WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijack This log

Started by JoH , May 13 2006 02:50 PM

This topic is locked

25 replies to this topic

#1 JoH

New Member

Authentic Member
14 posts

Posted 13 May 2006 - 02:50 PM

My computer has been sending emails to people in my address book. I'm running Windows XP Home, a scan with McAfee says I have no infected files. I download Hijack This and ran it, and am posting the resulting log here. If anyone can help me, I will send you my firstborn.

Logfile of HijackThis v1.99.1
Scan saved at 4:41:32 PM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AdSubtract\adsub.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\xerox\Pagis\Monitor.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pagis Scheduler.lnk = C:\Program Files\xerox\Pagis\Monitor.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...74/mcinsctl.cab
O16 - DPF: {A97608DD-6999-11D5-9C8C-0010A4F2D6BF} (QCOMCont Class) - http://www.quicken.c...01/qcominst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Advertisements

Register to Remove

#2 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 13 May 2006 - 03:38 PM

1. Please download Stinger and save it to your desktop

2. Double-click on the stinger.exe file and open the tool

3. Choose your entire hard drive to scan.

4. Choose Scan Now

5. Stinger will fix anything that it finds

6. Click the File menu and select Save report to file

7. Post the log file results here in this thread.

NEXT

Download the trial version of trojan hunter from the link below. Update it scan your system and allow it to clean what it finds.

http://www.trojanhunter.com/

Let me know if it finds something it can not remove.

NEXT

Please download the trial version of Ewido Security Suite here:

http://www.ewido.net/en/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3 JoH

New Member

Authentic Member
14 posts

Posted 13 May 2006 - 07:07 PM

McAfee AVERT Stinger Version 2.6.0. built on Apr 5 2006 Copyright © 2005 Networks Associates Technology, Inc. All Rights Reserved. Results of Stinger scan Virus data file v1000 created on Feb 2 2006. Ready to scan for 55 viruses, trojans and variants. Scan initiated on Sat May 13 20:14:38 2006 Number of clean files: 238 Scan initiated on Sat May 13 20:15:42 2006 Number of clean files: 926384

#4 JoH

New Member

Authentic Member
14 posts

Posted 13 May 2006 - 07:53 PM

Trojan Hunter found 1 adware file and cleaned it. Will do the Ewido next.

#5 JoH

New Member

Authentic Member
14 posts

Posted 14 May 2006 - 07:08 AM

Here is the new Hijack log. I'm having trouble locating the scan log for Ewido, I noted where it said it was saving it, but can't find the folder. Unless someone can help with this, I'll have to do the scan again and save it where I know I'll find it. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:54:52 AM, on 5/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AdSubtract\adsub.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\xerox\Pagis\Monitor.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pagis Scheduler.lnk = C:\Program Files\xerox\Pagis\Monitor.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...74/mcinsctl.cab
O16 - DPF: {A97608DD-6999-11D5-9C8C-0010A4F2D6BF} (QCOMCont Class) - http://www.quicken.c...01/qcominst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#6 JoH

New Member

Authentic Member
14 posts

Posted 14 May 2006 - 07:30 AM

OK, found it. Here's the Ewido scan report done in safe mode. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 8:30:26 AM, 5/14/2006 + Report-Checksum: EEC6E6DB + Scan result: :mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup :mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup :mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.230:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.231:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.239:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.252:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned with backup :mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned with backup :mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned with backup :mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned with backup :mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\53mm4ocx.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned with backup :mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\53o3cqib.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\53o3cqib.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\53o3cqib.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\53o3cqib.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4eodzoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkicodpcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmisldjifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgmiegc5iep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4shd5okq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkysnczebo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlocmc5mcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1lazsg.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ehg-augpubco.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ehg-nestlepurinapetcare.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@journalregistercompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@sbc.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjk4shd5okq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@journalregistercompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16D.tmp -> TrackingCookie.Bluestreak : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16E.tmp -> TrackingCookie.Burstnet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq171.tmp -> TrackingCookie.Com : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq172.tmp -> TrackingCookie.Coremetrics : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq175.tmp -> TrackingCookie.Hitslink : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq177.tmp -> TrackingCookie.Statcounter : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq187.tmp -> TrackingCookie.Fastclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq189.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18A.tmp -> TrackingCookie.Valueclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18B.tmp -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1FB.tmp -> TrackingCookie.2o7 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1FE.tmp -> TrackingCookie.Advertising : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1FF.tmp -> TrackingCookie.Atdmt : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq200.tmp -> TrackingCookie.Bfast : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq201.tmp -> TrackingCookie.Casalemedia : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq205.tmp -> TrackingCookie.Doubleclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq206.tmp -> TrackingCookie.Ru4 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq207.tmp -> TrackingCookie.Falkag : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq208.tmp -> TrackingCookie.Fastclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq209.tmp -> TrackingCookie.Mediaplex : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20B.tmp -> TrackingCookie.Qksrv : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20D.tmp -> TrackingCookie.Realtracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20E.tmp -> TrackingCookie.Statcounter : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20F.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq210.tmp -> TrackingCookie.Valueclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq211.tmp -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq213.tmp -> TrackingCookie.Adserver : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq214.tmp -> TrackingCookie.Zedo : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C9.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4CF.tmp -> TrackingCookie.Advertising : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D0.tmp -> TrackingCookie.Mediaplex : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq585.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq736.tmp -> TrackingCookie.247realmedia : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq737.tmp -> TrackingCookie.2o7 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq739.tmp -> TrackingCookie.Falkag : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73A.tmp -> TrackingCookie.Bfast : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73B.tmp -> TrackingCookie.Falkag : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73C.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73D.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73E.tmp -> TrackingCookie.Zedo : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A1.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A2.tmp -> TrackingCookie.Doubleclick : Cleaned with backup ::Report End

#7 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 14 May 2006 - 08:45 AM

Click here to run ActiveScan.

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Paste the contents of the Panda scan report along with a new HijackThis Log in your next reply.

#8 JoH

New Member

Authentic Member
14 posts

Posted 14 May 2006 - 09:22 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:20:57 AM, on 5/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AdSubtract\adsub.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\xerox\Pagis\Monitor.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pagis Scheduler.lnk = C:\Program Files\xerox\Pagis\Monitor.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...74/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A97608DD-6999-11D5-9C8C-0010A4F2D6BF} (QCOMCont Class) - http://www.quicken.c...01/qcominst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Report from Activescan

Incident Status Location

Adware:adware/toprebates Not disinfected c:\windows\downloaded program files\WinadX.inf
Adware:adware/ncase Not disinfected c:\temp\FLEOK
Adware:adware/winad Not disinfected c:\program files\Winad Client
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ieplugin Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\53o3cqib.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[3].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ct.360i[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Cookies\owner@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fe.lea.lycos[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\owner@target[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atwola[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@did-it[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@target[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@xiti[1].txt

#9 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 14 May 2006 - 09:25 AM

Download ATF Cleaner:
http://www.atribune....tent/view/19/2/
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

When done a prompt appears informing of such.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

NEXT\

Please download WebRoot SpySweeper from HERE >>> http://www.webroot.c...ode=af1&rc=3597 (It's a 2 week trial):
Click the Free Trial link under to "SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
Please UNCHECK Do not Sweep System Restore Folder.
Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply as well as a new hijackthsi log please.

#10 JoH

New Member

Authentic Member
14 posts

Posted 14 May 2006 - 11:24 AM

Note: I had to restart windows at the end of the scan with Spysweeper. There were hundreds of lines of the Warning: Windows Messenger blah, blah and a few lines of other results, which I've copied here, as all of it was too big to post. I removed the stuff that was quarantined, there were six items. Below is the Hijack this scan log.

12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Found System Monitor: potentially rootkit-masked files
12:51 PM: g20060422_1609.trf (ID = 0)
12:51 PM: g20060429_0134.trf (ID = 0)
12:51 PM: g20060504_0530.trf (ID = 0)
12:51 PM: g20060510_1522.trf (ID = 0)
12:51 PM: site=hgtv&category=gardening&vgncontent=gl_design_small_space&adsize=120x600&pagetype=section&adtype=u.styles=img_sponsor,html_sponsor&topic=hardscapes&pagepos=1 (ID = 0)
12:51 PM: liveupdate.exe (ID = 0)
12:51 PM: cumulative20060322.trf (ID = 0)
12:51 PM: g20060322_0800.trf (ID = 0)
12:51 PM: gen.dll (ID = 0)
12:51 PM: g20060331_0444.trf (ID = 0)
12:51 PM: g20060409_1917.trf (ID = 0)
12:51 PM: g20060417_1740.trf (ID = 0)
12:51 PM: settings.ini (ID = 0)
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: liveupdate.ini (ID = 0)
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: m20060322_0800.trf (ID = 0)
12:51 PM: updatelist.txt (ID = 0)
12:51 PM: Warning: Unhandled Archive Type
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Invalid file - not a PKZip file
12:51 PM: Warning: Invalid file - not a PKZip file
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified se

Logfile of HijackThis v1.99.1
Scan saved at 1:10:36 PM, on 5/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AdSubtract\adsub.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\xerox\Pagis\Monitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pagis Scheduler.lnk = C:\Program Files\xerox\Pagis\Monitor.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...74/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A97608DD-6999-11D5-9C8C-0010A4F2D6BF} (QCOMCont Class) - http://www.quicken.c...01/qcominst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Advertisements

Register to Remove

#11 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 14 May 2006 - 04:18 PM

Please download Asquared from the link below.

http://www.emsisoft....tware/download/

Safe it to your desktop. Next open and check for updates.

Boot to safe mode (tap f8 while bios loads)

Then scan your system (this will take some time) after the scan is compelte allow it to fix what it has found. If there is something that it can not clean please let me know what it was.

Then reboot and post a new hijackthis log.

#12 JoH

New Member

Authentic Member
14 posts

Posted 14 May 2006 - 09:54 PM

The ASquared found a few cookies and some adware, which I removed, but no malware.
The is the latest HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 11:49:39 PM, on 5/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\alg.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\AdSubtract\adsub.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\xerox\Pagis\Monitor.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pagis Scheduler.lnk = C:\Program Files\xerox\Pagis\Monitor.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...74/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A97608DD-6999-11D5-9C8C-0010A4F2D6BF} (QCOMCont Class) - http://www.quicken.c...01/qcominst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#13 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 18 May 2006 - 08:08 PM

Sorry I was called out of town for work on an emergency. Can I see a new hijackthis log please.

#14 JoH

New Member

Authentic Member
14 posts

Posted 19 May 2006 - 06:01 AM

Yes, Here it is. Thank you!

Logfile of HijackThis v1.99.1
Scan saved at 7:58:38 AM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\ADSUBT~1\adsub.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...74/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A97608DD-6999-11D5-9C8C-0010A4F2D6BF} (QCOMCont Class) - http://www.quicken.c...01/qcominst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#15 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 19 May 2006 - 07:31 AM

Download Blacklight Beta from here:
http://www.f-secure....light/try.shtml
Hit I accept. It will take you to download page.
Download blbeta.exe and save it to the Desktop.
Once saved... double click blbeta.exe to install the program.
Click accept agreement and Click scan
This app too may fire off a warning from antivirus. Let the driver load.
Wait for it to finish.
If it displays any items...don't do anything with them yet. Just hit exit (close)
It will drop a log on Desktop that starts with fsbl....big number
Please post contents of log.

Body Background

skin color theme