WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HijackThis Log - Help Please

Started by Jerry B , May 13 2006 02:43 PM

This topic is locked

12 replies to this topic

#1 Jerry B

New Member

New Member
6 posts

Posted 13 May 2006 - 02:43 PM

Logfile of HijackThis v1.99.1
Scan saved at 21:28:26, on 13/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\winsrv32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\My Downloads\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.bo-selecta.net
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=www.bo-selecta.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117652664723
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Advertisements

Register to Remove

#2 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 15 May 2006 - 05:51 PM

Hello and welcome to TomCoyote forum. If you still need help, follow these instructions.

1) HJT.exe needs a folder to store logs and backups for safety. You called this folder MyDownloads. That is fine as long as you store nothing but HJT related in that folder. A better location would be: C:\HJT\HijackThis.exe.

2) Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

3) ewido scan:
Please download Ewido Security Suite it is a trial version of the program.

Install ewido security suite
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:

Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.**
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\system32\susp.exe >>> file

C:\WINDOWS\system32\runsrv32.exe >>> file

C:\WINDOWS\system32\winsrv32.exe >>> file

C:\Program Files\PartyPoker\ >>> folder (delete if there)

C:\Windows\Prefetch\ >>> delete the contents (NOT THE FOLDER)
Prefetch info: http://www.windowsne...refetch-XP.html

5) Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp
Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.

restart the computer and post the ewido scan results, a new HJT log and any comments you think will help.

Thanks...pskelley
TomCoyote forum
Expert Member

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#3 Jerry B

New Member

New Member
6 posts

Posted 16 May 2006 - 04:26 AM

PSKelly - Thank you for your reply, I have followed your instructions with the following comments:-
In My Computer it would not let me change any of the settings under the Hidden Files & Folder options etc until after I had performed the rest of the functions on your list and restarted, then I went back and it allowed me to.
I could not delete C:\windows\system32\winsrv32.exe - as it was protected or in use
On the ewido scan I chose to take no action at all times as I was unsure what I was doing and didn't want to cause any problems.

I have attached the ewido report and a new HJT log, the PC does not now appear to be hijacked for example I am not getting security threat messages anymore that divert me to the Antispylab web page, also I have control back over my browser and I have been able to reset the default page back to google from the hijacked page.

Therefore thanks very much for your help, if you think I need to take any further action after reviewing the info below I would appreciate your thoughts.

Jerry

Logfile of HijackThis v1.99.1
Scan saved at 11:13:07, on 16/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.bo-selecta.net
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll (file missing)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=www.bo-selecta.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117652664723
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

ewido scan results

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:48:57, 16/05/2006
+ Report-Checksum: 962DC00D

+ Scan result:

HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Ignored
HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Ignored
HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Ignored
HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Ignored
HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Ignored
HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Ignored
HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Ignored
HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Ignored
HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Ignored
HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Ignored
HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Ignored
HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Ignored
HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Ignored
HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Ignored
HKU\S-1-5-21-2025429265-1085031214-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Ignored
[4084] C:\WINDOWS\system32\winsrv32.exe -> Downloader.Adload.aq : Ignored
[3428] C:\WINDOWS\system32\winapi32.dll -> Downloader.VB.aan : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@112.2o7[2].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@advertising[1].txt -> TrackingCookie.Advertising : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@adviva[1].txt -> TrackingCookie.Adviva : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@burstnet[1].txt -> TrackingCookie.Burstnet : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@com[1].txt -> TrackingCookie.Com : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@data4.perf.overture[2].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wfk4siczkbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wfkiaiczmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wfkiumazmaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wflikmdjwbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wfliqhcpsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wfliqlc5kfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wflokldpseq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wflokoc5oap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wflowmdjgao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wfmiand5cfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wfmiukc5eho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wgkyanazkbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wgkysiazcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wjk4oicjcfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wjk4ugc5sfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wjkookcjafq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wjkykpdzmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wjkyqmczaeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wjliskd5ehq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wjlisod5sbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wjlyancpsho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wjlyehdpolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@e-2dj6wjnyolc5agq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@millenniumhotels.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@paycounter[1].txt -> TrackingCookie.Paycounter : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@propertyfinderltd.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@sexlist[2].txt -> TrackingCookie.Sexlist : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@sextracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Ignored
C:\Documents and Settings\Karen\Cookies\karen@112.2o7[2].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Karen\Cookies\karen@122.2o7[2].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Karen\Cookies\karen@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignored
C:\Documents and Settings\Karen\Cookies\karen@2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Karen\Cookies\karen@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Karen\Cookies\karen@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored
C:\Documents and Settings\Karen\Cookies\karen@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored
C:\Documents and Settings\Karen\Cookies\karen@adtech[2].txt -> TrackingCookie.Adtech : Ignored
C:\Documents and Settings\Karen\Cookies\karen@advertising[1].txt -> TrackingCookie.Advertising : Ignored
C:\Documents and Settings\Karen\Cookies\karen@adviva[2].txt -> TrackingCookie.Adviva : Ignored
C:\Documents and Settings\Karen\Cookies\karen@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Karen\Cookies\karen@bfast[1].txt -> TrackingCookie.Bfast : Ignored
C:\Documents and Settings\Karen\Cookies\karen@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignored
C:\Documents and Settings\Karen\Cookies\karen@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored
C:\Documents and Settings\Karen\Cookies\karen@burstnet[2].txt -> TrackingCookie.Burstnet : Ignored
C:\Documents and Settings\Karen\Cookies\karen@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Karen\Cookies\karen@com[2].txt -> TrackingCookie.Com : Ignored
C:\Documents and Settings\Karen\Cookies\karen@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Ignored
C:\Documents and Settings\Karen\Cookies\karen@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Ignored
C:\Documents and Settings\Karen\Cookies\karen@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignored
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjkykod5kbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored
C:\Documents and Settings\Karen\Cookies\karen@edge.ru4[2].txt -> TrackingCookie.Ru4 : Ignored
C:\Documents and Settings\Karen\Cookies\karen@ehg-autotrader.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Karen\Cookies\karen@ehg-capitalgroup.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Karen\Cookies\karen@ehg-holidaybreak.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Karen\Cookies\karen@ehg-penguingroupusa.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Karen\Cookies\karen@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored
C:\Documents and Settings\Karen\Cookies\karen@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Karen\Cookies\karen@hypertracker[1].txt -> TrackingCookie.Hypertracker : Ignored
C:\Documents and Settings\Karen\Cookies\karen@linksynergy[2].txt -> TrackingCookie.Linksynergy : Ignored
C:\Documents and Settings\Karen\Cookies\karen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored
C:\Documents and Settings\Karen\Cookies\karen@overture[1].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Karen\Cookies\karen@perf.overture[1].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Karen\Cookies\karen@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Karen\Cookies\karen@pro-market[2].txt -> TrackingCookie.Pro-market : Ignored
C:\Documents and Settings\Karen\Cookies\karen@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored
C:\Documents and Settings\Karen\Cookies\karen@redcatsuk.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Karen\Cookies\karen@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Ignored
C:\Documents and Settings\Karen\Cookies\karen@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored
C:\Documents and Settings\Karen\Cookies\karen@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored
C:\Documents and Settings\Karen\Cookies\karen@statcounter[2].txt -> TrackingCookie.Statcounter : Ignored
C:\Documents and Settings\Karen\Cookies\karen@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored
C:\Documents and Settings\Karen\Cookies\karen@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored
C:\Documents and Settings\Karen\Cookies\karen@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignored
C:\Documents and Settings\Karen\Cookies\karen@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored
C:\Documents and Settings\Karen\Cookies\karen@valueclick[1].txt -> TrackingCookie.Valueclick : Ignored
C:\Documents and Settings\Karen\Cookies\karen@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Ignored
C:\Documents and Settings\Karen\Cookies\karen@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignored
C:\Documents and Settings\Karen\Cookies\karen@z1.adserver[1].txt -> TrackingCookie.Adserver : Ignored
C:\WINDOWS\system32\fzgbpstf.exe -> Trojan.Small : Ignored
C:\WINDOWS\system32\jrhwtxvk.vgk -> Trojan.Agent.qe : Ignored
C:\WINDOWS\system32\lnikwwre.exe -> Downloader.VB.aan : Ignored
C:\WINDOWS\system32\lpyixlck.exe -> Trojan.Small : Ignored
C:\WINDOWS\system32\phqghume.exe -> Trojan.Small : Ignored
C:\WINDOWS\system32\repigsp.exe -> Not-A-Virus.Hoax.Win32.VB.l : Ignored
C:\WINDOWS\system32\voblaizdupla.exe -> Downloader.Small.ciw : Ignored
C:\WINDOWS\system32\winapi32.dll -> Downloader.VB.aan : Ignored
C:\WINDOWS\system32\winbl32.dll -> Not-A-Virus.Hoax.Win32.VB.l : Ignored
C:\WINDOWS\system32\winsrv32.exe -> Downloader.Adload.aq : Ignored
C:\WINDOWS\system32\zhopaizdupla.exe -> Trojan.Small : Ignored
E:\Documents and Settings\Administrator\Cookies\administrator@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Ignored
E:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored
E:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored
E:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored
E:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt -> TrackingCookie.Valueclick : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@2o7[1].txt -> TrackingCookie.2o7 : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@ad-logics[1].txt -> TrackingCookie.Ad-logics : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@adtech[2].txt -> TrackingCookie.Adtech : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@advertising[2].txt -> TrackingCookie.Advertising : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@adviva[2].txt -> TrackingCookie.Adviva : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@as1.falkag[1].txt -> TrackingCookie.Falkag : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@c.porngraph[2].txt -> TrackingCookie.Porngraph : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@c2.zedo[1].txt -> TrackingCookie.Zedo : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@counter13.sextracker[2].txt -> TrackingCookie.Sextracker : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@ehg-allergybuyersclub.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@ehg-autotrader.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@ehg-harleymed.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@ehg-ladbrokes.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@ehg-marshalls.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@ehg-onlinetravelgroup.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@ehg-systemax.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@linksynergy[1].txt -> TrackingCookie.Linksynergy : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@overture[2].txt -> TrackingCookie.Overture : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@paycounter[1].txt -> TrackingCookie.Paycounter : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@qksrv[2].txt -> TrackingCookie.Qksrv : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@servedby.advertising[2].txt -> TrackingCookie.Advertising : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@sexlist[1].txt -> TrackingCookie.Sexlist : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@sextracker[2].txt -> TrackingCookie.Sextracker : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@statcounter[2].txt -> TrackingCookie.Statcounter : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@valueclick[1].txt -> TrackingCookie.Valueclick : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Ignored
E:\Documents and Settings\Jerry\Cookies\jerry@zedo[1].txt -> TrackingCookie.Zedo : Ignored
E:\Documents and Settings\Jerry\Local Settings\Temp\upd1D.tmp/ME.dll -> Adware.MediaPops : Ignored
E:\Documents and Settings\Jerry\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@2o7[1].txt -> TrackingCookie.2o7 : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ad-logics[1].txt -> TrackingCookie.Ad-logics : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ads.lop[1].txt -> TrackingCookie.Lop : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ads.specificpop[2].txt -> TrackingCookie.Specificpop : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ads.x10[2].txt -> TrackingCookie.X10 : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ads20.bpath[2].txt -> TrackingCookie.Bpath : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@adtech[1].txt -> TrackingCookie.Adtech : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@advertising[1].txt -> TrackingCookie.Advertising : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@adviva[2].txt -> TrackingCookie.Adviva : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@as-us.falkag[1].txt -> TrackingCookie.Falkag : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@as1.falkag[2].txt -> TrackingCookie.Falkag : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@bfast[2].txt -> TrackingCookie.Bfast : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@bins.lop[1].txt -> TrackingCookie.Lop : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@burstnet[1].txt -> TrackingCookie.Burstnet : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@c.porngraph[2].txt -> TrackingCookie.Porngraph : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@casinotropez[1].txt -> TrackingCookie.Casinotropez : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@centrport[2].txt -> TrackingCookie.Centrport : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@commission-junction[1].txt -> TrackingCookie.Commission-junction : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@com[2].txt -> TrackingCookie.Com : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@edge.ru4[1].txt -> TrackingCookie.Ru4 : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ehg-holidaybreak.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ehg-ladbrokes.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ehg-littlewoods.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ehg-tickleinc.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@euniverseads[2].txt -> TrackingCookie.Euniverseads : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@internetfuel[2].txt -> TrackingCookie.Internetfuel : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@overture[2].txt -> TrackingCookie.Overture : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@perf.overture[1].txt -> TrackingCookie.Overture : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@qksrv[1].txt -> TrackingCookie.Qksrv : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@servedby.advertising[2].txt -> TrackingCookie.Advertising : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@spylog[1].txt -> TrackingCookie.Spylog : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@starware[2].txt -> TrackingCookie.Starware : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@trafficmp[2].txt -> TrackingCookie.Trafficmp : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@valueclick[2].txt -> TrackingCookie.Valueclick : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@weborama[2].txt -> TrackingCookie.Weborama : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@webstat[1].txt -> TrackingCookie.Web-stat : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@www.res99[1].txt -> TrackingCookie.Res99 : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@www.web-stat[2].txt -> TrackingCookie.Web-stat : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@z1.adserver[2].txt -> TrackingCookie.Adserver : Ignored
E:\Documents and Settings\Jerry's bird\Cookies\jerry's bird@zedo[1].txt -> TrackingCookie.Zedo : Ignored
E:\Program Files\Kazaa\PerfectNavUninstall.exe -> Downloader.Keenval.e : Ignored
E:\WINDOWS\Downloaded Program Files\d_kondr.exe -> Trojan.Dialer.ce : Ignored
E:\WINDOWS\NDNuninstall4_50.exe -> Adware.NewDotNet : Ignored
E:\WINDOWS\NDNuninstall4_80.exe -> Adware.NewDotNet : Ignored
E:\WINDOWS\NDNuninstall4_88.exe -> Adware.NewDotNet : Ignored
E:\WINDOWS\NDNuninstall4_94.exe -> Adware.NewDotNet : Ignored
E:\WINDOWS\NDNuninstall5_20.exe -> Adware.NewDotNet : Ignored
E:\WINDOWS\NDNuninstall5_40.exe -> Adware.NewDotNet : Ignored
E:\WINDOWS\NDNuninstall5_48.exe -> Adware.NewDotNet : Ignored
E:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Ignored
E:\WINDOWS\Temp\Altnet\dmfiles.cab/AltnetUninstall.exe -> Adware.Altnet : Ignored
E:\WINDOWS\Temp\Altnet\pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Ignored
E:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Ignored
E:\WINDOWS\Temp\Brilliant\b3d3200package.cab/bdedetect1.dll -> Adware.BrilliantDigital : Ignored
C:\Documents and Settings\Jerry\Cookies\jerry@counter3.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup

::Report End

#4 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 16 May 2006 - 06:14 AM

OK Jerry, thanks for the feedback, we have failed completely to this point

Let's talk about it.

1) This is the instructions from ewido:

If ewido detects a file you KNOW to be legitimate, select none as the action.

You have ignored almost everything and I have to think you do not believe those are all good. I am here to tell you that everything ewido located is BAD. We will run ewido in safe mode, please delete what it finds.

2) This is your computer I assume and you are aware this item is bad: C:\WINDOWS\system32\winsrv32.exe >>> file Read about it in the link if you need to.
http://www.liutiliti...brary/winsrv32/

3) Hidden Files and folders: Here are the instructions straight from Microsoft:
http://www.microsoft...iddenfiles.mspx
The bad guys hid the stuff and you must do this to see it.

4) Use these instructions to start your computer in safe mode:
http://www.bleepingc...tutorial61.html

5) Once in safe mode, open ewido and do a complete system scan, remove anything it locates, it does make a backup. Make sure you save that scan report I must see it. Before you post it, I would appreciate it if you would edit out all lines like this only: TrackingCookie. I have already seen them once.

(so you will know, all of these items are bad. You are to put a check in the box in front of each item, when you have all items checked and most are clutter, then you must click on the FIX CHECKED button. These items should not be in the next log you post for me)

6) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll (file missing)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe

Close anything that is open except HJT then click on "Fix Checked"

Now I want you to locate and open the C:\WINDOWS\system32\ folder, then locate and delete (right click, choose delete and ok any prompt)

C:\WINDOWS\system32\susp.exe >>> file

C:\WINDOWS\system32\runsrv32.exe >>> file (this one was running in the recent HJT log so I know it is there)

C:\WINDOWS\system32\winsrv32.exe >>> file

Please check carefully, your computer will not be clean while that junk is still on it.

Empty the recycle bin and restart your computer to normal mode. Post the ewido scan results and a new HJT log.

Thanks...

Edited by pskelley, 16 May 2006 - 06:19 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#5 Jerry B

New Member

New Member
6 posts

Posted 18 May 2006 - 04:12 AM

PSKelly, thanks for your patience, as you can probably tell I am a novice to this sort of thing.

I have done what you said (hopefully) and posted the Ewido scan and HJT log below, my only comments are that in system32 folder I only found runsrv32.exe (and deleted it) the other 2 files were not there. (susp.exe and winsrv32.exe).

Ewido Results (Tracking Cookies removed)

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 08:52:34, 18/05/2006
+ Report-Checksum: BACBE22C

+ Scan result: (TRACKING COOKIE LINES DELETED)

HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Cleaned with backup
HKU\S-1-5-21-2025429265-1085031214-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup

C:\HJT\backups\backup-20060516-105249-178.dll -> Downloader.VB.aan : Cleaned with backup
C:\WINDOWS\system32\fzgbpstf.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\jrhwtxvk.vgk -> Trojan.Agent.qe : Cleaned with backup
C:\WINDOWS\system32\lnikwwre.exe -> Downloader.VB.aan : Cleaned with backup
C:\WINDOWS\system32\lpyixlck.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\phqghume.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\repigsp.exe -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup
C:\WINDOWS\system32\voblaizdupla.exe -> Downloader.Small.ciw : Cleaned with backup
C:\WINDOWS\system32\winbl32.dll -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup
C:\WINDOWS\system32\zhopaizdupla.exe -> Trojan.Small : Cleaned with backup
E:\Documents and Settings\Jerry\Local Settings\Temp\upd1D.tmp/ME.dll -> Adware.MediaPops : Error during cleaning
E:\Documents and Settings\Jerry\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup
E:\Program Files\Kazaa\PerfectNavUninstall.exe -> Downloader.Keenval.e : Cleaned with backup
E:\WINDOWS\Downloaded Program Files\d_kondr.exe -> Trojan.Dialer.ce : Cleaned with backup
E:\WINDOWS\NDNuninstall4_50.exe -> Adware.NewDotNet : Cleaned with backup
E:\WINDOWS\NDNuninstall4_80.exe -> Adware.NewDotNet : Cleaned with backup
E:\WINDOWS\NDNuninstall4_88.exe -> Adware.NewDotNet : Cleaned with backup
E:\WINDOWS\NDNuninstall4_94.exe -> Adware.NewDotNet : Cleaned with backup
E:\WINDOWS\NDNuninstall5_20.exe -> Adware.NewDotNet : Cleaned with backup
E:\WINDOWS\NDNuninstall5_40.exe -> Adware.NewDotNet : Cleaned with backup
E:\WINDOWS\NDNuninstall5_48.exe -> Adware.NewDotNet : Cleaned with backup
E:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup
E:\WINDOWS\Temp\Altnet\dmfiles.cab/AltnetUninstall.exe -> Adware.Altnet : Error during cleaning
E:\WINDOWS\Temp\Altnet\pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Error during cleaning
E:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup
E:\WINDOWS\Temp\Brilliant\b3d3200package.cab/bdedetect1.dll -> Adware.BrilliantDigital : Error during cleaning

::Report End

New HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 11:08:13, on 18/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.bo-selecta.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=www.bo-selecta.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117652664723
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Again, Many thanks

Jerry

#6 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 18 May 2006 - 05:23 AM

Hello Jerry, we all had to start learning at some point and I am just sorry it is malware that caused you these problems. We are making progress now, I will know more when I review the information. I can see ewido was unable to clean several items and we will need to address those before we are done.

The HJT log appears clean of malware, good job :thumbup:

Let's look at the items we have left:

E:\WINDOWS\Temp\Altnet\dmfiles.cab/AltnetUninstall.exe
E:\WINDOWS\Temp\Altnet\pmfiles.cab/sysdetect.dll
E:\WINDOWS\Temp\Brilliant\b3d3200package.cab/bdedetect1.dll

Try this first, you may need safe mode if windows will not let you delete this stuff, here is the link in case you do: http://www.bleepingc...tutorial61.html

What I want you to do is navigate to that C:\Windows\Temp\ <<< folder I have highlited in red. Open that folder and delete everything in it. If it is easier, you can click on Edit and then Select all. This will highlite everything, then hit the delete key on your keyboard, OK any requests. Now empty the Recycle Bin and restart the computer and post for me:
1) A new ewido scan results
2) A last HJT log for a final check
3) Tell me how the computer is running now.

I will give you this information and you can review it and act on what you need to as soon as possible.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html
http://cybercoyote.o...not-admin.shtml

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.syma...src=sec_doc_nam

Thanks...Phil

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#7 Jerry B

New Member

New Member
6 posts

Posted 18 May 2006 - 01:10 PM

Thanks Phil, Before I do anything can I just check one thing, the 3 files that Ewido was unable to clean were in E:\windows\temp/....., you are telling me to clear out all files from C:\windows\temp... please confirm. (sorry if this is a stupid question) For your info my E: is the old hard disk recovered from my last PC that fried itself, it still has all the windows and other program files on it, I only use it as a back-up data store for my new drive and a resource for my old files. I assume it would be best to delete all files other than the actual files I use? Regards Jerry

#8 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 18 May 2006 - 01:24 PM

Hi Jerry, by their nature all Temporary and Temporary Internet Files are designed to be just what it says, Temporary. Now if you have created a new storage area and called it E:\windows\temp\ and stored stuff in there, I would have no way of knowing that. But you are right, I did mean to say E:\Windows\Temp Since you have created this new storeage area, perhaps you know then how the three items got in there that ewido is picking up. I would have to suggest that, since I have no idea what you have stored in this >>> E:\WINDOWS\Temp\ folder, that you delete only these items:

E:\WINDOWS\Temp\Altnet\dmfiles.cab/AltnetUninstall.exe
E:\WINDOWS\Temp\Altnet\pmfiles.cab/sysdetect.dll
E:\WINDOWS\Temp\Brilliant\b3d3200package.cab/bdedetect1.dll

Thanks

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#9 Jerry B

New Member

New Member
6 posts

Posted 18 May 2006 - 03:22 PM

Phil,

Thanks for your continued support, There is no Ewido report to show you as it found didn't find anything - which must be a good thing.

HJT Log below.

PC is running better than ever - Thanks again

Let me know if there is any further action you suggest.

Jerry

Logfile of HijackThis v1.99.1
Scan saved at 22:15:21, on 18/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.bo-selecta.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=www.bo-selecta.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117652664723
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

#10 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 18 May 2006 - 03:45 PM

Hi Jerry, You are certainly welcome, your thanks is what I work for

If ewido finds nothing and your computer is running better, then I would say you are good to go. Make sure your purge those System Restore files, and review the links I provided. Those folks are some of the very best in the malware removal business. Here are a few links that may be helpful:
http://www.microsoft...s/IEtopten.mspx
http://vlaurie.com/c...s/runbetter.htm
http://www.linkgrind...rs_article.html
http://www.techbuild...ecipes/59201471

Safe surfing...Phil :wavey:

TomCoyote forum
Expert Member
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#11 Jerry B

New Member

New Member
6 posts

Posted 19 May 2006 - 05:19 AM

Thanks Phil, I have just disabled system restore, re-booted then re-enabled it, does that then automatically create a new restore point from now or do I have to do anything else to create a new restore point? Jerry

#12 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 19 May 2006 - 06:08 AM

Hi Jerry, Once you disable System Restore, restart the computer then enabled it again, all old restore points are gone and the backup that is created is of the system in the condition it is in at that moment (clean according to the tools we are using). Let me provide you with some information about System Restore that will help you learn about it and how it helps you.

http://www.microsoft...n/faqsrwxp.mspx

http://www.kellys-ko.../xp_restore.htm

http://filext.com/in...thread.php?t=27

Hope this answers your questions.

Have a great day...Phil

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#13 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 21 May 2006 - 12:14 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Body Background

skin color theme