Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Virus Warning pop-ups and Spyware strike

Started by Porky2005 , Jan 16 2006 10:48 AM

  • This topic is locked This topic is locked
28 replies to this topic

#1 Porky2005

Porky2005

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 16 January 2006 - 10:48 AM

A couple of days ago it seemed like a vius or something was on my computer. In the quick launch buttons on the bottom right hand of my screen I there is a balloon that keeps poppig up saying that there is malicious software on my computer and that I should go to this site to download a remover. Also I have been getting pop-ups on my screen about joining some casino places and dating services. Also Spyware Stike has installed itself on my computer. I have run both Symantec Virus scan and Ad-Aware scan. Both have found stuff and deleted them but it doesn't seem like anthing has happened. Any suggestions would be appreciated. Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:29:31 AM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\MDC\AEGIS Client\mgr8021x.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SpywareStrike\SpywareStrike.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareStrike\SpywareStrike.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mulberry\bin32\Kstatus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Documents and Settings\Zach\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 198.168.1.100
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Kstatus.lnk = C:\Program Files\Mulberry\bin32\Kstatus.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125695012250
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thank you

Edited by Porky2005, 16 January 2006 - 10:49 AM.

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 21 January 2006 - 04:05 PM

Hello Porky2005, welcome to the forum.

Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 Porky2005

Porky2005

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 21 January 2006 - 08:11 PM

Here is the ewido scan and the new Hijackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 9:05:03 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\MDC\AEGIS Client\mgr8021x.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1137460063\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mulberry\bin32\Kstatus.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Documents and Settings\Zach\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 198.168.1.100
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137460063\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Kstatus.lnk = C:\Program Files\Mulberry\bin32\Kstatus.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125695012250
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


Here is the ewido scan:

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:51:22 PM, 1/21/2006
+ Report-Checksum: 6423E339

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
[1000] C:\WINDOWS\system32\wiatwain.dll -> Not-A-Virus.Hoax.Win32.Renos.ap : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\pn5fwwv5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Zach\Application Data\Netscape\NSB\Profiles\w0n6y8ym.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Zach\Cookies\zach@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Zach\Cookies\zach@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Zach\Cookies\zach@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Zach\Cookies\zach@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Zach\Cookies\zach@ehg-y2m.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Zach\Cookies\zach@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Zach\Cookies\zach@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Zach\Cookies\zach@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Zach\Cookies\zach@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Zach\Local Settings\Temp\jkpbdpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Zach\Local Settings\Temp\temp.fr8F64 -> Downloader.Zlob.dy : Cleaned with backup
C:\Documents and Settings\Zach\Local Settings\Temp\temp.frAE63 -> Downloader.Zlob.dz : Cleaned with backup
C:\Documents and Settings\Zach\Local Settings\Temp\temp.frBE4A -> Downloader.Zlob.dz : Cleaned with backup
C:\Documents and Settings\Zach\Local Settings\Temp\temp.frED82 -> Downloader.Zlob.dy : Cleaned with backup
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\36UG8QNG\gdnUS2296[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Program Files\SpywareStrike\SpywareStrike.exe -> Adware.Spyaxe : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\system32\1024\ld15F2.tmp -> Not-A-Virus.Hoax.Win32.Renos.ar : Cleaned with backup
C:\WINDOWS\system32\1024\ld3DC4.tmp -> Downloader.Zlob.dd : Cleaned with backup
C:\WINDOWS\system32\1024\ld47D.tmp -> Not-A-Virus.Hoax.Win32.Renos.ar : Cleaned with backup
C:\WINDOWS\system32\1024\ld68CF.tmp -> Not-A-Virus.Hoax.Win32.Renos.ar : Cleaned with backup
C:\WINDOWS\system32\1024\ld8626.tmp -> Not-A-Virus.Hoax.Win32.Renos.ar : Cleaned with backup
C:\WINDOWS\system32\1024\ld94E6.tmp -> Not-A-Virus.Hoax.Win32.Renos.ar : Cleaned with backup
C:\WINDOWS\system32\ld41D.tmp -> Downloader.Zlob.er : Cleaned with backup
C:\WINDOWS\system32\mssearchnet.exe -> Hijacker.SpyAxe : Cleaned with backup
C:\WINDOWS\system32\nvctrl.exe -> Hijacker.SpyAxe : Cleaned with backup
C:\WINDOWS\system32\wiatwain.dll -> Not-A-Virus.Hoax.Win32.Renos.ap : Cleaned with backup
C:\WINDOWS\Temp\benidgic.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\bhkhmlic.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\bogpbnic.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ddjpcedd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\dhnclboc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ebggccpc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\eefmflpc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ehjkmdoc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ffiooapc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\fjchfpic.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\gmacafoc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\gnmjjigd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\hnjodpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\hpnnhepc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ifkdcopc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\igalhaoc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\jflflfpc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\kdkahiic.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\kjcnmhpc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\lkmlompc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\mbieajpc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\mdgboeic.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\nhijkcic.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\ookjfhoc.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\pebiijic.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\pggnbljd.exe -> Trojan.Dialer.ay : Cleaned with backup


::Report End

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 21 January 2006 - 08:26 PM

Click HERE and download the Istsvc fix
http://securityrespo...er/FxIstbar.exe

use Add/Remove Programs and remove:
SurfAccuracy
SpywareStrike
Viewpoint Manager




Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please print out or copy these instructions\tutorials to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Download SmitRem.exe © noahdfear from one of these sites to your Desktop.
http://www.downloads...org/smitRem.exe
[url="http://noahdfear.geekstogo.com/click%20counter/click.php?id=1""]http://noahdfear.geekstogo.com/click%20cou....php?id=1"[/url]

Double-click the smitRem.exe and it will extract the files to a smitRem folder on your Desktop.


Reboot to safe mode

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


logon to your user account.
Open the smitfraud folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. When the tool completes:


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab

Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete these folders if listed
C:\Program Files\SurfAccuracy
C:\Program Files\ISTsvc
C:\Program Files\SpywareStrike



Open Ewido Security Suite
  • Then please run Ewido, click on the Scanner run a full scan and let
  • it clean everything it finds.
  • Once the scan has completed, there will be a button located on the bottom
  • of the screen named
  • Click Save report
  • Save the report to your desktop

In the Control Panel click Display > Desktop > Customize desktop > Website > Uncheck "Security Info" if present.

Empty recycle bin.


Reboot

Download this file from the link to your desktop.
http://www.mvps.org/.../DelDomains.inf

Right-click on the deldomains.inf file and select 'Install'

Once it is finished your Zones should be reset.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection


"copy/paste" the contents of the log C:\smitfiles.txt a new HijackThis log and the Ewido log.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 Porky2005

Porky2005

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 22 January 2006 - 05:11 PM

Here is the smitfile:


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Sun 01/22/2006
The current time is: 16:41:07.26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

Video iCodec
Security Toolbar


~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

1024 dir
msvol.tlb
ld****.tmp
ncompat.tlb
mscornet.exe


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 840 'explorer.exe'
Killing PID 840 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)

The HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:09:08 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\MDC\AEGIS Client\mgr8021x.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1137460063\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mulberry\bin32\Kstatus.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Zach\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 198.168.1.100
F2 - REG:system.ini: Shell=
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137460063\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Kstatus.lnk = C:\Program Files\Mulberry\bin32\Kstatus.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125695012250
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

The Ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:55:00 PM, 1/22/2006
+ Report-Checksum: 6936EFAB

+ Scan result:

C:\Documents and Settings\Zach\Cookies\zach@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Zach\Cookies\zach@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Zach\Cookies\zach@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup


::Report End

My computer seems to running better. I dont have any more pop ups and the warning that was popping up at the bottom right is no longer there.

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 January 2006 - 05:19 PM

Now we need to clean-up.

Please download System Security Suite. Extract it from the zip file into a folder.
here.

Run 3S under “Items To Clear” tab place a checkmark in all of them but the last.

Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves now.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 Porky2005

Porky2005

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 23 January 2006 - 12:34 AM

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:32:46 AM, on 1/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\MDC\AEGIS Client\mgr8021x.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1137460063\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mulberry\bin32\Kstatus.exe
c:\program files\common files\aol\1137460063\ee\aim6.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Zach\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 198.168.1.100
F2 - REG:system.ini: Shell=
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137460063\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Kstatus.lnk = C:\Program Files\Mulberry\bin32\Kstatus.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125695012250
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

As for m computer, it seems like it is back to normal. There are no more popups and the notice that was always coming up at the bottom right is not coming up any more.

#8 Porky2005

Porky2005

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 23 January 2006 - 07:30 AM

Sorry, actually there is still something not right with my computer. When I try and run my Symantec Antivirus scan it pops up saying: "Could not start scan. Scan engine returned error 0x20000058." So i cannot run my virus scan. Should I re-install my virus scan?

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 23 January 2006 - 03:43 PM

Should I re-install my virus scan?

Yes and let me know if that fixes it.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#10 Porky2005

Porky2005

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 23 January 2006 - 11:09 PM

I uninstalled my anti-virus and then re-installed it, unfortunaltly it did not fix the problem. The same warning still pops up.

    Advertisements

Register to Remove

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 24 January 2006 - 03:35 PM

Click Start > Run.
In the Run dialog box, type regedit and then click OK.
In the Registry Editor, navigate to the following subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon

On the right side find Shell. Right click on Shell and select Modify. In the Value Date type in Explorer.exe select OK. to save it.

Exit the registry and reboot.

Post a new HJT log and see if Norton's will work.

Edited by LDTate, 24 January 2006 - 06:38 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#12 Porky2005

Porky2005

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 24 January 2006 - 11:27 PM

I open up the registry edit and navigate to the subkey, but there is no Shell. There is a AutoRestartShell and if I try to modify that I can not type in Explorer.exe, it has to be either Hexadecimal or decimal.

#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 25 January 2006 - 04:12 PM

Next, launch Notepad, and copy/paste all the blue REGEDIT below to it
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon]
"Shell"="Explorer.exe"


Double Click the fixme.reg and allow it to merge.

Reboot and "copy/paste" a new log file into this thread.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#14 Porky2005

Porky2005

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 25 January 2006 - 04:51 PM

Ok, now my virus scan works. Here is the lastest HJT:

Logfile of HijackThis v1.99.1
Scan saved at 5:49:42 PM, on 1/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\MDC\AEGIS Client\mgr8021x.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mulberry\bin32\Kstatus.exe
C:\Documents and Settings\Zach\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 198.168.1.100
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Kstatus.lnk = C:\Program Files\Mulberry\bin32\Kstatus.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125695012250
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 25 January 2006 - 05:09 PM

I suggest you do this:


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Use Add/Remove Programs and remove: If listed.
ISTsvc
SurfAccuracy
Viewpoint Manager


Open HiJackThis then:

1. Click "Misc Tools"
2. Click "Delete a NT Service"

In the Delete window, enter, NTBOOT and press OK. OK any prompts,

close HijackThis

Next:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"



delete these files if listed:
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe


Open C:\Windows\Prefetch\ Delete ALL files in this folder.



Do this also if these Temp Folders are part of your OS.

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.


Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·