Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Trojan horse and many others, incl. w32.alcra.b


  • This topic is locked This topic is locked
20 replies to this topic

#1 SAR

SAR

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 05 March 2006 - 08:49 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:30:20 AM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Q2hyaXM\command.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\s?mbols\m?iexec.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{5A632109-A9D5-EA23-ED3D-EBB588248AF9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win3208460287533] C:\WINDOWS\win3208460287533.exe
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\system32\dgfgql.exe"
O4 - HKLM\..\Run: [win3207346028753] C:\WINDOWS\win3207346028753.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINDOWS\system32\Tagasuarus7.exe
O4 - HKLM\..\Run: [ms04753346028] C:\WINDOWS\ms04753346028.exe
O4 - HKLM\..\Run: [ms03875334602] C:\WINDOWS\ms03875334602.exe
O4 - HKLM\..\Run: [sys02287533460] C:\WINDOWS\sys02287533460.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [sys09602875334] C:\WINDOWS\sys09602875334.exe
O4 - HKLM\..\Run: [win3206334602875] C:\WINDOWS\win3206334602875.exe
O4 - HKLM\..\Run: [ms05533460287] C:\WINDOWS\ms05533460287.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sys01028753346] C:\WINDOWS\sys01028753346.exe
O4 - HKLM\..\Run: [nttevbqA] C:\WINDOWS\nttevbqA.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - HKCU\..\Run: [kooq] C:\PROGRA~1\COMMON~1\kooq\kooqm.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Tbsa] "C:\WINDOWS\RACLE~1\chkdsk.exe" -vt ndrv
O4 - HKCU\..\Run: [Ayakkvfj] C:\Program Files\Common Files\s?mbols\m?iexec.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSYYYYYYDMUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - AppInit_DLLs: repairs303169536.dll
O20 - Winlogon Notify: IME - C:\WINDOWS\system32\hr8q05l5e.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:05:04 PM, 3/5/2006
+ Report-Checksum: B021E3C0

+ Scan result:

HKU\S-1-5-21-861794833-3208673119-507253198-1006\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-861794833-3208673119-507253198-1006\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
[2104] C:\WINDOWS\system32\jht500.dll -> Adware.Look2Me : Error during cleaning
[2272] C:\WINDOWS\system32\jht500.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Chris\Local Settings\Temp\C9FD3.tmp/dgfgql.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\8TRYBNM9\!update-3595[1].0000 -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\V499NO48\jw4p[1].cab/dgfgql.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\WD6V4DMB\keyboard[1].exe -> Downloader.VB.xv : Cleaned with backup
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskFFCore.dll -> Adware.SurfSide : Cleaned with backup
C:\WINDOWS\system32\c8002idmg80a2.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rWsctrs.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\sjgina.dll -> Adware.Look2Me : Cleaned with backup


::Report End

    Advertisements

Register to Remove


#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 05 March 2006 - 10:27 PM

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task .
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button , your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button .
  • You will receive a Done Scanning message, click OK .
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK .
  • Your computer will then shutdown.
  • Turn your computer back on.


    If you receive a message from your firewall about this program accessing the internet please allow it.

    If you receive a runtime error '339'. please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32. Directory
    http://www.ascentive...ib/MSWINSCK.OCX

    NEXT

    Step # 1

    Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

    http://www.majorgeek...7fd6b3ff02edc90

    REBOOT

    Step #2

    Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.

    Spybot & Adaware Tutorial

    REBOOT

    Step # 3

    Then do 2 virus scans here >>>

    Trend Micro

    Panda

    Step # 4

    Please download the trial version of Ewido Security Suite here:
    http://www.ewido.net/en/download/

    Install it, and update the definitions to the newest files.

    Next, please reboot your computer in Safe Mode by doing the following:
    1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in Safe Mode.

    Then please run Ewido, and run a full scan. Save the logfile from the scan.


  • Please post the contents of C:\Look2Me-Destroyer.txt the Ewido log and a new HiJackThis log.


#3 SAR

SAR

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 07 March 2006 - 08:35 AM

Hi again - Things are MUCH better - I can even connect to the internet without being flooded with pop-ups!
When going through the processes you recommended, I couldn't run "Trend Micro" because it kept shutting down Internet Explorer, and I couldn't save the final Ewido report - the "save report" file stayed grayed out, but I did save the "process file", "startup file", etc. I'll paste in everything I've got !
Thank you, thank you!!! Please advise what's next! My son is really looking forward to having his laptop back, and is never downloading music again - especially not from Limewire!
~Sue


Look2Me-Destroyer V1.0.7

Scanning for infected files.....
Scan started at 3/5/2006 8:48:15 PM

Infected! C:\WINDOWS\system32\dn0q01d5e.dll
Infected! C:\WINDOWS\system32\dn0q01d5e.dll
Infected! C:\WINDOWS\system32\meimg32.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\dn0q01d5e.dll
C:\WINDOWS\system32\dn0q01d5e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dn0q01d5e.dll
C:\WINDOWS\system32\dn0q01d5e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\meimg32.dll
C:\WINDOWS\system32\meimg32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7D593218-8CE3-4058-9477-616A8364DE99}"
HKCR\Clsid\{7D593218-8CE3-4058-9477-616A8364DE99}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D9B0D650-5C2E-425D-B0FC-EF04BD03BD50}"
HKCR\Clsid\{D9B0D650-5C2E-425D-B0FC-EF04BD03BD50}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EE25FC1B-59F0-4447-B98B-7E99B127FC48}"
HKCR\Clsid\{EE25FC1B-59F0-4447-B98B-7E99B127FC48}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded
------------
--------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 3:06:31 AM, 3/7/2006
+ Report-Checksum: 9C726780

0: System Process
4: System Process
136: \SystemRoot\System32\smss.exe
188: \??\C:\WINDOWS\system32\csrss.exe
212: \??\C:\WINDOWS\system32\winlogon.exe
260: C:\WINDOWS\system32\services.exe
272: C:\WINDOWS\system32\lsass.exe
432: C:\WINDOWS\system32\svchost.exe
496: C:\WINDOWS\system32\svchost.exe
564: C:\WINDOWS\system32\svchost.exe
696: C:\WINDOWS\Explorer.EXE
808: C:\Program Files\ewido anti-malware\SecuritySuite.exe
1024: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
1140: C:\WINDOWS\system32\NOTEPAD.EXE
------------------------------------------
---------------------------------------------------------
ewido anti-malware - Startup report
---------------------------------------------------------

+ Created on: 8:54:33 AM, 3/7/2006
+ Report-Checksum: 7C352E70

Reg\HKLM\Run HP Software Update c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Reg\HKLM\Run win3206334602875 C:\WINDOWS\win3206334602875.exe
Reg\HKLM\Run SoundMAXPnP C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
Reg\HKCU\Run Ayakkvfj C:\Program Files\Common Files\sуmbols\mѕiexec.exe
Reg\HKCU\Run Spyware Doctor "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
Reg\HKLM\Run HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
Reg\HKLM\Run Persistence C:\WINDOWS\system32\igfxpers.exe
Reg\HKLM\Run AGRSMMSG AGRSMMSG.exe
Reg\HKLM\Run hpWirelessAssistant C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
Reg\HKLM\Run SoundMAX C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
Reg\HKLM\Run PTHOSTTR C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
Reg\HKLM\Run UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Reg\HKLM\Run dla C:\WINDOWS\system32\dla\tfswctrl.exe
Reg\HKLM\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Reg\HKCU\Run SurfSideKick 3 C:\Program Files\SurfSideKick 3\Ssk.exe
Reg\HKLM\Run eabconfg.cpl C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
Reg\HKLM\Run Cpqset C:\Program Files\HPQ\Default Settings\cpqset.exe
Reg\HKLM\Run WatchDog C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
Reg\HKLM\Run ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Reg\HKLM\Run winupdates C:\Program Files\winupdates\winupdates.exe /auto
Reg\HKLM\Run TheMonitor C:\WINDOWS\SYSC00.exe
Reg\HKLM\Run win3207346028753 C:\WINDOWS\win3207346028753.exe
Reg\HKLM\Run webHancer Survey Companion "C:\Program Files\webHancer\Programs\whSurvey.exe"
Reg\HKLM\Run ahkw C:\windows\eee2.exe
Reg\HKLM\Run loadadv64 C:\WINDOWS\system32\loadadv64
Reg\HKLM\Run Tagasuarus7.exe C:\WINDOWS\system32\Tagasuarus7.exe
Reg\HKLM\Run ms04753346028 C:\WINDOWS\ms04753346028.exe
Reg\HKLM\Run ms03875334602 C:\WINDOWS\ms03875334602.exe
Reg\HKLM\Run sys02287533460 C:\WINDOWS\sys02287533460.exe
Reg\HKLM\Run IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Reg\HKLM\Run MSPY2002 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
Reg\HKLM\Run PHIME2002ASync C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Reg\HKLM\Run PHIME2002A C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Reg\HKLM\Run sys09602875334 C:\WINDOWS\sys09602875334.exe
Reg\HKLM\Run ms05533460287 C:\WINDOWS\ms05533460287.exe
Reg\HKLM\Run ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Reg\HKLM\Run Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Reg\HKLM\Run sys01028753346 C:\WINDOWS\sys01028753346.exe
Reg\HKLM\Run nttevbqA C:\WINDOWS\nttevbqA.exe
Reg\HKLM\Run AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Reg\HKLM\Run SurfSideKick 3 C:\Program Files\SurfSideKick 3\Ssk.exe
Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Reg\HKCU\Run MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Reg\HKCU\Run services32 C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
Reg\HKCU\Run kooq C:\PROGRA~1\COMMON~1\kooq\kooqm.exe
Reg\HKCU\Run CU1 C:\Program Files\Common Files\VCClient\VCClient.exe
Reg\HKCU\Run CU2 C:\Program Files\Common Files\VCClient\VCMain.exe
Reg\HKCU\Run Tbsa "C:\WINDOWS\RACLE~1\chkdsk.exe" -vt ndrv
Reg\HKLM\Run IgfxTray C:\WINDOWS\system32\igfxtray.exe
Reg\HKLM\Run win3208460287533 C:\WINDOWS\win3208460287533.exe
Shell\CommonStartup HP Digital Imaging Monitor.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
Shell\CommonStartup DVD Check.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk

--------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:30:20 AM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Q2hyaXM\command.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\s?mbols\m?iexec.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{5A632109-A9D5-EA23-ED3D-EBB588248AF9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win3208460287533] C:\WINDOWS\win3208460287533.exe
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\system32\dgfgql.exe"
O4 - HKLM\..\Run: [win3207346028753] C:\WINDOWS\win3207346028753.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINDOWS\system32\Tagasuarus7.exe
O4 - HKLM\..\Run: [ms04753346028] C:\WINDOWS\ms04753346028.exe
O4 - HKLM\..\Run: [ms03875334602] C:\WINDOWS\ms03875334602.exe
O4 - HKLM\..\Run: [sys02287533460] C:\WINDOWS\sys02287533460.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [sys09602875334] C:\WINDOWS\sys09602875334.exe
O4 - HKLM\..\Run: [win3206334602875] C:\WINDOWS\win3206334602875.exe
O4 - HKLM\..\Run: [ms05533460287] C:\WINDOWS\ms05533460287.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sys01028753346] C:\WINDOWS\sys01028753346.exe
O4 - HKLM\..\Run: [nttevbqA] C:\WINDOWS\nttevbqA.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - HKCU\..\Run: [kooq] C:\PROGRA~1\COMMON~1\kooq\kooqm.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Tbsa] "C:\WINDOWS\RACLE~1\chkdsk.exe" -vt ndrv
O4 - HKCU\..\Run: [Ayakkvfj] C:\Program Files\Common Files\s?mbols\m?iexec.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSYYYYYYDMUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - AppInit_DLLs: repairs303169536.dll
O20 - Winlogon Notify: IME - C:\WINDOWS\system32\hr8q05l5e.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-------------This is another error report log that was generated----------
#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
# Internal Error (53484152454432554E54494D450E43505001A3), pid=3872, tid=3752
#
# Java VM: Java HotSpot™ Client VM (1.5.0_06-b05 mixed mode, sharing)

--------------- T H R E A D ---------------

Current thread (0x08996560): JavaThread "main" [_thread_in_Java, id=3752]

Stack: [0x071b0000,0x072b0000), sp=0x072aae00, free space=1003k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x6d78d540
C 0x6d6d2c36
C 0x6d7615b5
C 0x6d747cfe
C 0x6d749324
C 0x6d6f447a
C 0x6d6e6f5d
C 0x6d6e5e58
C 0x6d734baa
C 0x6d735847
C 0x6d73572d
C 0x6d6efc8d
j com.sun.deploy.util.URLUtil.encodePath(Ljava/lang/String;)Ljava/lang/String;+215
j com.sun.deploy.config.Config.getDefaultProps()Ljava/util/Properties;+175
j com.sun.deploy.config.Config.initialize()Z+2
j com.sun.deploy.config.Config.<clinit>()V+1176
v ~StubRoutines::call_stub
C 0x6d6f45a9
C 0x6d749317
C 0x6d6f447a
C 0x6d6e6f5d
C 0x6d6e5e58
C 0x6d734baa
C 0x6d735847
C 0x6d73572d
C 0x6d6efc8d
j sun.plugin.util.PluginConfig.<init>()V+8
j sun.plugin.util.UserProfile.<clinit>()V+4
v ~StubRoutines::call_stub
C 0x6d6f45a9
C 0x6d749317
C 0x6d6f447a
C 0x6d6e6f5d
C 0x6d6e5e58
C 0x6d734baa
C 0x6d735847
C 0x6d73572d
C 0x6d6efc8d
j sun.plugin.AppletViewer.loadPropertiesFiles()V+4
j sun.plugin.JavaRunTime.initEnvironment(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V+45
v ~StubRoutines::call_stub
C 0x6d6f45a9
C 0x6d749317
C 0x6d6f447a
C 0x6d6fb4b3
C 0x6d451d51
C 0x6d451eb2
C 0x6d405a1d
C 0x6d591aae
C [ole32.dll+0x47de2]
C [ole32.dll+0x4fdb4]
C [ole32.dll+0x4face]
C [ole32.dll+0x5f7bb]
C [ole32.dll+0x5f6a2]
C [ole32.dll+0x5f88d]
C [ole32.dll+0x5f839]
C [ole32.dll+0x5052b]
C [ole32.dll+0x504e2]
C [ole32.dll+0x5f8e0]
C [ole32.dll+0x5f6a2]
C [ole32.dll+0x5f6bc]
C [ole32.dll+0x5f6a2]
C [ole32.dll+0x5f536]
C [ole32.dll+0x5f3ef]
C [ole32.dll+0x5f371]
C [urlmon.dll+0x4df19]
C [urlmon.dll+0x47a1b]
C [urlmon.dll+0x49e10]
C [urlmon.dll+0x4b02c]
C [USER32.dll+0x8709]
C [USER32.dll+0x9655]
C [USER32.dll+0x958f]
C [USER32.dll+0x89e8]
C [BROWSEUI.dll+0x26f6d]
C [BROWSEUI.dll+0x2e8b3]
C [BROWSEUI.dll+0x2ea19]
C [BROWSEUI.dll+0x2ecbd]
C [kernel32.dll+0xb50b]


--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x08b3dd50 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2872]
0x08b3d960 JavaThread "AWT-Shutdown" [_thread_in_Java, id=2392]
0x08b3cc00 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2340]
0x08a3faa8 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2248]
0x063e68a8 JavaThread "CompilerThread0" daemon [_thread_blocked, id=2500]
0x089ad780 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2208]
0x089d3588 JavaThread "Finalizer" daemon [_thread_blocked, id=872]
0x08a3e0a8 JavaThread "Reference Handler" daemon [_thread_blocked, id=172]
=>0x08996560 JavaThread "main" [_thread_in_Java, id=3752]

Other Threads:
0x08999d10 VMThread [id=532]
0x08999db8 WatcherThread [id=2304]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 576K, used 131K [0x20f00000, 0x20fa0000, 0x21660000)
eden space 512K, 13% used [0x20f00000, 0x20f10f98, 0x20f80000)
from space 64K, 100% used [0x20f90000, 0x20fa0000, 0x20fa0000)
to space 64K, 0% used [0x20f80000, 0x20f80000, 0x20f90000)
tenured generation total 1408K, used 193K [0x21660000, 0x217c0000, 0x26f00000)
the space 1408K, 13% used [0x21660000, 0x216906c0, 0x21690800, 0x217c0000)
compacting perm gen total 8192K, used 244K [0x26f00000, 0x27700000, 0x2af00000)
the space 8192K, 2% used [0x26f00000, 0x26f3d2d0, 0x26f3d400, 0x27700000)
ro space 8192K, 63% used [0x2af00000, 0x2b40b178, 0x2b40b200, 0x2b700000)
rw space 12288K, 46% used [0x2b700000, 0x2bc99fa8, 0x2bc9a000, 0x2c300000)

Dynamic libraries:
0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\iexplore.exe
0x7c900000 - 0x7c9b0000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f4000 C:\WINDOWS\system32\kernel32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77d40000 - 0x77dd0000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f56000 C:\WINDOWS\system32\GDI32.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f01000 C:\WINDOWS\system32\RPCRT4.dll
0x77760000 - 0x778cc000 C:\WINDOWS\system32\SHDOCVW.dll
0x77a80000 - 0x77b14000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x754d0000 - 0x75550000 C:\WINDOWS\system32\CRYPTUI.dll
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x77120000 - 0x771ac000 C:\WINDOWS\system32\OLEAUT32.dll
0x774e0000 - 0x7761c000 C:\WINDOWS\system32\ole32.dll
0x5b860000 - 0x5b8b4000 C:\WINDOWS\system32\NETAPI32.dll
0x771b0000 - 0x77256000 C:\WINDOWS\system32\WININET.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
0x629c0000 - 0x629c9000 C:\WINDOWS\system32\LPK.DLL
0x74d90000 - 0x74dfb000 C:\WINDOWS\system32\USP10.dll
0x40200000 - 0x4021a000 C:\WINDOWS\system32\repairs303169536.dll
0x773d0000 - 0x774d2000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x5a800000 - 0x5a817000 C:\Program Files\Spyware Doctor\Tools\eg.dat
0x7c9c0000 - 0x7d1d4000 C:\WINDOWS\system32\SHELL32.dll
0x5d090000 - 0x5d127000 C:\WINDOWS\system32\comctl32.dll
0x5a000000 - 0x5a018000 C:\Program Files\Spyware Doctor\Tools\klg.dat
0x00d10000 - 0x00d28000 C:\Program Files\Spyware Doctor\Tools\swpg.dat
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x75f80000 - 0x7607c000 C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 - 0x20012000 C:\WINDOWS\system32\browselc.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\appHelp.dll
0x76fd0000 - 0x7704f000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
0x77260000 - 0x772fc000 C:\WINDOWS\system32\urlmon.dll
0x77a20000 - 0x77a74000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661d000 C:\WINDOWS\System32\CSCDLL.dll
0x77920000 - 0x77a13000 C:\WINDOWS\system32\SETUPAPI.dll
0x62900000 - 0x62962000 C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
0x71ad0000 - 0x71ad9000 C:\WINDOWS\system32\WSOCK32.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.DLL
0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll
0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll
0x75cf0000 - 0x75d81000 C:\WINDOWS\system32\mlang.dll
0x10000000 - 0x10035000 C:\Program Files\Norton AntiVirus\NavShExt.dll
0x7c120000 - 0x7c139000 C:\WINDOWS\system32\ATL71.DLL
0x7c3a0000 - 0x7c41b000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 - 0x7c396000 C:\WINDOWS\system32\MSVCR71.dll
0x6af30000 - 0x6af6d000 C:\Program Files\Common Files\Symantec Shared\ccL30.dll
0x75e90000 - 0x75f40000 C:\WINDOWS\system32\SXS.DLL
0x02000000 - 0x022c5000 C:\WINDOWS\system32\xpsp2res.dll
0x7d1e0000 - 0x7d492000 C:\WINDOWS\system32\msi.dll
0x769c0000 - 0x76a73000 C:\WINDOWS\system32\USERENV.dll
0x65200000 - 0x65214000 C:\Program Files\Yahoo!\Companion\Installs\cpn\pubmod.dll
0x65000000 - 0x65032000 C:\Program Files\Yahoo!\Companion\Installs\cpn\ypubc.dll
0x64100000 - 0x6411d000 C:\Program Files\Yahoo!\Companion\Installs\cpn\YMERemote.dll
0x02ab0000 - 0x02b38000 C:\WINDOWS\system32\shdoclc.dll
0x5ff20000 - 0x5ff46000 C:\WINDOWS\system32\MSRATING.dll
0x5ff50000 - 0x5ff61000 C:\WINDOWS\system32\msratelc.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\system32\mswsock.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x77c70000 - 0x77c93000 C:\WINDOWS\system32\msv1_0.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll
0x722b0000 - 0x722b5000 C:\WINDOWS\system32\sensapi.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x7d4a0000 - 0x7d782000 C:\WINDOWS\system32\mshtml.dll
0x746c0000 - 0x746e7000 C:\WINDOWS\system32\msls31.dll
0x03a30000 - 0x03a44000 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
0x03a50000 - 0x03a63000 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
0x6b180000 - 0x6b192000 C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
0x0ffd0000 - 0x0fff8000 C:\WINDOWS\system32\rsaenh.dll
0x75c50000 - 0x75cbe000 c:\windows\system32\jscript.dll
0x746f0000 - 0x7471a000 C:\WINDOWS\system32\msimtf.dll
0x74720000 - 0x7476b000 C:\WINDOWS\system32\MSCTF.dll
0x325c0000 - 0x325d2000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x66e50000 - 0x66e8f000 C:\WINDOWS\system32\iepeers.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76200000 - 0x76271000 C:\WINDOWS\system32\mshtmled.dll
0x40700000 - 0x4071c000 C:\Program Files\SurfSideKick 3\SskBho.dll
0x40500000 - 0x40546000 C:\Program Files\SurfSideKick 3\SskCore.dll
0x74980000 - 0x74ab0000 C:\WINDOWS\system32\msxml3.dll
0x4d4f0000 - 0x4d548000 C:\WINDOWS\system32\WINHTTP.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
0x767f0000 - 0x76817000 C:\WINDOWS\system32\schannel.dll
0x68100000 - 0x68124000 C:\WINDOWS\system32\dssenh.dll
0x05800000 - 0x05815000 C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll
0x73300000 - 0x73367000 c:\windows\system32\vbscript.dll
0x73dd0000 - 0x73ece000 C:\WINDOWS\system32\MFC42.DLL
0x05830000 - 0x059bd000 C:\WINDOWS\system32\macromed\flash\flash.ocx
0x763b0000 - 0x763f9000 C:\WINDOWS\system32\comdlg32.dll
0x6d430000 - 0x6d43a000 C:\WINDOWS\system32\ddrawex.dll
0x73760000 - 0x737a9000 C:\WINDOWS\system32\DDRAW.dll
0x73bc0000 - 0x73bc6000 C:\WINDOWS\system32\DCIMAN32.dll
0x76d40000 - 0x76d58000 C:\WINDOWS\system32\MPRAPI.dll
0x77cc0000 - 0x77cf2000 C:\WINDOWS\system32\ACTIVEDS.dll
0x76e10000 - 0x76e35000 C:\WINDOWS\system32\adsldpc.dll
0x76b20000 - 0x76b31000 C:\WINDOWS\system32\ATL.DLL
0x71bf0000 - 0x71c03000 C:\WINDOWS\system32\SAMLIB.dll
0x71d40000 - 0x71d5c000 C:\WINDOWS\system32\actxprxy.dll
0x66880000 - 0x6688c000 C:\WINDOWS\system32\ImgUtil.dll
0x72b20000 - 0x72b38000 C:\WINDOWS\system32\plugin.ocx
0x5e310000 - 0x5e31c000 C:\WINDOWS\system32\pngfilt.dll
0x6bdd0000 - 0x6be05000 C:\WINDOWS\system32\dxtrans.dll
0x6be10000 - 0x6be6a000 C:\WINDOWS\system32\dxtmsft.dll
0x6e4a0000 - 0x6e4ac000 C:\WINDOWS\system32\corpol.dll
0x75e60000 - 0x75e73000 C:\WINDOWS\system32\cryptnet.dll
0x76f50000 - 0x76f58000 C:\WINDOWS\system32\WtsApi32.dll
0x76360000 - 0x76370000 C:\WINDOWS\system32\WINSTA.dll
0x76bb0000 - 0x76bb5000 C:\WINDOWS\system32\SFC.DLL
0x76c60000 - 0x76c8a000 C:\WINDOWS\system32\sfc_os.dll
0x75260000 - 0x75289000 C:\WINDOWS\system32\ADVPACK.DLL
0x75150000 - 0x75164000 C:\WINDOWS\system32\Cabinet.dll
0x605f0000 - 0x605fe000 C:\WINDOWS\system32\MSISIP.DLL

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_06 -Djavaplugin.nodotversion=150_06 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE15~1.0_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_06 -Djavaplugin.nodotversion=150_06 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol vfprintf
java_command: <unknown>
Launcher Type: generic

Environment Variables:
PATH=C:\PROGRA~1\Java\JRE15~1.0_0\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;.
USERNAME=Chris
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 2

CPU:total 1 family 6, cmov, cx8, fxsr, mmx, sse, sse2

Memory: 4k page, physical 777584k(346696k free), swap 1901104k(1421604k free)

vm_info: Java HotSpot™ Client VM (1.5.0_06-b05) for windows-x86, built on Nov 10 2005 11:12:14 by "java_re" with MS VC++ 6.0

-----and an "Active Scan" log------

Incident Status Location

Adware:adware/superspider Not disinfected C:\WINDOWS\SYSTEM32\a.exe
Spyware:spyware/surfsidekick Not disinfected C:\WINDOWS\SYSTEM32\bk.exe
Potentially unwanted tool:application/mywebsearch Not disinfected C:\WINDOWS\SYSTEM32\f3PSSavr.scr
Potentially unwanted tool:application/funweb Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Spyware:spyware/media-motor Not disinfected C:\WINDOWS\mm63.ocx
Adware:adware/commad Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Chris\Cookies\chris@2o7[1].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Chris\Cookies\chris@64.62.232[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Chris\Cookies\chris@ads.pointroll[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chris\Cookies\chris@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chris\Cookies\chris@as-us.falkag[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Chris\Cookies\chris@ask[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Chris\Cookies\chris@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chris\Cookies\chris@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chris\Cookies\chris@dist.belnk[2].txt
Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\Chris\Cookies\chris@gangbangsquad[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Chris\Cookies\chris@go[2].txt
Spyware:Cookie/Socalcoeds Not disinfected C:\Documents and Settings\Chris\Cookies\chris@socalcoeds[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Chris\Cookies\chris@toplist[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Chris\Cookies\chris@trafficmp[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Chris\Cookies\chris@webpower[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Chris\Cookies\chris@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Chris\Cookies\chris@z1.adserver[1].txt
Virus:Trj/Downloader.HXO Not disinfected C:\Documents and Settings\Chris\a.exe
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Chris\Cookies\chris@2o7[1].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Chris\Cookies\chris@64.62.232[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Chris\Cookies\chris@ads.pointroll[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chris\Cookies\chris@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chris\Cookies\chris@as-us.falkag[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Chris\Cookies\chris@ask[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Chris\Cookies\chris@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chris\Cookies\chris@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chris\Cookies\chris@dist.belnk[2].txt
Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\Chris\Cookies\chris@gangbangsquad[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Chris\Cookies\chris@go[2].txt

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 07 March 2006 - 11:09 AM

It looks like you have 2 anti virus programs running. This is never recommended as they will conflict with each other. I would advise you remove one of them.

Go to add/remove programa and look for WebHaner and SurfSideKick and remove if present.

Next scan with hijackthis and put a check beside these lines and choose FIX

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - URLSearchHook: (no name) - _{5A632109-A9D5-EA23-ED3D-EBB588248AF9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win3208460287533] C:\WINDOWS\win3208460287533.exe
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\system32\dgfgql.exe"
O4 - HKLM\..\Run: [win3207346028753] C:\WINDOWS\win3207346028753.exe
O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINDOWS\system32\Tagasuarus7.exe
O4 - HKLM\..\Run: [ms04753346028] C:\WINDOWS\ms04753346028.exe
O4 - HKLM\..\Run: [ms03875334602] C:\WINDOWS\ms03875334602.exe
O4 - HKLM\..\Run: [sys02287533460] C:\WINDOWS\sys02287533460.exe
O4 - HKLM\..\Run: [sys09602875334] C:\WINDOWS\sys09602875334.exe
O4 - HKLM\..\Run: [win3206334602875] C:\WINDOWS\win3206334602875.exe
O4 - HKLM\..\Run: [ms05533460287] C:\WINDOWS\ms05533460287.exe
O4 - HKLM\..\Run: [sys01028753346] C:\WINDOWS\sys01028753346.exe
O4 - HKLM\..\Run: [nttevbqA] C:\WINDOWS\nttevbqA.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - HKCU\..\Run: [kooq] C:\PROGRA~1\COMMON~1\kooq\kooqm.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Tbsa] "C:\WINDOWS\RACLE~1\chkdsk.exe" -vt ndrv
O4 - HKCU\..\Run: [Ayakkvfj] C:\Program Files\Common Files\s?mbols\m?iexec.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSYYYYYYDMUS

O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)


O20 - AppInit_DLLs: repairs303169536.dll
O20 - Winlogon Notify: IME - C:\WINDOWS\system32\hr8q05l5e.dll

Then reboot to safe mode and delete these files/folders if present

C:\Program Files\winupdates <<<folder
C:\\keyboard.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\win3208460287533.exe
C:\WINDOWS\system32\dgfgql.exe"
C:\WINDOWS\win3207346028753.exe
C:\windows\eee2.exe
C:\WINDOWS\system32\loadadv64
C:\WINDOWS\system32\Tagasuarus7.exe
C:\WINDOWS\ms04753346028.exe
C:\WINDOWS\ms03875334602.exe
C:\WINDOWS\sys02287533460.exe
C:\WINDOWS\sys09602875334.exe
C:\WINDOWS\win3206334602875.exe
C:\WINDOWS\ms05533460287.exe
C:\WINDOWS\sys01028753346.exe
C:\WINDOWS\nttevbqA.exe
C:\Program Files\SurfSideKick 3 <<<folder
C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
C:\PROGRA~1\COMMON~1\kooq <<<folder
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\WINDOWS\RACLE~1 <<< folder, look for the first 5 letters

While still in safe mode scan with Ewdio again allowing it to fix what it finds.

Then reboot and scan again with Look2Me Destroyer. Then post the logs for Ewido (if you can), Destroyer and a new hijackthis log please.

#5 SAR

SAR

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 07 March 2006 - 09:04 PM

OK, I deleted Norton and kept AVG (make sense?). The Ewido freezes up while fixing infections each time it gets to Surfsidekick. It cleans some and then locks up, and it doesn't save a log. The Look2Me Destroyer didn't generate a log - it said "done cleaning infected files" but the box was empty and no log was saved. The only thing that comes up on scans, etc is the SurfSidekick now ; 0 ) When I tried to remove it from the Program Files folder it said it could not be removed because it was in use by another application. I did delete it when I was in Safe Mode and it no longer appears in the program files but it does in the scans and when Ewido pops up to alert you of an infected file.
Here is the latest hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6:53:16 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe
C:\WINDOWS\system32\HPZinw12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\system32\wdc1n.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - AppInit_DLLs: repairs303169536.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 07 March 2006 - 10:09 PM

Please download WebRoot SpySweeper from HERE >>> http://www.webroot.c...ode=af1&rc=3597 (It's a 2 week trial):
Click the Free Trial link under to "SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
Please UNCHECK Do not Sweep System Restore Folder.
Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply as well as a new hijackthsi log please.

#7 SAR

SAR

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 08 March 2006 - 06:07 AM

********
3:32 AM: | Start of Session, Wednesday, March 08, 2006 |
3:32 AM: Spy Sweeper started
3:32 AM: Sweep initiated using definitions version 625
3:32 AM: Starting Memory Sweep
3:32 AM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Execution Denied
3:32 AM: The Spy Communication shield has blocked access to: dl.surfsidekick.com
3:32 AM: The Spy Communication shield has blocked access to: dl.surfsidekick.com
3:32 AM: The Spy Communication shield has blocked access to: dl.surfsidekick.com
3:32 AM: The Spy Communication shield has blocked access to: dl.surfsidekick.com
3:32 AM: The Spy Communication shield has blocked access to: dl.surfsidekick.com
3:32 AM: The Spy Communication shield has blocked access to: dl.surfsidekick.com
3:36 AM: Memory Sweep Complete, Elapsed Time: 00:03:31
3:36 AM: Starting Registry Sweep
3:36 AM: Found Adware: elitemediagroup-mediamotor
3:36 AM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
3:36 AM: Found Adware: webhancer
3:36 AM: HKLM\software\microsoft\windows\currentversion\run\ || webhancer survey companion (ID = 146273)
3:36 AM: Found Adware: zenosearchassistant
3:36 AM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\enhanced ads by zeno\ (2 subtraces) (ID = 147931)
3:36 AM: Found Adware: surfsidekick
3:36 AM: HKLM\software\microsoft\windows nt\currentversion\windows\ || appinit_dlls (ID = 819064)
3:36 AM: Found Adware: enbrowser
3:36 AM: HKLM\software\system\sysold\ (ID = 926808)
3:36 AM: Found Adware: command
3:36 AM: HKLM\system\currentcontrolset\services\cmdservice\ (13 subtraces) (ID = 958670)
3:36 AM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
3:36 AM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
3:36 AM: HKU\S-1-5-21-861794833-3208673119-507253198-1006\software\system\sysuid\ (1 subtraces) (ID = 731748)
3:36 AM: Registry Sweep Complete, Elapsed Time:00:00:11
3:36 AM: Starting Cookie Sweep
3:36 AM: Found Spy Cookie: 64.62.232 cookie
3:36 AM: chris@64.62.232[2].txt (ID = 1987)
3:36 AM: Found Spy Cookie: websponsors cookie
3:36 AM: chris@a.websponsors[2].txt (ID = 3665)
3:36 AM: Found Spy Cookie: about cookie
3:36 AM: chris@about[2].txt (ID = 2037)
3:36 AM: Found Spy Cookie: adknowledge cookie
3:36 AM: chris@adknowledge[2].txt (ID = 2072)
3:36 AM: Found Spy Cookie: hbmediapro cookie
3:36 AM: chris@adopt.hbmediapro[2].txt (ID = 2768)
3:36 AM: Found Spy Cookie: adrevolver cookie
3:36 AM: chris@adrevolver[1].txt (ID = 2088)
3:36 AM: Found Spy Cookie: falkag cookie
3:36 AM: chris@as-eu.falkag[1].txt (ID = 2650)
3:36 AM: Found Spy Cookie: ask cookie
3:36 AM: chris@ask[1].txt (ID = 2245)
3:36 AM: Found Spy Cookie: atwola cookie
3:36 AM: chris@atwola[1].txt (ID = 2255)
3:36 AM: Found Spy Cookie: azjmp cookie
3:36 AM: chris@azjmp[2].txt (ID = 2270)
3:36 AM: Found Spy Cookie: bannerspace cookie
3:36 AM: chris@bannerspace[1].txt (ID = 2284)
3:36 AM: Found Spy Cookie: banners cookie
3:36 AM: chris@banners[1].txt (ID = 2282)
3:36 AM: Found Spy Cookie: belnk cookie
3:36 AM: chris@belnk[1].txt (ID = 2292)
3:36 AM: chris@compactiongames.about[1].txt (ID = 2038)
3:36 AM: Found Spy Cookie: customer cookie
3:36 AM: chris@customer[1].txt (ID = 2481)
3:36 AM: chris@dist.belnk[2].txt (ID = 2293)
3:36 AM: Found Spy Cookie: go.com cookie
3:36 AM: chris@espn.go[1].txt (ID = 2729)
3:36 AM: Found Spy Cookie: exitexchange cookie
3:36 AM: chris@exitexchange[1].txt (ID = 2633)
3:36 AM: Found Spy Cookie: gamespy cookie
3:36 AM: chris@gamespy[1].txt (ID = 2719)
3:36 AM: Found Spy Cookie: gangbangsquad cookie
3:36 AM: chris@gangbangsquad[2].txt (ID = 2720)
3:36 AM: chris@go[2].txt (ID = 2728)
3:36 AM: chris@hbmediapro[1].txt (ID = 2767)
3:36 AM: Found Spy Cookie: kmpads cookie
3:36 AM: chris@kmpads[2].txt (ID = 2909)
3:36 AM: Found Spy Cookie: military cookie
3:36 AM: chris@military[1].txt (ID = 2996)
3:36 AM: Found Spy Cookie: mywebsearch cookie
3:36 AM: chris@mywebsearch[1].txt (ID = 3051)
3:36 AM: Found Spy Cookie: nextag cookie
3:36 AM: chris@nextag[2].txt (ID = 5014)
3:36 AM: Found Spy Cookie: oinadserve cookie
3:36 AM: chris@oinadserve[2].txt (ID = 3091)
3:36 AM: Found Spy Cookie: socalcoeds.com cookie
3:36 AM: chris@socalcoeds[2].txt (ID = 3393)
3:36 AM: Found Spy Cookie: toplist cookie
3:36 AM: chris@toplist[2].txt (ID = 3557)
3:36 AM: Found Spy Cookie: videodome cookie
3:36 AM: chris@videodome[2].txt (ID = 3638)
3:36 AM: Found Spy Cookie: webpower cookie
3:36 AM: chris@webpower[2].txt (ID = 3660)
3:36 AM: Found Spy Cookie: xiti cookie
3:36 AM: chris@xiti[1].txt (ID = 3717)
3:36 AM: Found Spy Cookie: adserver cookie
3:36 AM: chris@z1.adserver[1].txt (ID = 2142)
3:36 AM: Found Spy Cookie: bizrate cookie
3:36 AM: system@bizrate[2].txt (ID = 2308)
3:36 AM: Found Spy Cookie: clickandtrack cookie
3:36 AM: system@hits.clickandtrack[2].txt (ID = 2397)
3:36 AM: Found Spy Cookie: partypoker cookie
3:36 AM: system@partypoker[1].txt (ID = 3111)
3:36 AM: Found Spy Cookie: redzip cookie
3:36 AM: system@www.redzip[2].txt (ID = 3250)
3:36 AM: Cookie Sweep Complete, Elapsed Time: 00:00:06
3:36 AM: Starting File Sweep
3:36 AM: c:\program files\surfsidekick 3 (2 subtraces) (ID = -2147480186)
3:37 AM: Found Trojan Horse: trojan-dh
3:37 AM: win.exe (ID = 247816)
3:37 AM: Found Adware: bookedspace
3:37 AM: tefxnablxl.qqc (ID = 164348)
3:37 AM: qwohctpe.ljv (ID = 164416)
3:37 AM: yykjvrxqkpl.het (ID = 158998)
3:44 AM: wqvpqko.uvo (ID = 164350)
3:44 AM: jeqtgzehmt.eah (ID = 159040)
3:44 AM: ctyihsmkp.del (ID = 164357)
3:44 AM: cwftcml.rft (ID = 159013)
3:44 AM: ghcygjr.bov (ID = 159017)
3:44 AM: xlneqxfptdh.ero (ID = 159027)
3:44 AM: ttctvuom.hmy (ID = 158991)
3:45 AM: jjihaddtd.lxv (ID = 164392)
3:45 AM: doukcogekn.fko (ID = 159005)
3:45 AM: swrmoul.oua (ID = 159030)
3:45 AM: cnbbyia.okd (ID = 159004)
3:45 AM: uktqsjt.xrm (ID = 159003)
3:45 AM: czlsyjk.kec (ID = 158995)
3:45 AM: yfhjfsjhw.dvd (ID = 159020)
3:45 AM: afnawhghuj.ywq (ID = 159037)
3:45 AM: jddeeek.pzs (ID = 159016)
3:45 AM: fawxnvfiacf.tmn (ID = 164403)
3:45 AM: uzdkgznp.flz (ID = 164398)
3:46 AM: bgiduyi.bks (ID = 164380)
3:46 AM: dsiticpqpns.nvp (ID = 158988)
3:46 AM: qxfyjghjr.edn (ID = 164351)
3:46 AM: wmfaxnbfbhs.fxp (ID = 159047)
3:46 AM: dlhfdtunzze.bts (ID = 159045)
3:46 AM: vzjmhid.hko (ID = 159060)
3:46 AM: oyaefvcqvc.dda (ID = 158986)
3:46 AM: jaepvithpg.ybh (ID = 164361)
3:46 AM: szhsutk.gqk (ID = 164410)
3:46 AM: vuxmiwebsor.sbj (ID = 159024)
3:46 AM: hjkayga.pmu (ID = 159019)
3:47 AM: poxhitbyj.geq (ID = 159056)
3:47 AM: mchznzqb.ttl (ID = 159014)
3:47 AM: xmjsmdza.oga (ID = 159058)
3:47 AM: otewmhoupr.soi (ID = 164404)
3:47 AM: old46.tmp (ID = 83802)
3:47 AM: dhsxmnlfvoy.zjc (ID = 164372)
3:47 AM: sxsfzcugfk.gvu (ID = 164377)
3:47 AM: bzcphhk.xcg (ID = 159028)
3:47 AM: ctltoqsaqe.asd (ID = 159061)
3:47 AM: svbgkdmlg.gav (ID = 164354)
3:47 AM: ejathaxuq.uav (ID = 159012)
3:48 AM: yrursyjklnv.kii (ID = 159025)
3:48 AM: tcqcrnwey.ocs (ID = 164373)
3:48 AM: nbmoche.vdw (ID = 164342)
3:48 AM: vlehwxjq.dfi (ID = 159026)
3:48 AM: kramtvkquho.wwd (ID = 164415)
3:48 AM: bribgeiunri.rpp (ID = 159018)
3:48 AM: Found Adware: targetsaver
3:48 AM: tsupdate2[1].ini (ID = 193498)
3:48 AM: djiiorpmkqb.idz (ID = 158994)
3:48 AM: yidwfmezz.yxw (ID = 164408)
3:48 AM: yzmvacnfud.ifc (ID = 159031)
3:48 AM: jydccxhefz.xsw (ID = 159035)
3:48 AM: qrpgjlehkuu.lkw (ID = 158987)
3:48 AM: ynbvrfabn.pbw (ID = 159052)
3:48 AM: treqdggpg.ivo (ID = 159038)
3:48 AM: ykqifty.elc (ID = 159001)
3:48 AM: sztcrbaqc.vzr (ID = 159051)
3:48 AM: bmdcqdjjega.yhi (ID = 164367)
3:48 AM: kcbocmmtgrq.ynb (ID = 158990)
3:48 AM: dbwoyuumzn.pyp (ID = 159029)
3:48 AM: vcorwokg.ggs (ID = 159010)
3:48 AM: nkzrqfr.hmz (ID = 159046)
3:48 AM: dfyceiqr.zst (ID = 159059)
3:48 AM: bdnfchedxw.mnt (ID = 159023)
3:49 AM: lxdbchw.cfa (ID = 164344)
3:49 AM: gmpqkwn.ywk (ID = 158997)
3:49 AM: Found Trojan Horse: trojan downloader matcash
3:49 AM: explorer.exe (ID = 247512)
3:50 AM: kdclkbipivw.daa (ID = 164390)
3:50 AM: gwxxvjrj.geu (ID = 159015)
3:51 AM: win.exe (ID = 247816)
3:54 AM: vocabulary (ID = 78283)
3:54 AM: class-barrel (ID = 78229)
3:55 AM: Found Trojan Horse: trojan-downloader-nextern
3:55 AM: klsx9e.exe (ID = 254873)
3:55 AM: Found Adware: quicklink search toolbar
3:55 AM: f50i.tcp (ID = 208796)
3:56 AM: Warning: Unhandled Archive Type
3:56 AM: Warning: Unhandled Archive Type
3:56 AM: Warning: Invalid Stream
3:56 AM: Warning: Invalid Stream
3:56 AM: Warning: Invalid Stream
3:56 AM: File Sweep Complete, Elapsed Time: 00:20:14
3:56 AM: Full Sweep has completed. Elapsed time 00:24:06
3:56 AM: Traces Found: 157
4:00 AM: Removal process initiated
4:00 AM: Quarantining All Traces: trojan downloader matcash
4:00 AM: Quarantining All Traces: elitemediagroup-mediamotor
4:00 AM: Quarantining All Traces: enbrowser
4:00 AM: Quarantining All Traces: quicklink search toolbar
4:00 AM: Quarantining All Traces: trojan-dh
4:00 AM: Quarantining All Traces: trojan-downloader-nextern
4:00 AM: Quarantining All Traces: bookedspace
4:00 AM: Quarantining All Traces: command
4:00 AM: Quarantining All Traces: targetsaver
4:00 AM: Quarantining All Traces: webhancer
4:00 AM: Quarantining All Traces: zenosearchassistant
4:00 AM: Quarantining All Traces: 64.62.232 cookie
4:00 AM: Quarantining All Traces: about cookie
4:00 AM: Quarantining All Traces: adknowledge cookie
4:00 AM: Quarantining All Traces: adrevolver cookie
4:00 AM: Quarantining All Traces: adserver cookie
4:00 AM: Quarantining All Traces: ask cookie
4:00 AM: Quarantining All Traces: atwola cookie
4:00 AM: Quarantining All Traces: azjmp cookie
4:00 AM: Quarantining All Traces: banners cookie
4:00 AM: Quarantining All Traces: bannerspace cookie
4:00 AM: Quarantining All Traces: belnk cookie
4:00 AM: Quarantining All Traces: bizrate cookie
4:00 AM: Quarantining All Traces: clickandtrack cookie
4:00 AM: Quarantining All Traces: customer cookie
4:00 AM: Quarantining All Traces: exitexchange cookie
4:00 AM: Quarantining All Traces: falkag cookie
4:00 AM: Quarantining All Traces: gamespy cookie
4:00 AM: Quarantining All Traces: gangbangsquad cookie
4:00 AM: Quarantining All Traces: go.com cookie
4:00 AM: Quarantining All Traces: hbmediapro cookie
4:00 AM: Quarantining All Traces: kmpads cookie
4:00 AM: Quarantining All Traces: military cookie
4:00 AM: Quarantining All Traces: mywebsearch cookie
4:00 AM: Quarantining All Traces: nextag cookie
4:00 AM: Quarantining All Traces: oinadserve cookie
4:00 AM: Quarantining All Traces: partypoker cookie
4:00 AM: Quarantining All Traces: redzip cookie
4:00 AM: Quarantining All Traces: socalcoeds.com cookie
4:00 AM: Quarantining All Traces: toplist cookie
4:00 AM: Quarantining All Traces: videodome cookie
4:00 AM: Quarantining All Traces: webpower cookie
4:00 AM: Quarantining All Traces: websponsors cookie
4:00 AM: Quarantining All Traces: xiti cookie
4:00 AM: Quarantining All Traces: surfsidekick
4:00 AM: Removal process completed. Elapsed time 00:00:26
********
3:14 AM: | Start of Session, Wednesday, March 08, 2006 |
3:14 AM: Spy Sweeper started
3:14 AM: Sweep initiated using definitions version 625
3:14 AM: Found Adware: surfsidekick
3:14 AM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\inprocserver32\ (2 subtraces) (ID = 1055337)
3:14 AM: SskBho.dll (ID = 1055337)
3:14 AM: Starting Memory Sweep
3:16 AM: Sweep Canceled
3:16 AM: Memory Sweep Complete, Elapsed Time: 00:01:58
3:16 AM: Traces Found: 4
3:16 AM: Removal process initiated
3:16 AM: Quarantining All Traces: surfsidekick
3:16 AM: surfsidekick is in use. It will be removed on reboot.
3:16 AM: SskBho.dll is in use. It will be removed on reboot.
3:16 AM: Preparing to restart your computer. Please wait...
3:16 AM: Removal process completed. Elapsed time 00:00:05
********
3:13 AM: | Start of Session, Wednesday, March 08, 2006 |
3:13 AM: Spy Sweeper started
3:14 AM: Your spyware definitions have been updated.
3:14 AM: | End of Session, Wednesday, March 08, 2006 |



-------------------------
Logfile of HijackThis v1.99.1
Scan saved at 4:03:49 AM, on 3/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\system32\wdc1n.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - AppInit_DLLs: repairs303169536.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 08 March 2006 - 06:10 PM

Please download Asquared from the link below.

http://www.emsisoft....tware/download/

Safe it to your desktop. Next open and check for updates.

Boot to safe mode (tap f8 while bios loads)

Then scan your system (this will take some time) after the scan is compelte allow it to fix what it has found. If there is something that it can not clean please let me know what it was.

Then reboot and post a new hijackthis log.

#9 SAR

SAR

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 09 March 2006 - 05:15 PM

Asquared did not indicate there was anything it couldn't get rid of, but things popped up on restart that they were possible malware or other problems. One was c:\windows\system32\HPZinw12.exe.
Also, should I be deleting any of these multiple anti-spyware programs from the computer. Lots of info is popping up from them and I don't want to do anything that I'm not supposed to!
Thanks so much for all your help!



Logfile of HijackThis v1.99.1
Scan saved at 3:05:40 PM, on 3/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\system32\wdc1n.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - AppInit_DLLs: repairs303169536.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 09 March 2006 - 08:17 PM

Lets leave them all for now as there is cleaning still to be done.

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

    Advertisements

Register to Remove


#11 SAR

SAR

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 10 March 2006 - 04:50 PM

L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "sv1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt" "{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess" "{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension" "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension" "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration" "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ s32evnt1.dll Tue Jan 31 2006 2:35:34p A.... 91,904 89.75 K sporder.dll Thu Mar 2 2006 8:01:18p A.... 8,464 8.27 K wrlogo~1.dll Wed Jan 25 2006 11:06:02a A.... 492,544 481.00 K wrlzma.dll Wed Jan 25 2006 11:05:58a A.... 17,920 17.50 K 4 items found: 4 files, 0 directories. Total of file sizes: 610,832 bytes 596.52 K Locate .tmp files: C:\WINDOWS\SYSTEM32\ atmtdd~1.tmp Sun Mar 5 2006 9:06:54a A.... 0 0.00 K 1 item found: 1 file, 0 directories. Total of file sizes: 0 bytes 0.00 K ********************************************************************************** Directory Listing of system files: Volume in drive C has no label. Volume Serial Number is 23EF-25C6 Directory of C:\WINDOWS\System32 03/10/2006 02:45 PM <DIR> .. 03/10/2006 02:45 PM <DIR> . 03/05/2006 08:55 AM <DIR> dllcache 10/04/2005 04:06 PM <DIR> Microsoft 12/07/1999 05:00 AM 977,680 vfpodbc.dll 04/24/1998 12:00 AM 203,641 Drvvfp.hlp 04/24/1998 12:00 AM 5,446 Drvvfp.cnt 3 File(s) 1,186,767 bytes 4 Dir(s) 22,988,271,616 bytes free

#12 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 10 March 2006 - 06:50 PM

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!!
If after the reboot the log does not open double click on it in the l2mfix folder.

#13 SAR

SAR

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 10 March 2006 - 07:35 PM

L2mfix 010406
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (140 bytes security) (deflated 79%)
Logfile of HijackThis v1.99.1
Scan saved at 5:32:23 PM, on 3/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\a-squared\a2guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\system32\wdc1n.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - AppInit_DLLs: repairs303169536.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#14 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 11 March 2006 - 11:11 AM

Scan with hijackthis and put a check beside these lines and choose FIX'

R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\system32\wdc1n.dll (file missing)
O20 - AppInit_DLLs: repairs303169536.dll

Next download adaware SE from here >>>> http://www.lavasoftu...ftware/adaware/

Then download the VX2 Cleaner and install it. It is on the same page to the righ.

Boot to safe mode and run the vx2 cleaner then do a scan with adaware se. Reboot and scan with the vx2 cleaner again and adaware se.

Then reboot and post a new hijackthis log please.

#15 SAR

SAR

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 11 March 2006 - 05:04 PM

When doing the first hijack this "fix" job it said that there was an "unexpected error", Error #5.

Logfile of HijackThis v1.99.1
Scan saved at 2:57:48 PM, on 3/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users