Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

hijack log for sick pc

Started by rambozo , Apr 29 2006 10:14 AM

  • This topic is locked This topic is locked
8 replies to this topic

#1 rambozo

rambozo

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 29 April 2006 - 10:14 AM

I havent been here before so go esy on me. I have a very ill pc that has startup issues and some lockup issues as well. Log follows. Thanks


Logfile of HijackThis v1.99.1
Scan saved at 10:44:58 AM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\System32\awvvt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mkls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mkls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mkls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mkls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mkls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mkls.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100350197592
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_0_2_7.cab
O20 - Winlogon Notify: awvvt - C:\WINDOWS\System32\awvvt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    Advertisements

Register to Remove

#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 29 April 2006 - 11:11 PM

Hi and welcome to the forum.

First click here>>> http://cexx.org/lspfix.htm to download LSPFix. Extract the program from the zip file and run it, make sure you click the "I know what I'm doing" button. Select mkls.dll and using the right-pointing 'arrows' and move all instances of mkls.dll it mentions to the Remove (RHS) side but leave everything else (it might already be over there when you open LSPFix). Click the 'Finished' button (if you exit with the X at top right nothing happens).


REBOOT to complete the task.

Please download VundoFix.exe from here:

http://www.atribune..../click.php?id=4

and save it to your desktop


Double-click VundoFix.exe to run it.

Checkmark the box "Run Vundo as task"

You will receive a message saying vundofix will close and re-open in a minute or less. Click OK

When VundoFix re-opens, click the Scan for Vundo button

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will shutdown your computer, click OK.

Turn your computer back on.

NEXT

Please download the trial version of Ewido Security Suite here:

http://www.ewido.net/en/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer please post the contents of C:\vundofix.txt, the Ewido log and a new hijackthis log.

#3 rambozo

rambozo

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 06 May 2006 - 12:48 PM

Sorry it has taken me a while to get back. I did what you said.. there was only one instance of mkls.dll to remove. Afterward encountered a trojan virus that was auto deleted. Then some pop-up scanner stuff. Below is the Vundo, Ewido, and Hijack scans. I did not delete the malicious content in the Ewido scan(wasnt sure if i was supposed to yet).


VundoFix V4.2.73

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Sun Java not detected
Scan started at 10:09:06 AM 5/6/2006

Listing files found while scanning....

C:\WINDOWS\System32\awvvt.dll
C:\WINDOWS\System32\tvvwa.ini
C:\WINDOWS\System32\tvvwa.bak1
C:\WINDOWS\System32\tvvwa.bak2
C:\WINDOWS\System32\tvvwa.ini2
C:\WINDOWS\System32\tvvwa.tmp

C:\WINDOWS\SYSTEM32\tvvwa.bak1
C:\WINDOWS\SYSTEM32\tvvwa.bak2
C:\WINDOWS\SYSTEM32\tvvwa.tmp
C:\WINDOWS\SYSTEM32\tvvwa.ini
C:\WINDOWS\SYSTEM32\tvvwa.ini2
C:\WINDOWS\SYSTEM32\awvvt.dll
C:\WINDOWS\SYSTEM32\tvvwa.ini2
C:\WINDOWS\SYSTEM32\tvvwa.bak2
C:\WINDOWS\SYSTEM32\tvvwa.tmp
C:\WINDOWS\SYSTEM32\tvvwa.ini
C:\WINDOWS\SYSTEM32\tvvwa.ini2
C:\WINDOWS\SYSTEM32\awvvt.dll
Attempting to delete C:\WINDOWS\System32\awvvt.dll
C:\WINDOWS\System32\awvvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\tvvwa.ini
C:\WINDOWS\System32\tvvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\tvvwa.bak1
C:\WINDOWS\System32\tvvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\tvvwa.bak2
C:\WINDOWS\System32\tvvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\tvvwa.ini2
C:\WINDOWS\System32\tvvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\tvvwa.tmp
C:\WINDOWS\System32\tvvwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:44:49 AM, 5/6/2006
+ Report-Checksum: F49D5D25

+ Scan result:

HKU\S-1-5-21-1690843657-4282951562-813958858-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE70731D-F28D-4D81-9D61-C8EE60378401} -> Adware.Virtumonde : Ignored
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Atdmt : Ignored
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Hitbox : Ignored
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Hitbox : Ignored
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Hitbox : Ignored
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Com : Ignored
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Specificclick : Ignored
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Ignored
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : Ignored
C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Ignored
C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt -> TrackingCookie.Clickbank : Ignored
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> TrackingCookie.Com : Ignored
C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[2].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4aidzsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4ghc5shp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkieidjclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkioodzceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkygnajwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4ahcpeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4ggazkco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliaodzweo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflickcjidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflikmd5ggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflocjazmap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfloendpmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiojajskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmyepd5whp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkosld5mhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkycnd5mdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgliglcpifo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wglikgcpkbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgmigpdjedo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgmisiczigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4gpdzklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4koazklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4wpajefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoeidzwdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkogld5igq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoondjgfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkouhczmgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkowkdpolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkychazgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyehdzoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkykoajmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyulajibo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4slcpoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4ujajabp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlicpczafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlisgcjalp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloojajsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlygidjcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlygndpmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlykmdjshq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyojd5kfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyqgajcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiagdpgcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiahdzmko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmikhc5mlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1gajic.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1gd5ae.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1sdjgh.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyahcpmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyapc5seq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyejcpicp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygidpsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyokazoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqodpcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnysidjkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyuodzckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnywgazsbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnywmd5chq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnywpd5kfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : Ignored
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignored
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjliqodjgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1003\Dc6.txt -> TrackingCookie.Com : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc10.txt -> TrackingCookie.Advertising : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc100.txt -> TrackingCookie.Paycounter : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc102.txt -> TrackingCookie.Pointroll : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc114.txt -> TrackingCookie.Mediaplex : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc115.txt -> TrackingCookie.Revenue : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc124.txt -> TrackingCookie.Hitbox : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc126.txt -> TrackingCookie.Gator : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc129.txt -> TrackingCookie.Hitbox : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc131.txt -> TrackingCookie.Fastclick : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc132.txt -> TrackingCookie.Fastclick : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc134.txt -> TrackingCookie.Hitbox : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc138.txt -> TrackingCookie.Hitbox : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc139.txt -> TrackingCookie.Hitbox : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc140.txt -> TrackingCookie.Hitbox : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc141.txt -> TrackingCookie.Hitbox : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc142.txt -> TrackingCookie.Doubleclick : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc145.txt -> TrackingCookie.Coremetrics : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc15.txt -> TrackingCookie.Bridgetrack : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc152.txt -> TrackingCookie.Centrport : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc154.txt -> TrackingCookie.Bridgetrack : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc160.txt -> TrackingCookie.Specificpop : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc164.txt -> TrackingCookie.Advertising : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc165.txt -> TrackingCookie.Atdmt : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc171.txt -> TrackingCookie.2o7 : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc172.txt -> TrackingCookie.Advertising : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc173.txt -> TrackingCookie.2o7 : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc178.txt -> TrackingCookie.Mediaplex : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc183.txt -> TrackingCookie.Advertising : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc186.txt -> TrackingCookie.X10 : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc188.txt -> TrackingCookie.Pointroll : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc191.txt -> TrackingCookie.Findwhat : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc193.txt -> TrackingCookie.Bfast : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc194.txt -> TrackingCookie.Qksrv : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc203.txt -> TrackingCookie.Doubleclick : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc205.txt -> TrackingCookie.X10 : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc210.txt -> TrackingCookie.Centrport : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc22.txt -> TrackingCookie.Atdmt : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc241.txt -> TrackingCookie.Zedo : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc248.txt -> TrackingCookie.Hitbox : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc249.txt -> TrackingCookie.Hitbox : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc252.txt -> TrackingCookie.Atdmt : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc264.txt -> TrackingCookie.2o7 : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc268.txt -> TrackingCookie.Pointroll : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc270.txt -> TrackingCookie.Valueclick : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc272.txt -> TrackingCookie.Advertising : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc274.txt -> TrackingCookie.Ru4 : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc277.txt -> TrackingCookie.Questionmarket : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc279.txt -> TrackingCookie.Liveperson : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc281.txt -> TrackingCookie.Bluestreak : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc283.txt -> TrackingCookie.Hitslink : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc293.txt -> TrackingCookie.Gator : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc299.txt -> TrackingCookie.Advertising : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc300.txt -> TrackingCookie.Bridgetrack : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc312.txt -> TrackingCookie.Coremetrics : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc316.txt -> TrackingCookie.Mediaplex : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc34.txt -> TrackingCookie.Advertising : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc4.txt -> TrackingCookie.Bridgetrack : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc58.txt -> TrackingCookie.Commission-junction : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc7.txt -> TrackingCookie.Pointroll : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc74.txt -> TrackingCookie.Trafficmp : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc79.txt -> TrackingCookie.Webtrendslive : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc8.txt -> TrackingCookie.Mediaplex : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc81.txt -> TrackingCookie.Liveperson : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc82.txt -> TrackingCookie.Advertising : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc92.txt -> TrackingCookie.Revenue : Ignored
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc97.txt -> TrackingCookie.Questionmarket : Ignored
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP982\A0096914.dll -> Downloader.ConHook.q : Ignored
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll -> Adware.Yahoo : Ignored
C:\Documents and Settings\All Users\Documents\AOL Downloads\Kevsc\brenda -> TrackingCookie.Targetnet : Cleaned with backup


::Report End
Logfile of HijackThis v1.99.1
Scan saved at 1:25:55 PM, on 5/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100350197592
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_0_2_7.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Edited by rambozo, 06 May 2006 - 12:56 PM.

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 06 May 2006 - 02:08 PM

Please scan with ewido again in safe mode and allow it to clean what it finds. Post the ewdio log and a new hijackthis log please.

#5 rambozo

rambozo

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 06 May 2006 - 08:48 PM

Okay. I'll try this again. I'm guessing you dont need the vundo again. Thanks for your help.


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:32:04 PM, 5/6/2006
+ Report-Checksum: 1C7E2CC

+ Scan result:

HKU\S-1-5-21-1690843657-4282951562-813958858-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE70731D-F28D-4D81-9D61-C8EE60378401} -> Adware.Virtumonde : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n31y7d3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4aidzsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4ghc5shp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkieidjclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkioodzceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkygnajwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4ahcpeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4ggazkco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliaodzweo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflickcjidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflikmd5ggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflocjazmap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfloendpmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiojajskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmyepd5whp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkosld5mhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkycnd5mdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgliglcpifo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wglikgcpkbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgmigpdjedo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgmisiczigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4gpdzklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4koazklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4wpajefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoeidzwdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkogld5igq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoondjgfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkouhczmgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkowkdpolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkychazgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyehdzoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkykoajmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyulajibo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4slcpoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4ujajabp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlicpczafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlisgcjalp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloojajsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlygidjcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlygndpmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlykmdjshq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyojd5kfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyqgajcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiagdpgcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiahdzmko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmikhc5mlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1gajic.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1gd5ae.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1sdjgh.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyahcpmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyapc5seq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyejcpicp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygidpsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyokazoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqodpcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnysidjkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyuodzckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnywgazsbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnywmd5chq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnywpd5kfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjliqodjgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1003\Dc6.txt -> TrackingCookie.Com : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc10.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc100.txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc102.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc114.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc115.txt -> TrackingCookie.Revenue : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc124.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc126.txt -> TrackingCookie.Gator : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc129.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc131.txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc132.txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc134.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc138.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc139.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc140.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc141.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc142.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc145.txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc15.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc152.txt -> TrackingCookie.Centrport : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc154.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc160.txt -> TrackingCookie.Specificpop : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc164.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc165.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc171.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc172.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc173.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc178.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc183.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc186.txt -> TrackingCookie.X10 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc188.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc191.txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc193.txt -> TrackingCookie.Bfast : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc194.txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc203.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc205.txt -> TrackingCookie.X10 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc210.txt -> TrackingCookie.Centrport : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc22.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc241.txt -> TrackingCookie.Zedo : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc248.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc249.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc252.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc264.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc268.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc270.txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc272.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc274.txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc277.txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc279.txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc281.txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc283.txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc293.txt -> TrackingCookie.Gator : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc299.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc300.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc312.txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc316.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc34.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc4.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc58.txt -> TrackingCookie.Commission-junction : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc7.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc74.txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc79.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc8.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc81.txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc82.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc92.txt -> TrackingCookie.Revenue : Cleaned with backup
C:\RECYCLER\S-1-5-21-1690843657-4282951562-813958858-1006\Dc97.txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP982\A0096914.dll -> Downloader.ConHook.q : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll -> Adware.Yahoo : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 9:40:35 PM, on 5/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100350197592
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_0_2_7.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 06 May 2006 - 08:53 PM

Looks ok how is it running?

#7 rambozo

rambozo

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 07 May 2006 - 11:43 AM

So far, so much better. pc will actually go to standby now and internet explorer seems to be properly loading. Haven't used it enough to see about locking up. Is there anything else that I should be doing? Anything in particular I should be looking for? Got rid of McAfee virus program for Norton (was told Norton was better). Also using Spybot. What is your recommendation? Heard that WildTangent programs were evil, but may still have some on my pc.(havent looked). Are there any programs that I should be deleting or avoid using?

Edited by rambozo, 07 May 2006 - 12:15 PM.

#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 07 May 2006 - 02:29 PM

If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. In my signature below is also a tutorial on how to harden IE, a good read and very helpful to stop these things in the future. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on.

Safe Surfing. :D

#9 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 07 May 2006 - 02:29 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·