Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Darksma


  • This topic is locked This topic is locked
15 replies to this topic

#1 sreylavender209

sreylavender209

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 12 April 2007 - 05:02 AM

Hi! I've read some of the forums about darksma and it appears as though everybody's case is different. I first encountered darksma this weekend. I don't exactly know how my computer was infected because it's shared by me and my two siblings. I do know that I frequent myspace and youtube. My brothers do the same and they also go on limewire and one of them downloads games often, despite my warnings. Could anyone of these be the cause? As far as performing maintenance on my computer, I do it on a routine basis. Currently I have 3 different antispywares: AT&T Yahoo! Online Protection antispyware, Ad-Aware, and Spybot. I scan for spyware using all 3 and the AT&T Yahoo! Online Protection is the only one that detects Darksma. However, even after removing it several times, Darksma is still there. I've been seeing annoying pop-ups that open in both Internet Explorer and Firefox and it's driving me nuts. And even after changing my internet security options, the ads still appear. I'm really afraid that Darksma is more malicious than just opening pop-ups. Please help me get rid of it or whatever it is that's causing this problem. I'd appreciate it.


Logfile of HijackThis v1.99.1
Scan saved at 2:17:14 AM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\arservice.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {37fdfffa-0ebb-4186-92e3-9a184940ef98} - C:\WINDOWS\system32\irpdsf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\tmp92F.tmp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm082YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149531415312
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimple.com/tsweb/msrdp.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...9791af570c587af
O20 - Winlogon Notify: irpdsf - C:\WINDOWS\SYSTEM32\irpdsf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 12 April 2007 - 05:28 AM

Welcome to the BleepingComputer HijackThis forum sreylavender209 :thumbsup:

Download Killbox by Option^Explicit:
http://download.bleepingcomputer.com/spyware/KillBox.zip
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select: 'Delete on Reboot'.
Then Click on the 'All Files' button.
Please copy ALL the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\SYSTEM32\irpdsf.dll
C:\WINDOWS\system32\tmp92F.tmp.dll


Return to Killbox,go to the File menu,and choose 'Paste from Clipboard'.
Click the red-and-white Delete File button.
Click 'Yes' at the 'Delete on Reboot' prompt.
Click OK at any 'PendingFileRenameOperations' prompt.
If your computer does not restart automatically,please restart it manually.


After rebooting, open up Killbox again.
Click 'File'>'Logs'>'Actions History Log'.
Post this log in your next reply.

************************

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\WinFlyer32.dll
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply please.

If Jotti's too busy,try here:
Go here:http://www.virustotal.com/en/virustotalf.html
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\WinFlyer32.dll
Then click on 'Send'.
Post the results into your next reply please.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 sreylavender209

sreylavender209
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 12 April 2007 - 02:10 PM

Hi RichieUK! Thanks for assisting me. I downloaded Killbox and did as told. And below is the log for it.

Pocket Killbox version 2.0.0.648
Running on Windows XP as HP_Administrator(Administrator)
was started @ Thursday, April 12, 2007, 11:35 AM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\irpdsf.dll


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\tmp92F.tmp.dll


I Rebooted @ 11:36:29 AM
Killbox Closed(Exit) @ 11:36:31 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as HP_Administrator(Administrator)
was started @ Thursday, April 12, 2007, 11:38 AM



However, there was a problem when I tried to browse for winflyer32.dll on http://virusscan.jotti.org/ . I kept checking to see whether or not I was in the wrong folder and I was sure I wasn't. I couldn't find winflyer32.dll. This is probably my fault as last night I removed winflyer from the control panel using add/remove program after seeing it on the Hijackthis log. I'm sorry. I thought this would help me fix the problem but it didn't. I want to mention also that after I removed winflyer32.dll, a dialog box appears everytime I start the computer. It says that winflyer32.dll could not be found.

Anyway, below is the lastest Hijackthis log.


Logfile of HijackThis v1.99.1
Scan saved at 11:46:38 AM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DISC\DiscGui.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {37fdfffa-0ebb-4186-92e3-9a184940ef98} - C:\WINDOWS\system32\irpdsf.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\tmp92F.tmp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm082YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149531415312
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimple.com/tsweb/msrdp.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...9791af570c587af
O20 - Winlogon Notify: irpdsf - irpdsf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 12 April 2007 - 04:23 PM

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {37fdfffa-0ebb-4186-92e3-9a184940ef98} - C:\WINDOWS\system32\irpdsf.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\tmp92F.tmp.dll (file missing)
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm082YYUS
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...9791af570c587af
O20 - Winlogon Notify: irpdsf - irpdsf.dll (file missing)


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

****************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.

Post the AVG Anti Spyware report,the BitDefender Online Scanner log, and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 sreylavender209

sreylavender209
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 12 April 2007 - 08:34 PM

RichieUK,

I've done all that you told me to do above. My computer seems to be free of those annoying popups I mentioned earlier. I even scanned for spyware using the AT&T Yahoo! Online Protection anti-spyware and darksma is no longer there. However, I would like to know whether or not my problem is completely fixed. Below are the report and logs you said to post. Thanks for helping me.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:36:41 PM 4/12/2007

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp504.tmp.exe -> Downloader.Agent.bjk : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp571.tmp.exe -> Downloader.Agent.bjk : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp914.tmp.exe -> Downloader.Agent.bjk : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.299:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.313:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.367:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.463:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4EE.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq626.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dada.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@getmusicfree.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@paidmarketingpanel.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@prizeamerica.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@psu.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.61:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.62:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.63:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.77:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4EF.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq579.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F0.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57A.tmp -> TrackingCookie.Atdmt : Cleaned.
:mozilla.550:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.551:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.552:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.615:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F1.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57B.tmp -> TrackingCookie.Clickbank : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD36.tmp -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.cnn[2].txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.123:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@news.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51D.tmp -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.126:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.127:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.128:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.129:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F2.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A6.tmp -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.156:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.157:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.66:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.67:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.68:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.69:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.70:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.100:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.101:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.102:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.94:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.99:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57D.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F3.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57E.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq629.tmp -> TrackingCookie.Findwhat : Cleaned.
:mozilla.188:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.189:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62A.tmp -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.192:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.193:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.533:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.534:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.625:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.gamershell[2].txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.209:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.210:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.629:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.630:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.631:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.632:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57F.tmp -> TrackingCookie.Hitbox : Cleaned.
:mozilla.221:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.222:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.593:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.594:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.595:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@search.live[1].txt -> TrackingCookie.Live : Cleaned.
:mozilla.597:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.598:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.599:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq523.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq580.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.603:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.604:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.605:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.366:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.375:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.649:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.78:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.79:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.80:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.81:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.82:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62C.tmp -> TrackingCookie.Pointroll : Cleaned.
:mozilla.405:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.406:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.407:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD37.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@guide.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@messagesignup.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@radio.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realguide.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@guide.real[2].txt -> TrackingCookie.Real : Cleaned.
:mozilla.429:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.430:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.431:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@network.realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F4.tmp -> TrackingCookie.Realmedia : Cleaned.
:mozilla.440:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.441:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.442:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.443:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.444:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.445:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.446:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.447:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.535:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.173:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.174:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.175:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.176:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.177:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57C.tmp -> TrackingCookie.Ru4 : Cleaned.
:mozilla.113:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.454:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.455:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.456:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.457:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.458:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.468:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.71:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.72:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.73:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.74:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.75:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.76:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq581.tmp -> TrackingCookie.Statcounter : Cleaned.
:mozilla.476:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.477:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.478:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.537:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.538:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62D.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62E.tmp -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.488:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.489:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.490:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.491:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.492:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.493:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.494:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F5.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq582.tmp -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.496:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F6.tmp -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.432:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.433:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.434:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.435:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.436:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.586:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.523:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.524:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.525:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.526:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.527:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.528:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.529:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.530:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\69ct7sn3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq516.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F7.tmp -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq630.tmp -> TrackingCookie.Zedo : Cleaned.
C:\!KillBox\tmp92F.tmp.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp50C.tmp.exe -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp92F.tmp.exe -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP215\A0072944.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp509.tmp.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp572.tmp.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp925.tmp.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

____________________________________________________


BitDefender Online Scanner

Scan report generated at: Thu, Apr 12, 2007 - 18:01:52





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;







Statistics

Time
01:07:34

Files
672169

Folders
7897

Boot Sectors
3

Archives
17300

Packed Files
64983




Results

Identified Viruses
3

Infected Files
5

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
5




Engines Info

Virus Definitions
485673

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\!KillBox\irpdsf.dll
Infected with: Trojan.Downloader.ConHook.AI

C:\!KillBox\irpdsf.dll
Disinfection failed

C:\!KillBox\irpdsf.dll
Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ClnAbot\ClnAbot.com
Infected with: DeepScan:Generic.Malware.G!SMPPkg.68C91F85

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ClnAbot\ClnAbot.com
Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ClnAbot\ClnAbot.com
Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP215\A0072943.dll
Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP215\A0072943.dll
Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP215\A0072943.dll
Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP216\A0073013.dll
Infected with: Trojan.Downloader.ConHook.AI

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP216\A0073013.dll
Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP216\A0073013.dll
Deleted

C:\WINDOWS\Downloaded Program Files\HGStart9USA.exe
Infected with: Trojan.Dloader.BAK

C:\WINDOWS\Downloaded Program Files\HGStart9USA.exe
Disinfection failed

C:\WINDOWS\Downloaded Program Files\HGStart9USA.exe
Deleted







Logfile of HijackThis v1.99.1
Scan saved at 6:27:45 PM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149531415312
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimple.com/tsweb/msrdp.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 13 April 2007 - 03:21 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Exit Hijackthis.

*******************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u1'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
Posted Image
Posted Image

#7 sreylavender209

sreylavender209
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 13 April 2007 - 03:40 AM

Before I use Hijackthis to perform the fix, do I need to run it in safe mode? Previously, you had me run it in safe mode? Is there a difference?

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 13 April 2007 - 03:48 AM

Before I use Hijackthis to perform the fix, do I need to run it in safe mode?

No,just run it in regular windows please :thumbsup:
Posted Image
Posted Image

#9 sreylavender209

sreylavender209
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 13 April 2007 - 04:59 AM

Hi RichieUK,

I've fixed the last 2 things you told me to do with Hijackthis. Afterwards, I performed disk cleanup as you instructed. Lastly, I deleted my older version of Sun Java and installed the newer version. Below is the lastest Hijackthis log. I think my problem as been resolved. Again, I thank you very much for taking the time to help me. Throughout the whole process, I've learned a lot about my computer. Hopefully this kind of thing won't ever happen again. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 2:48:15 AM, on 4/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149531415312
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimple.com/tsweb/msrdp.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 13 April 2007 - 07:16 AM

Please disable Spybot S&Dís protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

Fix these harmless entries:
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -


Exit Hijackthis,restart your pc and the re-enable Spybot's protection.
No need to post a new log,you're good to go.
:thumbsup:
Posted Image
Posted Image

#11 sreylavender209

sreylavender209
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 13 April 2007 - 10:44 AM

RichieUK,

I did as you said. I disabled Spybot S&D's protection, rebooted the computer and fixed the 3 things you mentioned. However, when I looked at the Hijackthis log, I still saw the 3 items. What should I do? Should I fix them again?

Also, I have a problem with viewing the words in the spybot dialog box. When looking at the balloon on my taskbar everytime I exit a spybot dialog box, it tells me that I've denied registry change or something like that. Do you know what it says exactly in the box. I just want to be able to see which option I'm choosing.

Anyway, below is the lastest log. As I've mentioned, the 3 items you told me to fix are still there.

Logfile of HijackThis v1.99.1
Scan saved at 8:31:12 AM, on 4/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149531415312
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimple.com/tsweb/msrdp.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

Edited by sreylavender209, 13 April 2007 - 10:45 AM.


#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 13 April 2007 - 12:01 PM

Go to Start/Control Panel/Add or Remove Programs and remove/uninstall Spybot Search and Destroy,then restart yout pc.

Now have Hijackthis fix:
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
Exit Hijackthis.

If those entries are now gone,download/install Spybot S&D from here:
http://www.safer-networking.org/en/index.html

Let me know how your pc is running now please.
Posted Image
Posted Image

#13 sreylavender209

sreylavender209
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 13 April 2007 - 03:34 PM

I removed Spybot, fixed the 3 java plug-in updates with Hijackthis, and then reinstalled Spybot. Below is the latest Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 1:28:14 PM, on 4/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149531415312
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimple.com/tsweb/msrdp.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 13 April 2007 - 03:58 PM

Your log is clean and you're good to go :thumbsup:
Posted Image
Posted Image

#15 sreylavender209

sreylavender209
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 13 April 2007 - 04:10 PM

I can't thank you enough for this. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users