Page 1 of 4 1234 LastLast
Results 1 to 10 of 35

Thread: want to get rid of them

  1. 2006-02-28, 07:23 #1
    HelpMeSosLoL
    HelpMeSosLoL is offline
    Junior Member
    Join Date
    Feb 2006
    Posts
    23

    Default want to get rid of them

    hey i downloaded spybot, windows defender, and ad-aware. on windows defender, virtumondo.c keeps coming back. on spybot, virtumonde and these other critical items keep coming back.. but it seems to get rid of more items as i scan each time. on ad-aware, again some items come up that i should get rid of. o yeah and on spybot, it had this small box that popped up and said spybot search and destroy has detected an important registry entry that has been changed, category: browser helper object, change: value deleted, and a couple other things, anyways, there were two buttons in the box i couldn't see because the box wouldn't even maximize or anything, so there was no way i could see what it said on those buttons so i just xed out. everything seems to reappear when i go online. yesterday it said spysherrif on windows defender. and bloodhound.exploit20 on my expired norton virus thing. and i forget which program, but it said i have a spyware infection on my computer. i might have accidently accepted access on the internet from a bad link? please help me get rid of these things for GOOD.
    Last edited by tashi; 2006-02-28 at 08:54. Reason: Two topics merged
  2. 2006-02-28, 07:53 #2
    HelpMeSosLoL
    HelpMeSosLoL is offline
    Junior Member
    Join Date
    Feb 2006
    Posts
    23

    Default MY hijackthis logfile.. help please!!

    Logfile of HijackThis v1.99.1
    Scan saved at 10:48:33 PM, on 2/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\2Wire\2PortalMon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\lich.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
    C:\AntiSpyWareMOOCOW\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/redirects/inclient/AIM_tools.adp
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Web\Wallpaper\expbin.dll
    O2 - BHO: (no name) - {8A368B31-5AA9-4A61-99C2-0EB6122CE91c} - C:\WINDOWS\system32\lcavgmoa.dll
    O2 - BHO: (no name) - {BD8BBC42-CF68-43FD-BB08-3928AEEF7E7e} - C:\WINDOWS\system32\lcavgmoa.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [lich] lich.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NI.UWFX6_0001_N68M2301] "C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe" -nag
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O20 - Winlogon Notify: expbin - C:\WINDOWS\Web\Wallpaper\expbin.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  3. 2006-03-01, 10:42 #3
    illukka
    illukka is offline
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Put a check next to Run VundoFix as a task.
    • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    • When VundoFix re-opens, click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
  4. 2006-03-02, 07:20 #4
    HelpMeSosLoL
    HelpMeSosLoL is offline
    Junior Member
    Join Date
    Feb 2006
    Posts
    23

    Default Thanx Illukka.. Experts, please check this!

    VundoFix V4.2.27
    Scan started at 10:05:13 PM 3/1/2006

    Listing files found while scanning....

    C:\WINDOWS\Web\Wallpaper\expbin.dll
    C:\WINDOWS\Web\Wallpaper\nibpxe.ini
    C:\WINDOWS\Web\Wallpaper\nibpxe.bak1
    C:\WINDOWS\Web\Wallpaper\nibpxe.bak2
    C:\WINDOWS\Web\Wallpaper\nibpxe.ini2
    C:\WINDOWS\Web\Wallpaper\nibpxe.tmp

    C:\WINDOWS\Web\Wallpaper\nibpxe.bak1
    C:\WINDOWS\Web\Wallpaper\nibpxe.bak2
    C:\WINDOWS\Web\Wallpaper\nibpxe.tmp
    C:\WINDOWS\Web\Wallpaper\nibpxe.ini
    C:\WINDOWS\Web\Wallpaper\nibpxe.ini2
    C:\WINDOWS\Web\Wallpaper\expbin.dll
    C:\WINDOWS\Web\Wallpaper\nibpxe.ini2
    C:\WINDOWS\Web\Wallpaper\nibpxe.bak2
    C:\WINDOWS\Web\Wallpaper\nibpxe.tmp
    C:\WINDOWS\Web\Wallpaper\nibpxe.ini
    C:\WINDOWS\Web\Wallpaper\nibpxe.ini2
    C:\WINDOWS\Web\Wallpaper\expbin.dll
    Attempting to delete C:\WINDOWS\Web\Wallpaper\expbin.dll
    C:\WINDOWS\Web\Wallpaper\expbin.dll Has been deleted!

    Attempting to delete C:\WINDOWS\Web\Wallpaper\nibpxe.ini
    C:\WINDOWS\Web\Wallpaper\nibpxe.ini Has been deleted!

    Attempting to delete C:\WINDOWS\Web\Wallpaper\nibpxe.bak1
    C:\WINDOWS\Web\Wallpaper\nibpxe.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\Web\Wallpaper\nibpxe.bak2
    C:\WINDOWS\Web\Wallpaper\nibpxe.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\Web\Wallpaper\nibpxe.ini2
    C:\WINDOWS\Web\Wallpaper\nibpxe.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\Web\Wallpaper\nibpxe.tmp
    C:\WINDOWS\Web\Wallpaper\nibpxe.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!




    Now here's my HiJackThis Log...


    Logfile of HijackThis v1.99.1
    Scan saved at 10:18:01 PM, on 3/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\2Wire\2PortalMon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\lich.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\AntiSpyWareMOOCOW\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/redirects/inclient/AIM_tools.adp
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {8A368B31-5AA9-4A61-99C2-0EB6122CE91c} - C:\WINDOWS\system32\lcavgmoa.dll
    O2 - BHO: (no name) - {BD8BBC42-CF68-43FD-BB08-3928AEEF7E7e} - C:\WINDOWS\system32\lcavgmoa.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [lich] lich.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NI.UWFX6_0001_N68M2301] "C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe" -nag
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  5. 2006-03-02, 08:07 #5
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello.
    I merged another of your topics, please hit post reply and not start new topic.
    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
  6. 2006-03-02, 12:49 #6
    illukka
    illukka is offline
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
    1) Run Spybot-S&D
    2) Go to the Mode menu, and make sure "Advanced Mode" is selected
    3) On the left hand side, choose Tools -> Resident
    4) Uncheck "Resident TeaTimer" and OK any prompts
    You can reenable TeaTimer once your system is clean.

    open hiajckthis, click do a system scan only
    checkmark these items:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {8A368B31-5AA9-4A61-99C2-0EB6122CE91c} - C:\WINDOWS\system32\lcavgmoa.dll
    O2 - BHO: (no name) - {BD8BBC42-CF68-43FD-BB08-3928AEEF7E7e} - C:\WINDOWS\system32\lcavgmoa.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [lich] lich.exe
    O4 - HKLM\..\Run: [NI.UWFX6_0001_N68M2301] "C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe" -nag
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)


    then close the browser and all other programs. leaving only hiajckthis running
    and click fix checked

    reboot

    post a fresh log here into this thread, using the post reply button
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
  7. 2006-03-02, 19:38 #7
    HelpMeSosLoL
    HelpMeSosLoL is offline
    Junior Member
    Join Date
    Feb 2006
    Posts
    23

    Default New HijackThis Log...here it goes...

    Logfile of HijackThis v1.99.1
    Scan saved at 10:37:25 AM, on 3/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\2Wire\2PortalMon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
    C:\AntiSpyWareMOOCOW\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/redirects/inclient/AIM_tools.adp
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  8. 2006-03-02, 22:16 #8
    illukka
    illukka is offline
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi


    Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

    Please download ewido anti malware it is a free version of the program.
    1. Install ewido security suite
    2. When installing, under "Additional Options" uncheck..
      • Install background guard
      • Install scan via context menu
    3. Launch ewido, there should be an icon on your desktop, double-click it.
    4. The program will now open to the main screen.
    5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    6. You will need to update ewido to the latest definition files.
      • On the left hand side of the main screen click update.
      • Then click on Start Update.
    7. The update will start and a progress bar will show the updates being installed.
      (the status bar at the bottom will display ("Update successful")
    If you are having problems with the updater, you can use this link to manually update ewido.
    ewido manual updates

    Once the updates are installed do the following:

    reboot your computer in SafeMode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.


    then launch ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • You will be prompted to clean the first infection.
    • Select "Perform action on all infections", then proceed.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop or a location where you can find it easily.

    Close ewido security suite.

    reboot back to normal mode, post the ewido report and a log from a fresh hjt scan
    Last edited by illukka; 2006-03-02 at 22:21.
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
  9. 2006-03-03, 00:06 #9
    HelpMeSosLoL
    HelpMeSosLoL is offline
    Junior Member
    Join Date
    Feb 2006
    Posts
    23

    Default ewido report

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 2:52:23 PM, 3/2/2006
    + Report-Checksum: 2CB7FD0B

    + Scan result:

    HKU\S-1-5-21-188361429-296093997-856261148-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{827DC836-DD9F-4A68-A602-5812EB50A834} -> Adware.Virtumonde : Cleaned with backup
    HKU\S-1-5-21-188361429-296093997-856261148-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26} -> Trojan.Conhook.c : Cleaned with backup
    C:\AntiSpyWareMOOCOW\backups\backup-20060302-102520-105.dll -> Trojan.Crypt.o : Cleaned with backup
    C:\AntiSpyWareMOOCOW\backups\backup-20060302-102520-531.dll -> Trojan.Crypt.o : Cleaned with backup
    C:\Documents and Settings\glo\Cookies\glo@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@ehg-uniontrib.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\Documents and Settings\jun\Cookies\jun@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@com[2].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@ehg-aarp.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\kristy\Cookies\kristy@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\kristy\Local Settings\Temp\ICD1.tmp\UWFX6_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
    C:\ncj.exe -> Not-A-Virus.Hoax.Win32.Renos.bb : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
    C:\WINDOWS\system32\cbxvs.dll -> Downloader.ConHook.k : Cleaned with backup
    C:\WINDOWS\system32\lcavgmoa.dll -> Trojan.Crypt.o : Cleaned with backup
    C:\WINDOWS\system32\lich.exe -> Trojan.LowZones.dm : Cleaned with backup
    C:\zdj.exe -> Trojan.LowZones.dm : Cleaned with backup


    ::Report End
  10. 2006-03-03, 00:07 #10
    HelpMeSosLoL
    HelpMeSosLoL is offline
    Junior Member
    Join Date
    Feb 2006
    Posts
    23

    Default HJT report

    Logfile of HijackThis v1.99.1
    Scan saved at 3:00:11 PM, on 3/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\2Wire\2PortalMon.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\AntiSpyWareMOOCOW\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/redirects/inclient/AIM_tools.adp
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules