_Variety3 Ver: 53.0.13.000 Installed: 11/11/2005
CP_Panorama1Config Ver: 53.0.13.000 Installed: 11/11/2005
CueTour Ver: 53.0.13.000 Installed: 11/11/2005
Destinations Ver: 53.0.13.000 Installed: 11/11/2005
DeviceFunctionQFolder Ver: 1.00.0000 Installed: 1/26/2006
DivX Ver: 6.0
DivX Converter Ver: 6.0.3
DivX Player Ver: 6.0
Doom Shareware for Windows 95
DVD Shrink 3.2
eSupportQFolder Ver: 1.00.0000 Installed: 1/26/2006
FL Studio 6
FullDPAppQFolder Ver: 1.00.0000 Installed: 11/11/2005
Google Earth Ver: 3.0.0762 Installed: 4/3/2006
High Definition Audio Driver Package - KB888111 Ver: 20040219.000000
HijackThis 1.99.1 Ver: 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795) Ver: 3
Hotfix for Windows XP (KB891593) Ver: 2
Hotfix for Windows XP (KB895961) Ver: 1
Hotfix for Windows XP (KB899337) Ver: 5
Hotfix for Windows XP (KB899510) Ver: 1
Hotfix for Windows XP (KB902841) Ver: 1
HP Boot Optimizer Ver: 2.0.5.1
HP Deskjet 5400 series Ver: 5.0
HP DigitalMedia Archive Ver: 1.2 Installed: 11/11/2005
HP Image Zone 5.3 Ver: 5.3
HP Imaging Device Functions 5.3 Ver: 5.3
HP Software Update Ver: 3.0.5.001 Installed: 1/26/2006
HP Software Update Ver: 3.0.6.002 Installed: 11/11/2005
HP Solution Center & Imaging Support Tools 5.0 Ver: 5.0
HP Support Overview Ver: 1.0.0
HPDeskjet5400Series Ver: 1.00.0000 Installed: 1/26/2006
HPProductAssistant Ver: 53.0.13.000 Installed: 1/26/2006
HpSdpAppCoreApp Ver: 3.00.0000 Installed: 11/11/2005
ImageMixer VCD/DVD2 for OLYMPUS Ver: 2.01.081
InstantShareDevices Ver: 53.0.13.000 Installed: 11/11/2005
InterVideo WinDVD Player
InterVideo WinDVD Player Ver: 5.0-B11.896
iPod for Windows 2005-10-12 Ver: 4.3.0 Installed: 1/31/2006
iPod for Windows 2005-10-12 Ver: 4.3.0 Installed: 1/31/2006
iPod for Windows 2006-01-10 Ver: 4.7.0 Installed: 2/15/2006
iPod for Windows 2006-01-10 Ver: 4.7.0 Installed: 2/15/2006
iScrobbler
IsoBuster 1.9 Ver: 1.9
iTunes Ver: 6.0.4.2 Installed: 3/1/2006
iTunes Ver: 6.0.4.2 Installed: 3/1/2006
J2SE Runtime Environment 5.0 Update 5 Ver: 1.5.0.50 Installed: 11/11/2005
jscrob2 iTunes Plug-in
LightScribe 1.4.52.1 Ver: 1.4.52.1 Installed: 11/11/2005
LiveReg (Symantec Corporation) Ver: 3.1.0
LiveUpdate 2.6 (Symantec Corporation) Ver: 2.6.14.0
Macromedia Flash Player 8 Ver: 8
Macromedia Shockwave Player Ver: 10.1.0.11
Microsoft .NET Framework 1.0 Hotfix (KB887998) Installed: 3/12/2006
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 3/12/2006
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Away Mode Ver: 6.0.0160.0
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) Installed: 6/3/2006
Mozilla Firefox (1.5.0.4) Ver: 1.5.0.4 (en-US)
MSRedist Ver: 1.0.0.0 Installed: 11/11/2005
Norton AntiSpam Ver: 2006.1.0.28 Installed: 11/11/2005
Norton AntiVirus 2005 Ver: 11.5.3 Installed: 11/11/2005
Norton Internet Security Ver: 1.0.0 Installed: 11/11/2005
Norton Internet Security Ver: 8.3.0.5 Installed: 11/11/2005
Norton Internet Security Ver: 8.3.0.5 Installed: 11/11/2005
Norton Internet Security Ver: 8.3.0.5 Installed: 11/11/2005
Norton Internet Security Ver: 8.3.0.5 Installed: 11/11/2005
Norton Internet Security Ver: 8.3.0.5 Installed: 11/11/2005
Norton Internet Security Ver: 8.3.0.5 Installed: 11/11/2005
Norton Internet Security Ver: 8.3.0.5 Installed: 11/11/2005
Norton Internet Security Ver: 8.3.0.5 Installed: 11/11/2005
Norton Internet Security Ver: 8.3.0.5 Installed: 11/11/2005
Norton Internet Security 2005 (Symantec Corporation) Ver: 8.3.0.5
Norton Security Center Ver: 2005.1.2.20 Installed: 11/11/2005
Norton WMI Update Ver: 2005.1.2.20 Installed: 11/11/2005
Norton WMI Update Ver: 2005.1.2.20 Installed: 11/11/2005
OLYMPUS Master Ver: 1.41.3000 Installed: 6/13/2006
OLYMPUS Master Ver: 1.41.3000 Installed: 6/13/2006
PhotoGallery Ver: 53.0.13.000 Installed: 11/11/2005
Power Tab Editor 1.7 Ver: 1.7.0 Installed: 2/2/2006
QuickTime Ver: 7.0.4 Installed: 1/27/2006
QuickTime Ver: 7.0.4 Installed: 1/27/2006
RandMap Ver: 53.0.13.000 Installed: 11/11/2005
Roguescanfix 1.4
Roxio Easy DVD Copy 2 Ver: 2.1.020 Installed: 5/17/2006
Scientific Atlanta WebSTAR 2000 series Cable Modem
Security Update for Step By Step Interactive Training (KB898458) Ver: 20050502.101010 Installed: 3/12/2006
Security Update for Windows Media Player 10 (KB911565) Installed: 3/13/2006
Security Update for Windows XP (KB890046) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB893756) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB896358) Ver: 1 Installed: 11/11/2005
Security Update for Windows XP (KB896422) Ver: 1 Installed: 11/11/2005
Security Update for Windows XP (KB896423) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB896424) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB896428) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB896688) Ver: 1 Installed: 11/11/2005
Security Update for Windows XP (KB899587) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB899589) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB899591) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB900725) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB901017) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB901190) Ver: 1 Installed: 3/17/2006
Security Update for Windows XP (KB901214) Ver: 1 Installed: 11/11/2005
Security Update for Windows XP (KB902400) Ver: 1 Installed: 11/11/2005
Security Update for Windows XP (KB904706) Ver: 2 Installed: 3/13/2006
Security Update for Windows XP (KB905414) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB905749) Ver: 1 Installed: 3/12/2006
Security Update for Windows XP (KB905915) Ver: 1 Installed: 3/13/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 3/13/2006
Security Update for Windows XP (KB908531) Ver: 1 Installed: 4/11/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 4/11/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 4/11/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 3/13/2006
Security Update for Windows XP (KB912812) Ver: 1 Installed: 4/11/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 3/13/2006
Security Update for Windows XP (KB913446) Ver: 1 Installed: 3/13/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 5/10/2006
Shockwave Director 10.1
SkinsHP1 Ver: 53.0.13.000 Installed: 11/11/2005
SmartFTP Client 2.0 Ver: 2.0.996 Installed: 6/8/2006
SmartFTP Client 2.0 Setup Files (remove only) Ver: "2.0"
SolutionCenter Ver: 50.0.152.000 Installed: 1/26/2006
Sonic Express Labeler Ver: 2.1.0 Installed: 11/11/2005
Sonic MyDVD Plus Ver: 6.2.0 Installed: 11/11/2005
Sonic RecordNow Audio Ver: 2.0.4 Installed: 11/11/2005
Sonic RecordNow Copy Ver: 2.0.4 Installed: 11/11/2005
Sonic RecordNow Data Ver: 2.0.4 Installed: 11/11/2005
Sonic Update Manager Ver: 3.0.0 Installed: 11/11/2005
Sonic_PrimoSDK Ver: 53.0.13.000 Installed: 11/11/2005
Sony Sound Forge 8.0d Ver: 8.0.128 Installed: 6/7/2006
SoulSeek Client 156c
SPBBC Ver: 1.05.0000 Installed: 11/11/2005
Spybot - Search & Destroy 1.4 Ver: 1.4
Status Ver: 53.0.13.000 Installed: 1/26/2006
StepMania (remove only)
Symantec Network Drivers Update Ver: 5.5.1.6 Installed: 6/11/2006
SymNet Ver: 5.5.0.60 Installed: 11/11/2005
TrayApp Ver: 53.0.13.000 Installed: 1/26/2006
Trillian
Unload Ver: 5.0.0 Installed: 11/11/2005
Update for Windows Media Player 10 (KB910393) Installed: 3/13/2006
Update for Windows Media Player 10 (KB913800) Installed: 4/26/2006
Update for Windows XP (KB898461) Ver: 1 Installed: 3/10/2006
Update for Windows XP (KB900485) Ver: 2 Installed: 4/26/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 3/13/2006
Update Rollup 2 for Windows XP Media Center Edition 2005
Verizon Online
WavePad Uninstall
WebFldrs XP Ver: 9.50.7523 Installed: 1/27/2005
WebReg Ver: 53.0.13.000 Installed: 1/26/2006
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Format 11 runtime
Windows Media Format 11 runtime Installed: 6/3/2006
Windows Media Player 11
Windows Media Player 11 Installed: 6/3/2006
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB883667 Ver: 20040812.104354
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 3/12/2006
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB892050 Ver: 3 Installed: 11/11/2005
Windows XP Hotfix - KB893066 Ver: 1 Installed: 11/11/2005
Windows XP Media Center Edition 2005 KB908250 Installed: 11/11/2005
WinRAR archiver

Edited by Recluse89, 17 June 2006 - 10:27 PM.


#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:59 AM

Posted 18 June 2006 - 02:55 AM

Hey there Recluse :thumbsup:

This will be the longest step of the fix, but these three scanners will reduce the numbers of infected files on your computer dramtically, ATFcleaner and DrWeb and shorter scans, whilst ewido takes slightly longer. It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! :flowers:

* Please download Dr Web-Cureit!
--> Save the folder to your desktop.
--> Don't run it yet.

* Please download ATF Cleaner by Atribune.
Don't run it yet.

* Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Reboot into SAFE MODE
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.
If it does not work on the first try, reboot and try again, as you have to be quick when you press it.

* Double-click ATF Cleaner to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

* Run Dr Web-Cureit!
--> Double-click the "drweb-cureit.exe" and click "ok" in the prompt window that will open, asking "start the express scan now".
--> It will first make a quick scan of your system, let it clean what it finds, and when it says "done" in the lower left corner click on all your drive's.
--> A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green.
--> Click on the green man in the right corner, it will scan ALL your drive's, hit yes to all.
--> Click 'Yes to all' if it asks if you want to cure/move the file.
--> When the scan has finished, in the menu, click file and choose save report list
--> Save the report to your desktop. The report will be called DrWeb.csv
--> Close Dr.Web Cureit.

* Open Ewido anti-malware
Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

* Please reboot back to normal mode and post a new Hijackthis log and the ewido log, along with the DRweb cureit log.
David

Edited by D-Trojanator, 18 June 2006 - 02:56 AM.


#9 Recluse89

Recluse89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:03:59 AM

Posted 18 June 2006 - 08:25 PM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:13:45 PM, 6/18/2006
+ Report-Checksum: 97C19F8

+ Scan result:

HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\AlxTB.BHO\CLSID -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\AlxTB.BHO\CurVer -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\AlxTB.BHO.1 -> Adware.Alexa : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
[236] C:\WINDOWS\system32\winghd32.dll -> Trojan.Agent.vg : Cleaned with backup
[284] C:\WINDOWS\system32\taskmgr.dll -> Adware.PurityScan : Cleaned with backup
[296] C:\WINDOWS\system32\taskmgr.dll -> Adware.PurityScan : Error during cleaning
[456] C:\WINDOWS\system32\taskmgr.dll -> Adware.PurityScan : Error during cleaning
[524] C:\WINDOWS\system32\taskmgr.dll -> Adware.PurityScan : Error during cleaning
[572] C:\WINDOWS\system32\taskmgr.dll -> Adware.PurityScan : Error during cleaning
[884] C:\WINDOWS\system32\taskmgr.dll -> Adware.PurityScan : Error during cleaning
:mozilla.24:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\WINDOWS\system32\taskmgr.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\winghd32.dll -> Trojan.Agent.vg : Cleaned with backup


::Report End













DRweb log


pmnno.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
taskmgr.dll;C:\WINDOWS\system32;Adware.ClickSpring;Incurable.Will be deleted after reboot.;
winghd32.dll;C:\WINDOWS\system32;BackDoor.Vocc;Will be cured after reboot.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;;
71F545FEd01;C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\ms4o099d.default\Cache;Trojan.DownLoader.9306;Deleted.;
srvrpe[1].exe;C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95D9A9W0;Adware.MediaTicket;;
srvyld[1].exe;C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95D9A9W0;Adware.MediaTicket;;
MCCWrapper.dll;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;;
PPCInstall.dll;C:\Program Files\Online Services\PeoplePC;Probably STPAGE.Trojan;;
A0035206.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP119;Adware.Yavak;;
A0040167.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Adware.ClickSpring;;
A0040168.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Trojan.MulDrop.3839;Deleted.;
A0040169.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Adware.MediaTicket;;
A0040193.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Trojan.Popuper;Deleted.;
A0040349.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Adware.WildMedia;;
A0040351.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Trojan.Runner;Deleted.;
A0040354.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Trojan.StartPage.1298;Deleted.;
A0040372.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Trojan.DownLoader.8190;Deleted.;
A0040380.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Trojan.Popuper;Deleted.;
A0040382.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;BackDoor.Generic.1219;Deleted.;
A0040384.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Adware.Enbrow;;
A0040385.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Adware.WildMedia;;
A0040386.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Trojan.Click.1166;Deleted.;
A0040388.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Adware.ZenoSearch;;
A0040389.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Adware.ZenoSearch;;
A0042491.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Trojan.Fakealert;Deleted.;
A0042512.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Trojan.Popuper;Deleted.;
A0042515.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP160;Trojan.Popuper;Deleted.;
A0043040.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP165;Trojan.Popuper;Deleted.;
A0028327.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP75;Probably BACKDOOR.Trojan;;
A0028581.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP78;Trojan.DownLoader.8190;Deleted.;
A0028766.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP82;Adware.FCAdvice;;
CheckS02.exe;C:\WINDOWS;Trojan.DownLoader.8450;Deleted.;
NDNuninstall7_22.exe;C:\WINDOWS;Adware.NewDotNet;;
gdnUS2338.exe;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.10532;Deleted.;
rdgUS2405.exe;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.10532;Deleted.;
BMG3b.exe;C:\WINDOWS\system32;Trojan.Ulone;Deleted.;
efccayx.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
pmnno.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
taskmgr.dll;C:\WINDOWS\system32;Adware.ClickSpring;;
winghd32.dll;C:\WINDOWS\system32;BackDoor.Vocc;Will be cured after reboot.;








Logfile of HijackThis v1.99.1
Scan saved at 9:20:34 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Program Installers\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8ec2648f2a900293b1a54e01984d7f4b\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [{91-19-9D-D8-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [ms066744-40205] C:\WINDOWS\ms066744-40205.exe
O4 - HKLM\..\Run: [ms0556744-4020] C:\WINDOWS\ms0556744-4020.exe
O4 - HKLM\..\Run: [ms04056744-402] C:\WINDOWS\ms04056744-402.exe
O4 - HKLM\..\Run: [mousepad] c:\\mousepad1.exe
O4 - HKLM\..\Run: [kVdtBOn] "C:\WINDOWS\system32\spytiqwuy.exe"
O4 - HKLM\..\Run: [kmgzdunA] C:\WINDOWS\kmgzdunA.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard1.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138323902\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [gimmysmileys] c:\\gimmysmileys1.exe
O4 - HKLM\..\Run: [fb6eb52a.exe] C:\WINDOWS\system32\fb6eb52a.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [egtabhdA] C:\WINDOWS\egtabhdA.exe
O4 - HKLM\..\Run: [E1E2E3E7E7E7E3E] 2122232727272.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [5c0664ec.exe] C:\WINDOWS\system32\5c0664ec.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\COMPAQ~1\MYDOCU~1\CROSOF~1.NET\javaw.exe" -vt tzt
O4 - HKCU\..\Run: [Pmap] C:\DOCUME~1\COMPAQ~1\MYDOCU~1\SMANTE~1\RGSVR3~1.EXE
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fkkr] C:\PROGRA~1\COMMON~1\fkkr\fkkrm.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Z_Start.lnk = C:\ZICORN001.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0ECA3EA4-4770-0FEA-B6F0-5487412755F1} - http://85.255.113.214/1/gdnUS2338.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - AppInit_DLLs: taskmgr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:59 AM

Posted 19 June 2006 - 05:26 AM

Hello there,

*It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! :thumbsup:

* Please run the uninstaller by using the tutorial found here:
http://www.outerinfo.com/howto.html
Then Reboot! (v.important)

* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

-------------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
(note - if the link for combofix is not working, please try again in a few hours)

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

David

#11 Recluse89

Recluse89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:03:59 AM

Posted 19 June 2006 - 03:26 PM

Start Time= Mon 06/19/2006 16:23:39.81

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-06-19 04:26:46 126 ( A.... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\iScrobbler.ini"
2006-06-18 22:47:02 ( .D... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\Opera"
2006-06-18 05:13:54 ( .D... ) "C:\Program Files\ewido anti-malware"
2006-06-16 15:01:54 569396 ( ..... ) "C:\WINDOWS\system32\pmnno.dll"
2006-06-16 02:47:38 ( .D... ) "C:\Program Files\StepMania"
2006-06-13 19:50:36 ( .D... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\OLYMPUS"
2006-06-13 19:41:34 ( .D... ) "C:\Program Files\OLYMPUS"
2006-06-13 19:40:40 ( .D... ) "C:\Program Files\PIXELA"
2006-06-12 02:59:24 ( .D... ) "C:\Program Files\Common Files\Panda Software"
2006-06-11 14:11:24 ( .D... ) "C:\Program Files\Roguescanfix"
2006-06-11 01:39:04 ( .D... ) "C:\Program Files\SymNetDrv"
2006-06-11 00:59:30 ( .D... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\çasks"
2006-06-10 13:59:00 ( .D... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM"
2006-06-09 19:50:38 ( .D... ) "C:\Program Files\Common Files\Adobe Systems Shared"
2006-06-08 21:19:50 5967776 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-06-08 17:07:54 ( .D... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\SmartFTP"
2006-06-08 17:07:48 ( .D... ) "C:\Program Files\SmartFTP Client 2.0"
2006-06-08 17:07:34 ( .D... ) "C:\Program Files\SmartFTP Client 2.0 Setup Files"
2006-06-07 02:28:48 ( .D... ) "C:\Program Files\Sony"
2006-06-06 22:23:56 ( .D... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\Sonic Foundry"
2006-06-06 22:23:16 ( .D... ) "C:\Program Files\Sonic Foundry Setup"
2006-06-05 16:47:24 ( .D... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\Publish Providers"
2006-06-05 16:33:12 ( .D... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\Sony"
2006-06-05 16:28:36 ( .D... ) "C:\Program Files\Sony Setup"
2006-06-01 14:47:08 163840 ( A.... ) "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27648 ( A.... ) "C:\WINDOWS\system32\jgpl400.dll"
2006-05-29 11:32:10 1496576 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2006-05-27 16:05:08 ( .D... ) "C:\Program Files\Common Files\Verizon Online"
2006-05-27 16:05:08 ( .D... ) "C:\Program Files\Common Files\Motive"
2006-05-19 11:06:04 3055104 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2006-05-18 01:24:26 450560 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2006-05-17 16:53:34 ( .D... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\Roxio"
2006-05-17 15:35:40 ( .D... ) "C:\Program Files\Roxio"
2006-05-13 00:02:12 ( .D... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\Talkback"
2006-05-13 00:01:26 ( .D... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla"
2006-05-13 00:01:24 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-05-12 21:31:20 ( .D... ) "C:\Program Files\Trillian"
2006-05-11 04:37:26 90112 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2006-05-10 01:25:22 663552 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2006-05-10 01:25:22 615424 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2006-05-10 01:25:22 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2006-05-10 01:25:22 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 01:25:22 448512 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2006-05-10 01:25:22 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 01:25:22 251904 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2006-05-10 01:25:22 205312 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 01:25:22 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2006-05-10 01:25:22 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
2006-05-10 01:25:22 55808 ( A.... ) "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 01:25:22 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2006-05-10 01:25:22 15872 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2006-05-10 01:25:20 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
2006-05-10 01:25:20 1022976 ( A.... ) "C:\WINDOWS\system32\browseui.dll"
2006-05-10 01:25:20 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\WdfMgr.exe"
2006-05-09 22:36:46 6656 ( A.... ) "C:\WINDOWS\system32\uWDF.exe"
2006-05-09 22:26:34 10394624 ( A.... ) "C:\WINDOWS\system32\wmp.dll"
2006-05-09 22:26:34 7706112 ( A.... ) "C:\WINDOWS\system32\wmploc.dll"
2006-05-09 22:26:34 1641472 ( A.... ) "C:\WINDOWS\system32\wmpencen.dll"
2006-05-09 22:26:34 1280000 ( A.... ) "C:\WINDOWS\system32\WMSPDMOE.dll"
2006-05-09 22:26:34 1063424 ( A.... ) "C:\WINDOWS\system32\WMADMOE.dll"
2006-05-09 22:26:34 992256 ( A.... ) "C:\WINDOWS\system32\WMNetMgr.dll"
2006-05-09 22:26:34 705024 ( A.... ) "C:\WINDOWS\system32\WMADMOD.dll"
2006-05-09 22:26:34 564736 ( A.... ) "C:\WINDOWS\system32\WMSPDMOD.dll"
2006-05-09 22:26:34 433152 ( ..... ) "C:\WINDOWS\system32\wmpeffects.dll"
2006-05-09 22:26:34 417280 ( A.... ) "C:\WINDOWS\system32\wmdrmdev.dll"
2006-05-09 22:26:34 337408 ( A.... ) "C:\WINDOWS\system32\wmdrmnet.dll"
2006-05-09 22:26:34 306688 ( A.... ) "C:\WINDOWS\system32\MSWMDM.dll"
2006-05-09 22:26:34 301056 ( A.... ) "C:\WINDOWS\system32\wmpdxm.dll"
2006-05-09 22:26:34 267776 ( A.... ) "C:\WINDOWS\system32\Audiodev.dll"
2006-05-09 22:26:34 237056 ( A.... ) "C:\WINDOWS\system32\wmpasf.dll"
2006-05-09 22:26:34 221696 ( A.... ) "C:\WINDOWS\system32\wmasf.dll"
2006-05-09 22:26:34 219648 ( A.... ) "C:\WINDOWS\system32\CEWMDM.dll"
2006-05-09 22:26:34 212480 ( A.... ) "C:\WINDOWS\system32\msnetobj.dll"
2006-05-09 22:26:34 203776 ( A.... ) "C:\WINDOWS\system32\wmpsrcwp.dll"
2006-05-09 22:26:34 201728 ( A.... ) "C:\WINDOWS\system32\qasf.dll"
2006-05-09 22:26:34 165376 ( A.... ) "C:\WINDOWS\system32\MsPMSP.dll"
2006-05-09 22:26:34 155136 ( A.... ) "C:\WINDOWS\system32\wmidx.dll"
2006-05-09 22:26:34 135680 ( ..... ) "C:\WINDOWS\system32\wmpps.dll"
2006-05-09 22:26:34 97792 ( A.... ) "C:\WINDOWS\system32\wmpshell.dll"
2006-05-09 22:26:34 36864 ( A.... ) "C:\WINDOWS\system32\WMDMPS.dll"
2006-05-09 22:26:34 31744 ( A.... ) "C:\WINDOWS\system32\WMDMLOG.dll"
2006-05-09 22:26:34 26112 ( A.... ) "C:\WINDOWS\system32\MsPMSNSv.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmoe2.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmvdmod.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVE.DLL"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\WMVADVD.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmoe2.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wmsdmod.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\wdfApi.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MPG4DMOD.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MP4SDMOD.dll"
2006-05-09 22:26:34 4096 ( A.... ) "C:\WINDOWS\system32\MP43DMOD.dll"
2006-05-09 22:26:32 218112 ( A.... ) "C:\WINDOWS\system32\wmerror.dll"
2006-05-09 22:26:32 9728 ( A.... ) "C:\WINDOWS\system32\LAPRXY.dll"
2006-05-09 22:26:32 7168 ( A.... ) "C:\WINDOWS\system32\asferror.dll"
2006-05-09 22:22:32 2463744 ( A.... ) "C:\WINDOWS\system32\wmvcore.dll"
2006-05-09 21:28:56 ( .D... ) "C:\Program Files\DVD Shrink"
2006-05-09 21:02:02 84480 ( A.... ) "C:\WINDOWS\system32\logagent.exe"
2006-05-09 21:01:06 1463808 ( ..... ) "C:\WINDOWS\system32\WMVDECOD.dll"
2006-05-09 21:01:06 1359360 ( ..... ) "C:\WINDOWS\system32\WMVSDECD.dll"
2006-05-09 21:00:58 1455616 ( ..... ) "C:\WINDOWS\system32\WMVENCOD.dll"
2006-05-09 21:00:58 770560 ( ..... ) "C:\WINDOWS\system32\WMVSENCD.dll"
2006-05-09 21:00:58 299520 ( ..... ) "C:\WINDOWS\system32\MP4SDECD.dll"
2006-05-09 21:00:58 241152 ( ..... ) "C:\WINDOWS\system32\MPG4DECD.dll"
2006-05-09 21:00:56 636928 ( ..... ) "C:\WINDOWS\system32\WMVXENCD.dll"
2006-05-09 21:00:56 241152 ( ..... ) "C:\WINDOWS\system32\MP43DECD.dll"
2006-05-09 21:00:22 546816 ( ..... ) "C:\WINDOWS\system32\wmpmde.dll"
2006-05-09 21:00:08 382976 ( A.... ) "C:\WINDOWS\system32\MFPLAT.dll"
2006-05-09 21:00:02 1350656 ( A.... ) "C:\WINDOWS\system32\drmv2clt.dll"
2006-05-09 20:59:34 513536 ( A.... ) "C:\WINDOWS\system32\wmdrmsdk.dll"
2006-05-09 20:59:20 417280 ( A.... ) "C:\WINDOWS\system32\MSSCP.dll"
2006-05-09 20:59:18 229376 ( A.... ) "C:\WINDOWS\system32\drmupgds.exe"
2006-05-09 20:59:14 585216 ( A.... ) "C:\WINDOWS\system32\blackbox.dll"
2006-05-09 20:58:54 3745280 ( ..... ) "C:\WINDOWS\system32\WpdShext.dll"
2006-05-09 20:58:54 52224 ( ..... ) "C:\WINDOWS\system32\WPDShServiceObj.dll"
2006-05-09 20:58:54 13824 ( ..... ) "C:\WINDOWS\system32\wpdshextautoplay.exe"
2006-05-09 20:58:50 670208 ( A.... ) "C:\WINDOWS\system32\wpd_ci.dll"
2006-05-09 20:58:50 103424 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWiaCompat.dll"
2006-05-09 20:58:48 345600 ( ..... ) "C:\WINDOWS\system32\PortableDeviceApi.dll"
2006-05-09 20:58:48 188928 ( ..... ) "C:\WINDOWS\system32\PortableDeviceWMDRM.dll"
2006-05-09 20:58:48 101376 ( ..... ) "C:\WINDOWS\system32\PortableDeviceClassExtension.dll"
2006-05-09 20:58:46 343552 ( A.... ) "C:\WINDOWS\system32\WPDSp.dll"
2006-05-09 20:58:40 144896 ( A.... ) "C:\WINDOWS\system32\wpdmtp.dll"
2006-05-09 20:58:40 55808 ( A.... ) "C:\WINDOWS\system32\wpdmtpus.dll"
2006-05-09 20:58:40 35840 ( A.... ) "C:\WINDOWS\system32\wpdconns.dll"
2006-05-09 20:58:38 168960 ( ..... ) "C:\WINDOWS\system32\PortableDeviceTypes.dll"
2006-05-09 20:58:38 13312 ( A.... ) "C:\WINDOWS\system32\wpdtrace.dll"
2006-05-09 20:57:06 11264 ( ..... ) "C:\WINDOWS\system32\ehETW.dll"
2006-05-09 20:45:20 304640 ( ..... ) "C:\WINDOWS\system32\MSDelta.dll"
2006-05-09 20:00:48 22752 ( A.... ) "C:\WINDOWS\system32\spupdsvc.exe"
2006-05-04 19:26:36 ( .D... ) "C:\Program Files\IrfanView"
2006-04-25 18:43:46 1024 ( A.... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\WavCodec.wff"
2006-04-21 21:36:46 ( .D... ) "C:\Program Files\Smart Projects"
2006-04-20 22:39:02 ( .D... ) "C:\Program Files\Lavasoft"
2006-04-20 17:55:46 ( .D... ) "C:\Program Files\WinRAR"
2006-04-20 15:12:06 188416 ( A.... ) "C:\WINDOWS\system32\BMG5.exe"
2006-04-18 05:25:38 286720 ( A.... ) "C:\WINDOWS\system32\{D3150260-5753-454D-9923-26CF37C6FECC}.dll"
2006-04-17 18:43:46 364544 ( A.... ) "C:\WINDOWS\system32\ALX7b.exe"
2006-04-11 14:30:44 93752 ( ..... ) "C:\WINDOWS\system32\WUDFCoinstaller.dll"
2006-04-11 14:27:18 304640 ( ..... ) "C:\WINDOWS\system32\WUDFx.dll"
2006-04-11 14:27:18 130048 ( ..... ) "C:\WINDOWS\system32\WudfHost.exe"
2006-04-11 14:26:56 54272 ( ..... ) "C:\WINDOWS\system32\WudfSvc.dll"
2006-04-11 14:26:44 158208 ( ..... ) "C:\WINDOWS\system32\WudfPlatform.dll"
2006-04-04 21:48:28 187 ( A.... ) "C:\Documents and Settings\Compaq_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt"
2006-04-02 22:31:36 163840 ( A.... ) "C:\WINDOWS\system32\BMGi_b.exe"
2006-03-20 23:23:12 23040 ( ..... ) "C:\WINDOWS\kb913800.exe"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
"{91-19-9D-D8-ZN}"="c:\\windows\\system32\\dwdsregt.exe CORN001"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"URLLSTCK.exe"="c:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SurfSideKick 3"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PCDrProfiler"="\"C:\\Program Files\\PC-Doctor 5 for Windows\\RunProfiler.exe\" -r"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"ms066744-40205"="C:\\WINDOWS\\ms066744-40205.exe"
"ms0556744-4020"="C:\\WINDOWS\\ms0556744-4020.exe"
"ms04056744-402"="C:\\WINDOWS\\ms04056744-402.exe"
"kVdtBOn"="\"C:\\WINDOWS\\system32\\spytiqwuy.exe\""
"kmgzdunA"="C:\\WINDOWS\\kmgzdunA.exe"
"IS CfgWiz"="c:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE \"REBOOT\""
"Internet Optimizer"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1138323902\\ee\\AOLSoftware.exe"
"fb6eb52a.exe"="C:\\WINDOWS\\system32\\fb6eb52a.exe"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"egtabhdA"="C:\\WINDOWS\\egtabhdA.exe"
"E1E2E3E7E7E7E3E"="2122232727272.exe"
"DiscUpdateManager"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
"DISCover"="C:\\Program Files\\DISC\\DISCover.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"bxxs5"="RunDLL32.EXE C:\\WINDOWS\\bxxs5.dll,DllRun"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"5c0664ec.exe"="C:\\WINDOWS\\system32\\5c0664ec.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SSC_UserPrompt"="c:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe -NoStart"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Scbu"="\"C:\\DOCUME~1\\COMPAQ~1\\MYDOCU~1\\CROSOF~1.NET\\javaw.exe\" -vt tzt"
"Pmap"="C:\\DOCUME~1\\COMPAQ~1\\MYDOCU~1\\SMANTE~1\\RGSVR3~1.EXE"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.5.10.21\\PlaxoHelper.exe -a"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"fkkr"="C:\\PROGRA~1\\COMMON~1\\fkkr\\fkkrm.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"AIM"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\WINDOWS\\system32\\ad.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Compaq_Administrator.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Mon 06/19/2006 16:24:54.18
ComboFix ver 06.06.19 - This logfile is located at C:\ComboFix.txt














Logfile of HijackThis v1.99.1
Scan saved at 4:26:07 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Program Installers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [{91-19-9D-D8-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [ms066744-40205] C:\WINDOWS\ms066744-40205.exe
O4 - HKLM\..\Run: [ms0556744-4020] C:\WINDOWS\ms0556744-4020.exe
O4 - HKLM\..\Run: [ms04056744-402] C:\WINDOWS\ms04056744-402.exe
O4 - HKLM\..\Run: [kVdtBOn] "C:\WINDOWS\system32\spytiqwuy.exe"
O4 - HKLM\..\Run: [kmgzdunA] C:\WINDOWS\kmgzdunA.exe
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138323902\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [fb6eb52a.exe] C:\WINDOWS\system32\fb6eb52a.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [egtabhdA] C:\WINDOWS\egtabhdA.exe
O4 - HKLM\..\Run: [E1E2E3E7E7E7E3E] 2122232727272.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [5c0664ec.exe] C:\WINDOWS\system32\5c0664ec.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\COMPAQ~1\MYDOCU~1\CROSOF~1.NET\javaw.exe" -vt tzt
O4 - HKCU\..\Run: [Pmap] C:\DOCUME~1\COMPAQ~1\MYDOCU~1\SMANTE~1\RGSVR3~1.EXE
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fkkr] C:\PROGRA~1\COMMON~1\fkkr\fkkrm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0ECA3EA4-4770-0FEA-B6F0-5487412755F1} - http://85.255.113.214/1/gdnUS2338.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - AppInit_DLLs: taskmgr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:59 AM

Posted 20 June 2006 - 05:01 AM

Hello there,
We have quite a bit to do here, but it shouldn't take too long.

*It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! :thumbsup:

* I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

* Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

*Boot into Safe Mode (without networking support!)
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
O4 - HKLM\..\Run: [{91-19-9D-D8-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [ms066744-40205] C:\WINDOWS\ms066744-40205.exe
O4 - HKLM\..\Run: [ms0556744-4020] C:\WINDOWS\ms0556744-4020.exe
O4 - HKLM\..\Run: [ms04056744-402] C:\WINDOWS\ms04056744-402.exe
O4 - HKLM\..\Run: [kVdtBOn] "C:\WINDOWS\system32\spytiqwuy.exe"
O4 - HKLM\..\Run: [kmgzdunA] C:\WINDOWS\kmgzdunA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [fb6eb52a.exe] C:\WINDOWS\system32\fb6eb52a.exe
O4 - HKLM\..\Run: [egtabhdA] C:\WINDOWS\egtabhdA.exe
O4 - HKLM\..\Run: [E1E2E3E7E7E7E3E] 2122232727272.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [5c0664ec.exe] C:\WINDOWS\system32\5c0664ec.exe
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\COMPAQ~1\MYDOCU~1\CROSOF~1.NET\javaw.exe" -vt tzt
O4 - HKCU\..\Run: [Pmap] C:\DOCUME~1\COMPAQ~1\MYDOCU~1\SMANTE~1\RGSVR3~1.EXE
O4 - HKCU\..\Run: [fkkr] C:\PROGRA~1\COMMON~1\fkkr\fkkrm.exe
O16 - DPF: {0ECA3EA4-4770-0FEA-B6F0-5487412755F1} - http://85.255.113.214/1/gdnUS2338.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - AppInit_DLLs: taskmgr.dll


* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\system32\pmnno.dll <--file
C:\WINDOWS\system32\BMG5.exe <--file
C:\WINDOWS\system32\{D3150260-5753-454D-9923-26CF37C6FECC}.dll" <--file
C:\WINDOWS\system32\ALX7b.exe <--file
C:\WINDOWS\system32\BMGi_b.exe" <--file
C:\WINDOWS\system32\ad.html <--file
C:\WINDOWS\system32\dwdsregt.exe <--file
C:\Program Files\Viewpoint <--folder
C:\Program Files\SurfSideKick 3 <--folder
C:\Program Files\netdotnet <--folder
C:\WINDOWS\ms066744-40205.exe <--file
C:\WINDOWS\ms0556744-4020.exe <--file
C:\WINDOWS\ms04056744-402.exe <--file
C:\WINDOWS\system32\spytiqwuy.exe <--file
C:\WINDOWS\kmgzdunA.exe <--file
C:\Program Files\Internet Optimizer <--folder
C:\WINDOWS\system32\fb6eb52a.exe <--file
C:\WINDOWS\egtabhdA.exe <--file
C:\WINDOWS\system32\2122232727272.exe <--file
C:\WINDOWS\bxxs5.dll <--file
C:\WINDOWS\system32\5c0664ec.exe <--file
C:\Program Files\Common Files\fkkr <--folder
C:\WINDOWS\system32\taskmgr.dll <--file
C:\Documents and Settings\Compaq_Administrator\Application Data\çasks <--folder

The following two folders are a bit more difficult to delete.

C:\Documents and Settings\Compaq_Administrator\My Documents\CROSOF~1.NET <== this folder, will most probably look like micrsoft.net and contains only the file javaw.exe. Be carefull here!! Because there may be two micrsoft.net folders present (unlikely) in your Windows-folder, a good and a bad one. The good one contains a lot of files. Don't delete that one!!! The bad one you have to delete only contains the file javaw.exe, also, don't delete javaw.exe anywhere else!

C:\Documents and Settings\Compaq_Administrator\My Documents\SMANTE~1 <==Ths folder will most likely look like Symantec, and contains the RGSVR3~1.EXE file. Only delete the folder which contains this file, and nothing else.

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab > uncheck and delete everything you find in there. (except for "My current home page")

Please reboot back to normal mode and post a new Hijackthis log.
David

#13 Recluse89

Recluse89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:03:59 AM

Posted 20 June 2006 - 03:57 PM

I rebooted into safe mode and signed on as ADMINISTRATOR. The desktop didn't show up. So I opened the task manager and ran HijackThis through that and deleted all the things you told me to. After that, I opened the task manager again and ran explorer.exe to make the desktop show. It asked me if I wanted to run in safe mode or system restore mode. I clicked YES for safe mode, and the desktop went away. I then signed on to my account and tried again, but with no success. So I rebooted and tried it in normal mode but I couldn't delete any of the .dll files that I found. I did the best I could, though. Here is the new HijackThis log.







Logfile of HijackThis v1.99.1
Scan saved at 4:51:38 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Program Installers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138323902\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [mousepad] c:\\mousepad1.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard1.exe
O4 - HKLM\..\Run: [gimmysmileys] c:\\gimmysmileys1.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\COMPAQ~1\MYDOCU~1\CROSOF~1.NET\javaw.exe" -vt tzt
O4 - HKCU\..\Run: [Pmap] C:\DOCUME~1\COMPAQ~1\MYDOCU~1\SMANTE~1\RGSVR3~1.EXE
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fkkr] C:\PROGRA~1\COMMON~1\fkkr\fkkrm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:59 AM

Posted 21 June 2006 - 07:08 AM

Right, I just want to check something.
Please enter the folder containing hijackthis and rename the Hijackthis program (hijackthis.exe) to "analyse.exe". Then please post a new Hijackthis log from that newly named application.
David

#15 Recluse89

Recluse89
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:03:59 AM

Posted 21 June 2006 - 07:09 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:08:55 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Soulseek\slsk.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Program Installers\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26800628-BD84-4D58-8241-0743992C55A9} - (no file)
O2 - BHO: (no name) - {38336C59-1D3F-4B22-B5AC-61CAFE6DDD44} - (no file)
O2 - BHO: (no name) - {3A205220-FD76-4525-A058-8EEE057ACBC2} - C:\WINDOWS\system32\pmnno.dll
O2 - BHO: (no name) - {58977492-40F0-4A5C-9B57-A8B116F09E1D} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: svchosts.cMapp_2F47968E9FBE - {D3150260-5753-454D-9923-26CF37C6FECC} - C:\WINDOWS\system32\{D3150260-5753-454D-9923-26CF37C6FECC}.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138323902\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [mousepad] c:\\mousepad1.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard1.exe
O4 - HKLM\..\Run: [gimmysmileys] c:\\gimmysmileys1.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\COMPAQ~1\MYDOCU~1\CROSOF~1.NET\javaw.exe" -vt tzt
O4 - HKCU\..\Run: [Pmap] C:\DOCUME~1\COMPAQ~1\MYDOCU~1\SMANTE~1\RGSVR3~1.EXE
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fkkr] C:\PROGRA~1\COMMON~1\fkkr\fkkrm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll
O20 - Winlogon Notify: winghd32 - winghd32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users