[Resolved] spyware/ fake antivirus

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

[Resolved] spyware/ fake antivirus

Options

83valentine View Member Profile	Oct 31 2009, 01:49 PM Post #1
Authentic Member Group: Authentic Member Posts: 34 Joined: 21-October 09 Member No.: 88,467 Operating System: Xp pro	This is a work computer running windows xp pro. System is set up with multiple users. Under one user, we keep getting a pop up that says security tool has found numerous viruses and prompts you to purchase a program to clean it up. Program loads at startup uner the one user. I can temporarily disable it by removing from the startup folder, but it returns on its own. I have run housecall and it found several virsuses and either deleted or quarantined sucessfully. Also when logged in as user with problems internet use is slow mostly under yahoo mail. I was unable to run rootrepeal it keeps locking up on initializing and not doing anything. Tried deleting and reinstalling from different site with no success. DDS (Ver_09-06-26.01) - NTFSx86 Run by Administrator at 13:38:58.91 on Sat 10/31/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.575.267 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\atiptaxx.exe C:\Program Files\DELL\AccessDirect\dadapp.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\DELL\AccessDirect\DadTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\system32\ctfmon.exe C:\Palm\HOTSYNC.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Documents and Settings\administrator.GONPH\Desktop\dds.scr ============== Pseudo HJT Report =============== uDefault_Page_URL = hxxp://www.dellnet.com uStart Page = hxxp://www.dellnet.com/ uInternet Settings,ProxyOverride = localhost uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9b.exe mRun: [ATIModeChange] Ati2mdxx.exe mRun: [AtiPTA] atiptaxx.exe mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [AdaptecDirectCD] "c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe" mRun: [Logitech Utility] Logi_MwX.Exe mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~3.lnk - c:\windows\installer\{00030409-78e1-11d2-b60f-006097c998e7}\misc.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\truemo~1.lnk - c:\program files\dell truemobile 1150\client manager\CmDEL.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238518757834 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL ============= SERVICES / DRIVERS =============== R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2005-6-1 183808] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2005-6-1 25088] R3 Ich;Ich;c:\windows\system32\drivers\Ich.sys [2002-2-22 65916] R3 wldel48b;Dell TrueMobile 1150 Series PCCard Driver;c:\windows\system32\drivers\wldel48b.sys [2005-6-17 171520] S3 MSSQL$VIA_MSDE;MSSQL$VIA_MSDE;c:\program files\microsoft sql server\mssql$via_msde\binn\sqlservr.exe [2005-5-4 9150464] S3 SQLAgent$VIA_MSDE;SQLAgent$VIA_MSDE;c:\program files\microsoft sql server\mssql$via_msde\binn\sqlagent.EXE [2005-5-3 323584] =============== Created Last 30 ================ 2009-10-31 13:08 <DIR> --d-h--- C:\BJPrinter 2009-10-26 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\wosakoye 2009-10-26 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\tevajige 2009-10-26 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\kotugava 2009-10-26 11:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\yadokibo 2009-10-26 11:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\nuvenida 2009-10-26 11:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\loneloho 2009-10-26 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\goguzeve 2009-10-26 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vekoniri 2009-10-26 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\japufeku 2009-10-25 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\yenokidi 2009-10-25 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\rubabofa 2009-10-25 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\depawola 2009-10-25 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\wuvadefo 2009-10-25 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\witusaga 2009-10-25 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\bafopaga 2009-10-24 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\wivehogo 2009-10-24 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\welojehi 2009-10-24 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\giyujuyo 2009-10-24 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\yohiyoto 2009-10-24 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\midipoyo 2009-10-24 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fuselefu 2009-10-23 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\wetitofa 2009-10-23 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\tanuzefu 2009-10-23 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\mozesupu 2009-10-23 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\83189332 2009-10-23 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\pojuwige 2009-10-23 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\midifatu 2009-10-23 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\banubulo 2009-10-22 23:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\nolahaga 2009-10-22 23:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\mopohipe 2009-10-22 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\yeminubo 2009-10-22 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\sisanuza 2009-10-22 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\gopavizi 2009-10-22 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\tazaloju 2009-10-22 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\lujigapi 2009-10-22 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\jayekidu 2009-10-20 05:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\jotuyiho 2009-10-20 05:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fofarohi 2009-10-20 05:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fafiwilu 2009-10-19 04:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\zufanazu 2009-10-19 04:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\kukapaje 2009-10-19 04:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fekojihi 2009-10-18 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\yaniwivo 2009-10-18 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\jimunevi 2009-10-18 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\bowugoza 2009-10-18 04:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\noguwume 2009-10-18 04:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\kinaweti 2009-10-18 04:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\jovegovo 2009-10-17 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vanahuzu 2009-10-17 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fonaraju 2009-10-17 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\bupugoki 2009-10-17 04:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\yiyomero 2009-10-17 04:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\katuziji 2009-10-17 04:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\botekuyu 2009-10-16 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\pefemizi 2009-10-16 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ladosimu 2009-10-16 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\hobozodo 2009-10-16 04:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\zekorazi 2009-10-16 04:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\jidomuye 2009-10-16 04:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\dinekega 2009-10-15 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\beliyupa 2009-10-15 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\zatavido 2009-10-15 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\sesameto 2009-10-15 04:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\rogawihe 2009-10-15 04:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\hokalehu 2009-10-15 04:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\gogitaya 2009-10-14 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\zofenuhi 2009-10-14 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fahumaki 2009-10-14 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\buvatolo 2009-10-14 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fimijeza 2009-10-14 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\raheleyu 2009-10-14 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\kaboyene 2009-10-14 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\jatibusu 2009-10-14 04:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\yorokuzi 2009-10-14 04:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\tibepozi 2009-10-14 04:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\juhumuyo 2009-10-13 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\tukuhegu 2009-10-13 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\muhoyawa 2009-10-13 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\jevayeyi 2009-10-13 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\hekazezi 2009-10-13 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\zifewiba 2009-10-13 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\netojeke 2009-10-13 16:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\kerojade 2009-10-13 13:52 157,712 a------- c:\windows\system32\drivers\tmcomm.sys 2009-10-12 08:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\zugilesu 2009-10-12 08:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\nozarihu 2009-10-12 08:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\nitinala 2009-10-12 08:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\towamusi 2009-10-12 08:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\mofohufu 2009-10-12 08:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vejajiha 2009-10-12 08:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\tumeleta 2009-10-12 08:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\daviheno 2009-10-09 15:36 6,583 a------- C:\all 2009-10-09 14:43 153,088 -c------ c:\windows\system32\dllcache\triedit.dll 2009-10-09 14:41 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-10-09 14:40 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx 2009-10-08 15:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\nevafeja 2009-10-08 15:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\yovejipa 2009-10-08 15:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\wadurako 2009-10-08 15:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fofigubu 2009-10-08 03:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\koteguge 2009-10-08 03:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\jegufedo 2009-10-08 03:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\bazomobu 2009-10-08 03:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\yuyabage 2009-10-08 03:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\kimiloko 2009-10-08 03:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\sokiduni 2009-10-08 03:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\gugofehi 2009-10-07 15:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\jivovehe 2009-10-07 15:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\zuyaluse 2009-10-07 15:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vehanabu 2009-10-07 15:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\powuneba 2009-10-06 14:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vazileyo 2009-10-06 14:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\towezajo 2009-10-06 14:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\piwozasu ==================== Find3M ==================== 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll ============= FINISH: 13:40:14.85 =============== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:41:38 PM, on 10/31/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\atiptaxx.exe C:\Program Files\DELL\AccessDirect\dadapp.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\DELL\AccessDirect\DadTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\system32\ctfmon.exe C:\Palm\HOTSYNC.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238518757834 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GONPH.local O17 - HKLM\Software\..\Telephony: DomainName = GONPH.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GONPH.local O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- End of file - 7948 bytes Attached File(s) Attach.txt ( 9.35K ) Number of downloads: 17

Posts in this topic

83valentine [Resolved] spyware/ fake antivirus Oct 31 2009, 01:49 PM

ken545 Please download Malwarebytes from Here or Here Do... Oct 31 2009, 07:01 PM

83valentine Malwarebytes' Anti-Malware 1.41 Database versi... Oct 31 2009, 07:41 PM

ken545 Hi, Download TFC to your desktop Close any open ... Oct 31 2009, 08:27 PM

83valentine ComboFix 09-10-30.01 - Administrator 10/31/2009 22... Oct 31 2009, 09:46 PM

ken545 Run this tool please Please download SystemLook f... Nov 1 2009, 04:54 AM

83valentine SystemLook v1.0 by jpshortstuff (29.08.09) Log cre... Nov 1 2009, 06:57 AM

ken545 Lets just go a bit further Plug this into Systeml... Nov 1 2009, 08:19 AM

83valentine SystemLook v1.0 by jpshortstuff (29.08.09) Log cre... Nov 1 2009, 09:55 AM

ken545 I am almost 100% sure these files are bad but alwa... Nov 1 2009, 11:04 AM

83valentine File wosakoye.dll received on 2009.11.01 19:00:05 ... Nov 1 2009, 01:05 PM

ken545 Hi, Open Notepad Go to Start> All Programs... Nov 1 2009, 01:49 PM

83valentine ComboFix 09-10-30.01 - Administrator 11/01/2009 18... Nov 1 2009, 07:29 PM

ken545 Great, We missed one, try and delete the folder y... Nov 1 2009, 08:08 PM

83valentine ESETSmartInstaller@High as CAB hook log: OnlineSca... Nov 1 2009, 10:46 PM

ken545 Good Morning, That error is because the bad file ... Nov 2 2009, 03:15 AM

ken545 Please download SystemLook from one of the links b... Nov 2 2009, 05:54 AM

83valentine did not fine either, here are the reports. And I ... Nov 2 2009, 07:09 AM

83valentine Had similar issue on another computer. The tech h... Nov 2 2009, 07:34 AM

ken545 Hi, No need for System look, they showed up on yo... Nov 2 2009, 07:45 AM

83valentine Rundll errors are fixed, thankyou. I can not find... Nov 2 2009, 09:25 AM

83valentine I tried typing the path into Virus Total and this ... Nov 2 2009, 09:29 AM

ken545 Fix these with HJT, if they give you a problem you... Nov 2 2009, 09:55 AM

83valentine Logfile of Trend Micro HijackThis v2.0.2 Scan save... Nov 2 2009, 12:02 PM

ken545 Locate these files and delete them, leave them in ... Nov 2 2009, 12:10 PM

83valentine Could nto find any of them. Nov 2 2009, 01:42 PM

ken545 Hi, Those files are gone Always like to doubl... Nov 2 2009, 06:51 PM

83valentine Thanks for all your help. Nov 2 2009, 10:02 PM

ken545 Your very welcome, Take care, Ken Nov 3 2009, 03:12 AM

ken545 Since this issue appears to be resolved ... this T... Nov 7 2009, 11:38 AM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Resolved] IE8 web browser keeps redirecting me	14	Marm	184	Yesterday, 09:29 PM Last post by: CatByte
Infections Removal [Resolved] XP Antivirus Pro 2010 infection	29	Stormicats	1,225	Yesterday, 03:58 PM Last post by: extremeboy
Infections Removal [Resolved] Perfect Keylogger.	9	lin0056	129	Yesterday, 02:34 PM Last post by: LDTate
Infections Removal [Resolved] Lots of Malware found and removed	12	km1234	175	16th March 2010 - 11:41 PM Last post by: Tomk