View Full Version : Follow up to archived thread #31227
Glennsco
2008-08-01, 04:07
As a follow-up to the archived thread 31227, I took the steps and I am still getting the pop-ups.
Here is my Malwarebytes Log:
Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2
5:22:49 AM 7/31/2008
mbam-log-7-31-2008 (05-22-49).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 159133
Time elapsed: 1 hour(s), 43 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 34
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Staisha\Local Settings\Application Data\gyemysc_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Staisha\Local Settings\Application Data\gyemysc_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Staisha\Local Settings\Application Data\gyemysc.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Staisha\Local Settings\Application Data\gyemysc.exe (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262060.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262062.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262071.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262073.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262075.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262078.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262080.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262081.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262083.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262086.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262087.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262088.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262093.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262094.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262105.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262106.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1175\A0262251.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\02C97F65.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\InternetGameBox.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
and here my latest HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:51 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
c:\program files\ge security supra\syncservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\EDUCOM TS\EAS Client\easclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\Hewlett-Packard\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EASClient] "C:\Program Files\EDUCOM TS\EAS Client\easclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?79534ae87d964799a64a900572576706
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?79534ae87d964799a64a900572576706
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://www.unionconcrod.org/controls/LTOCX14N.cab
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://mbakercorp.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://awamailcls2.faa.gov/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1217476356_3cc5c633c4a3665d3284b19c27d56dee&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://www.unionconcrod.org/controls/prntpro2.CAB
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D719E194-C1CF-4F9A-808B-B88EC6E055B9} (VersionInfo Class) - http://www.zooware.com/InstallCenter/downloads/common/installcenterclient.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
--
End of file - 16351 bytes
You asked if GE Security was AV. It is not.
--------------------------------------------------
http://forums.spybot.info/showthread.php?t=31227
http://forums.spybot.info/showthread.php?t=31253
images are provided to compare to others and help analyze.
Thanks
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly :D
I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
If you still require help please post a fresh HJT log along with the following
Installed Programs
Please could you give me a list of the programs that are installed.
Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
What problems are you having now ?
Glennsco
2008-08-10, 06:12
Thanks Katana,
Here it is.
3D Groove Playback Engine
ABBYY FineReader OCR Engine for Microtek
Adaptec UDF Reader
Addit
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5
ArcSoft ShowBiz 2
Authentium AntiVirus SDK - 2
AutoCAD 2004
AutoCAD Express Tools Volumes 1-9
Autodesk Express Viewer
AVS DVDMenu Editor 1.2.1.19
AVS Video Converter 5.6
AVS4YOU Software Navigator 1.2
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bounce from Hewlett-Packard Desktops (remove only)
Cannonballs from Hewlett-Packard Desktops (remove only)
coBIBLE
Cox Online Support Controls
CP210x USB to UART Bridge Controller
DisplayKEY USB Cradle version 0.7.2
EAS Client
Easy Internet Sign-up
eKEY
eSync Modem Driver
Excavation from Hewlett-Packard Desktops (remove only)
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
Form Fill (Windows Live Toolbar)
Form Viewer
GdiplusUpgrade
GemMaster 3 from Hewlett-Packard Desktops (remove only)
Google Earth
Google Toolbar for Internet Explorer
Hewlett-Packard Multimedia Keyboard/Mouse Solution
HijackThis 2.0.2
Honeycombs from Hewlett-Packard Desktops (remove only)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 8.0
hp deskjet 3820 series (Remove only)
HP Deskjet 8.0 Software
HP Deskjet Preloaded Printer Drivers
HP Imaging Device Functions 8.0
hp instant support
HP Organize
HP Photo & Imaging 3.0
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photosmart Essential
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPImageZone
HPSSupply
Intel(R) Extreme Graphics 2 Driver
IntelliMover Data Transfer Demo
Intellisync® for MSN
InterVideo WinDVD Player
iPod for Windows 2006-01-10
iTunes
Java(TM) 6 Update 7
KBD
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Map Maker Pro 3.5
Mars Rover from Hewlett-Packard Desktops (remove only)
MathPlayer
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Windows Journal Viewer
Microsoft Works 7.0
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multimedia Card Reader
MUSICMATCH® Jukebox
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPass
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org Installer 1.0
OpenSSL 0.9.7f
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
PayPal Plug-In
PC-Doctor for Windows
PerfectDisk
Photosmart 140,240,7200,7600,7700,7900 Series
PhotoWorks
PlayLinc
Polar Bowler from Hewlett-Packard Desktops (remove only)
Popup Blocker (Windows Live Toolbar)
PPSDKRedistributables
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2007
QuickTime
RealPlayer
RecordNow!
Rhapsody Player Engine
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
S3Display
S3Gamma2
S3Info2
S3Overlay
SAMSUNG Mobile Modem Driver Set
ScanSoft PaperPort Viewer 7.0
ScanWizard 5
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Slyder from Hewlett-Packard Desktops (remove only)
SmarterMail Sync for Outlook 2003 and above
SNAP
Sonic Update Manager
SpamSubtract
Spybot - Search & Destroy
STX from Hewlett-Packard Desktops (remove only)
Tabbed Browsing (Windows Live Toolbar)
toolkit
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Updates from HP
Verizon Internet Security Suite
Verizon Online DSL
Verizon Servicepoint 1.5.20
Virtual Earth 3D (Beta)
Virtual Warfare from Hewlett-Packard Desktops (remove only)
Weblink
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ZOOware
Glennsco
2008-08-10, 06:16
OK - Here's the fresh HJT log AND the Uninstall List:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:20, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
c:\program files\ge security supra\syncservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\EDUCOM TS\EAS Client\easclient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\Hewlett-Packard\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EASClient] "C:\Program Files\EDUCOM TS\EAS Client\easclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?79534ae87d964799a64a900572576706
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?79534ae87d964799a64a900572576706
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://www.unionconcrod.org/controls/LTOCX14N.cab
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://mbakercorp.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://awamailcls2.faa.gov/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1217476356_3cc5c633c4a3665d3284b19c27d56dee&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://www.unionconcrod.org/controls/prntpro2.CAB
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D719E194-C1CF-4F9A-808B-B88EC6E055B9} (VersionInfo Class) - http://www.zooware.com/InstallCenter/downloads/common/installcenterclient.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
--
End of file - 16438 bytes
UNINSTALL LIST
3D Groove Playback Engine
ABBYY FineReader OCR Engine for Microtek
Adaptec UDF Reader
Addit
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5
ArcSoft ShowBiz 2
Authentium AntiVirus SDK - 2
AutoCAD 2004
AutoCAD Express Tools Volumes 1-9
Autodesk Express Viewer
AVS DVDMenu Editor 1.2.1.19
AVS Video Converter 5.6
AVS4YOU Software Navigator 1.2
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bounce from Hewlett-Packard Desktops (remove only)
Cannonballs from Hewlett-Packard Desktops (remove only)
coBIBLE
Cox Online Support Controls
CP210x USB to UART Bridge Controller
DisplayKEY USB Cradle version 0.7.2
EAS Client
Easy Internet Sign-up
eKEY
eSync Modem Driver
Excavation from Hewlett-Packard Desktops (remove only)
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
Form Fill (Windows Live Toolbar)
Form Viewer
GdiplusUpgrade
GemMaster 3 from Hewlett-Packard Desktops (remove only)
Google Earth
Google Toolbar for Internet Explorer
Hewlett-Packard Multimedia Keyboard/Mouse Solution
HijackThis 2.0.2
Honeycombs from Hewlett-Packard Desktops (remove only)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 8.0
hp deskjet 3820 series (Remove only)
HP Deskjet 8.0 Software
HP Deskjet Preloaded Printer Drivers
HP Imaging Device Functions 8.0
hp instant support
HP Organize
HP Photo & Imaging 3.0
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photosmart Essential
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPImageZone
HPSSupply
Intel(R) Extreme Graphics 2 Driver
IntelliMover Data Transfer Demo
Intellisync® for MSN
InterVideo WinDVD Player
iPod for Windows 2006-01-10
iTunes
Java(TM) 6 Update 7
KBD
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Map Maker Pro 3.5
Mars Rover from Hewlett-Packard Desktops (remove only)
MathPlayer
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Windows Journal Viewer
Microsoft Works 7.0
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multimedia Card Reader
MUSICMATCH® Jukebox
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPass
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org Installer 1.0
OpenSSL 0.9.7f
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
PayPal Plug-In
PC-Doctor for Windows
PerfectDisk
Photosmart 140,240,7200,7600,7700,7900 Series
PhotoWorks
PlayLinc
Polar Bowler from Hewlett-Packard Desktops (remove only)
Popup Blocker (Windows Live Toolbar)
PPSDKRedistributables
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2007
QuickTime
RealPlayer
RecordNow!
Rhapsody Player Engine
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
S3Display
S3Gamma2
S3Info2
S3Overlay
SAMSUNG Mobile Modem Driver Set
ScanSoft PaperPort Viewer 7.0
ScanWizard 5
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Slyder from Hewlett-Packard Desktops (remove only)
SmarterMail Sync for Outlook 2003 and above
SNAP
Sonic Update Manager
SpamSubtract
Spybot - Search & Destroy
STX from Hewlett-Packard Desktops (remove only)
Tabbed Browsing (Windows Live Toolbar)
toolkit
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Updates from HP
Verizon Internet Security Suite
Verizon Online DSL
Verizon Servicepoint 1.5.20
Virtual Earth 3D (Beta)
Virtual Warfare from Hewlett-Packard Desktops (remove only)
Weblink
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ZOOware
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.
Glennsco
2008-08-11, 04:11
OK Katana, here we go.
COMBOFIX RESULTS:
ComboFix 08-08-10.02 - Owner 2008-08-10 17:57:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.172 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox\Privacy Policy.url
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox\Terms and Conditions.url
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\InternetGameBox\Website.url
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\J7S2GMGV\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\J7S2GMGV\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Owner\g2mdlhlpx.exe
C:\Documents and Settings\Staisha\Application Data\macromedia\Flash Player\#SharedObjects\HEEECY4Z\interclick.com
C:\Documents and Settings\Staisha\Application Data\macromedia\Flash Player\#SharedObjects\HEEECY4Z\interclick.com\ud.sol
C:\Documents and Settings\Staisha\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Staisha\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
c:\WINDOWS\system32\ugomwcy.dat
c:\windows\system32\ugomwcy.exe
c:\WINDOWS\system32\ugomwcy_nav.dat
c:\WINDOWS\system32\ugomwcy_navps.dat
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-07 20:00 . 2008-08-07 20:00 <DIR> d-------- C:\Program Files\CA
2008-08-02 19:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-02 19:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-02 19:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-02 19:58 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-02 19:58 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-02 19:58 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-02 19:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-02 19:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-02 19:58 . 2008-08-02 19:58 5,222 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-02 19:57 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-31 21:11 . 2008-07-31 21:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-31 21:11 . 2008-07-31 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 00:31 . 2008-07-31 00:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-31 00:30 . 2008-07-31 05:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 00:30 . 2008-07-31 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 00:30 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 00:30 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 23:54 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-30 23:52 . 2008-07-30 23:52 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-20 23:42 . 2008-07-20 23:42 <DIR> d-------- C:\Program Files\Sun
2008-07-20 16:07 . 2008-07-20 23:50 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-19 11:31 . 2008-07-19 11:31 <DIR> d-------- C:\Program Files\Fun Web Products
2008-07-19 09:15 . 2008-07-19 09:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-15 22:44 . 2008-07-15 22:44 <DIR> d-------- C:\Program Files\PayPal
2008-07-15 11:00 . 2008-07-15 11:00 <DIR> dr-h----- C:\Documents and Settings\Staisha\Application Data\yahoo!
2008-07-14 12:57 . 2008-05-15 12:57 32 -ra------ C:\Documents and Settings\All Users\hash.dat
2008-07-14 12:53 . 2008-07-14 12:53 <DIR> d-------- C:\Documents and Settings\Owner\.narya
2008-07-14 12:46 . 2008-07-14 12:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\bang
2008-07-14 12:03 . 2008-07-14 12:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\yoclient
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 03:54 --------- d-----w C:\Program Files\Java
2008-07-20 00:50 --------- d-----w C:\Program Files\MSN Messenger
2008-07-19 12:47 --------- d-----w C:\Program Files\Palm
2008-07-19 12:41 --------- d-----w C:\Program Files\hp deskjet 3820 series
2008-07-18 20:44 23 ----a-w C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-07-16 02:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-15 16:57 23 ----a-w C:\Documents and Settings\Staisha\jagex_runescape_preferences.dat
2008-07-08 07:13 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-06 02:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-07-05 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-02 13:36 --------- d-----w C:\Program Files\Google
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-31 11:17 724,984 ----a-w C:\Documents and Settings\Owner\gotomypc_437.exe
2006-12-03 21:09 468 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 14:25 24576]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54 5674352]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 21:00 200767]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 09:40 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"GoToMeeting"="C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe" [2007-12-05 00:46 31816]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"NVIEW"="nview.dll" [2003-05-03 02:19 835654 C:\WINDOWS\system32\nview.dll]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 17:10 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51 118784]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 10:23 90112]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 06:03 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 05:55 483328]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 22:19 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 02:19 4640768]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 12:27 139264]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 04:50 188416]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-24 21:51 53248]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55 155648]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"EASClient"="C:\Program Files\EDUCOM TS\EAS Client\easclient.exe" [2003-11-14 11:25 204800]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 13:03 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 17:10 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 17:11 13552]
"nwiz"="nwiz.exe" [2003-05-03 02:19 323584 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-08-28 23:19:10 552960]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DisplayKEY eSYNC Info.lnk - C:\Program Files\GE Security Supra\SyncInfoApp.exe [2006-07-28 20:15:55 102400]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2005-03-28 11:00:36 335872]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-08-23 23:34:35 16384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GE Security Supra\\SyncInfoApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
S3 eSyncGen;eSync USB Modem Service;C:\WINDOWS\system32\drivers\eSyncGen.sys [2004-08-17 03:57]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys []
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-30 20:07]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38cbb570-bb1c-11dc-9227-000c6eff7caa}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99d0b8cd-9a03-11d9-900d-000c6eff7caa}]
\Shell\AutoRun\command - K:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99d0b8d2-9a03-11d9-900d-000000000000}]
\Shell\AutoRun\command - K:\setupSNK.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-08-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-08-10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
2008-08-10 C:\WINDOWS\Tasks\Disk Cleanup.job
- C:\WINDOWS\system32\cleanmgr.exe [2004-08-04 03:56]
2008-08-07 C:\WINDOWS\Tasks\Java Update Check.job
- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe [2008-06-10 04:27]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-hpsysdrv - c:\windows\system\hpsysdrv.exe
HKLM-Run-Microsoft Works Update Detection - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
HKLM-Run-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;localhost
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?79534ae87d964799a64a900572576706
O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?79534ae87d964799a64a900572576706
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.unionconcrod.org/controls/LTOCX14N.cab
C:\WINDOWS\Downloaded Program Files\ltocx14n.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\lffax14n.dll
C:\WINDOWS\system32\lftif14n.dll
C:\WINDOWS\system32\lfcmp14n.dll
C:\WINDOWS\system32\ltimg14n.dll
C:\WINDOWS\system32\ltfil14n.dll
C:\WINDOWS\system32\ltefx14n.dll
C:\WINDOWS\system32\ltdis14n.dll
C:\WINDOWS\system32\ltkrn14n.dll
C:\WINDOWS\Downloaded Program Files\ltocx14n.ocx
O16 -: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - hxxp://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 -: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.unionconcrod.org/controls/prntpro2.CAB
C:\WINDOWS\Downloaded Program Files\SETUP.INF
C:\WINDOWS\Downloaded Program Files\prntpro2.EXE
O16 -: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} - hxxp://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
C:\WINDOWS\Downloaded Program Files\MINIBrowser.INF
C:\WINDOWS\System32\MiniBrowser.dll
O16 -: {D719E194-C1CF-4F9A-808B-B88EC6E055B9} - hxxp://www.zooware.com/InstallCenter/downloads/common/installcenterclient.cab
C:\WINDOWS\Downloaded Program Files\default.inf
C:\WINDOWS\system32\InstallCenterClient.dll
O16 -: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
C:\WINDOWS\Downloaded Program Files\mapviewer.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 18:05:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\System32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-08-10 18:11:31
ComboFix-quarantined-files.txt 2008-08-10 22:10:28
Pre-Run: 85,498,662,912 bytes free
Post-Run: 85,470,572,544 bytes free
240 --- E O F --- 2008-07-12 11:03:41
HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:16, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\ge security supra\syncservice.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\EDUCOM TS\EAS Client\easclient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\Hewlett-Packard\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EASClient] "C:\Program Files\EDUCOM TS\EAS Client\easclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?79534ae87d964799a64a900572576706
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?79534ae87d964799a64a900572576706
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://www.unionconcrod.org/controls/LTOCX14N.cab
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://mbakercorp.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://awamailcls2.faa.gov/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1217476356_3cc5c633c4a3665d3284b19c27d56dee&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://www.unionconcrod.org/controls/prntpro2.CAB
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D719E194-C1CF-4F9A-808B-B88EC6E055B9} (VersionInfo Class) - http://www.zooware.com/InstallCenter/downloads/common/installcenterclient.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
--
End of file - 15867 bytes
[B]ACTIVE SCAN RESULTS
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-10 21:03:02
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Verizon Internet Security Suite Anti-Virus 6.0.3 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00035328 Application/KillApp.A HackTools No 0 Yes No C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1175\A0262250.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe[C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe][SmitfraudFix\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Process.exe
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
01260840 Trj/Downloader.PME Virus/Trojan No 1 Yes No C:\Documents and Settings\Staisha\Local Settings\Application Data\Wildtangent\Cdacache\00\03\AE.dat
01692698 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Staisha\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32
02197130 Trj/Rebooter.J Virus/Trojan No 1 No No C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe[C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe][SmitfraudFix\Reboot.exe]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe
03173354 Application/FunWeb HackTools No 0 Yes No C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1174\A0262079.DLL
03445477 Adware/MalwareAlarm Adware No 1 Yes No C:\WINDOWS\system32\IEDFix.exe
03445477 Adware/MalwareAlarm Adware No 1 No No C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe[C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe][SmitfraudFix\IEDFix.exe]
03445477 Adware/MalwareAlarm Adware No 1 Yes No C:\Documents and Settings\Owner\Desktop\SmitfraudFix\IEDFix.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location *E
;===================================================================================================================================================================================
No C:\hp\bin\KillIt.exe *E
No C:\QooBox\Quarantine\C\WINDOWS\system32\ugomwcy.exe.vir *E
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description *E
;===================================================================================================================================================================================
;===================================================================================================================================================================================
THANKS AGAIN...
Do you know what these folders relate to ?
C:\Documents and Settings\Owner\.narya
C:\Documents and Settings\Owner\Application Data\bang
C:\Documents and Settings\Owner\Application Data\yoclient
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
DirLook::
C:\Documents and Settings\Owner\.narya
C:\Documents and Settings\Owner\Application Data\bang
C:\Documents and Settings\Owner\Application Data\yoclient
File::
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe
Folder::
C:\Documents and Settings\Owner\Desktop\SmitfraudFix
C:\Documents and Settings\Staisha\Local Settings\Application Data\Wildtangent\Cdacache\00
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
How are things running now, any problems still ?
Glennsco
2008-08-11, 17:54
What would you like me to do? The file size is 1.25 mb and the number of characters is over 1.3M.
Please advise. Thanks
Can you zip the file and add it as an attachment ?
Glennsco
2008-08-11, 23:36
Here you are, Katana...
Do you know what these folders relate to ?
C:\Documents and Settings\Owner\.narya
C:\Documents and Settings\Owner\Application Data\bang
C:\Documents and Settings\Owner\Application Data\yoclient
How are things running now, any problems still ?
Glennsco
2008-08-12, 04:12
No, Katana
I don't know what those files are.
The system seems to be running better - no pop-ups but possibly still a little sluggish.
What do you think about the Verizon/Radialpoint AV? Think I should switch to something else?
No, Katana
I don't know what those files are.
The system seems to be running better - no pop-ups but possibly still a little sluggish.
What do you think about the Verizon/Radialpoint AV? Think I should switch to something else?
C:\Documents and Settings\Owner\Application Data\bang
C:\Documents and Settings\Owner\Application Data\yoclient
Looking at the log, these appear to be related to some sort of game, if you don't know anything about it then I recommend that you delete the entire folders.
In all honesty I know very little about Verizon/Radialpoint AV, but at the moment in my opinion the best two AV's are Kaspersky and NOD32.
Are there any other problems left, or questions you have ?
Glennsco
2008-08-13, 06:52
Yes, I did some research on the folders and they probably are related to some game my daughter installed.
No new problems so far-just the slower performance.
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
Download Winpatrol (http://www.winpatrol.com) It is an excellent startup manager and then some !!
Install Winpatrol, and when running click on the Startup Programs tab
The following items can safely be disabled.
[HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
[CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
[HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HPHmon05] C:\WINDOWS\System32\hphmon05.exe
[AutoTKit] C:\hp\bin\AUTOTKIT.EXE
[NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[nwiz] nwiz.exe /installquiet /keeploaded /nodetect
[HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
[UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
[mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[AlcxMonitor] ALCXMNTR.EXE
[IgfxTray] C:\WINDOWS\System32\igfxtray.exe
[KBD] C:\HP\KBD\KBD.EXE
[HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
[Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
[Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
[iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
[MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
[swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
[Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
Just click on each item and then click Disable
(if the program is running, Winpatrol will ask if you wish to stop it)
Reboot your computer and see if that has helped the speed.
Glennsco
2008-08-15, 07:03
Thanks again Katana,
I think that did help some. Thanks for hanging in there with me. I really appreciate it. I will keep an eye on it.
Congratulations your logs look clean :D
Let's see if I can help you keep it that way
First lets tidy up :D
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
You can also delete any logs we have produced, and empty your Recycle bin.
The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/content/view/15/33/) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'