Jump to content

jatt7846

Members
  • Content Count

    81
  • Joined

  • Last visited

About jatt7846

  • Rank
    Member

Previous Fields

  • System Specifications:
    HP 750n PC
  1. Hi, still seeking help!!!!!!!!!!!!!!!!!!!!!!!!!! :help:
  2. Someone please help, the pop ups are totally out of control. Thanks.
  3. Here is the log from Panda Activescan Incident Status Location Adware:adware/securityerror No disinfected C:\Documents and Settings\All Users\Start Menu\Online Security Center.url Adware:adware/popuper No disinfected C:\Documents and Settings\All Users\Start Menu\Online Casino.url Adware:adware/superspider No disinfected C:\PROGRAM FILES\q330994.exe Adware:adware/cws No disinfected C:\Documents and Settings\Owner\Favorites\SHOP\Auctions.lnk Adware:adware/securityerror No disinfected C:\WINDOWS\SYSTEM32\ot.ico Spyware:spyware/petro-line No disinfected C:\Documents and Settings\Owner\Favorites\SITES ABOUT\Ab scissor.url Adware:adware/popuper No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\Remove Spyware.url Adware:adware/cws.searchmeup No disinfected C:\new.exe Adware:adware/msxmidi No disinfected C:\WINDOWS\msxmidi.exe Adware:adware/wupd No disinfected C:\PROGRAM FILES\Media Pass Adware:adware/wintools No disinfected Windows Registry Adware:Adware/PsGuard No disinfected C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Desktop.htt Dialer:Dialer.OK No disinfected C:\Hijack This\backups\backup-20050312-114137-263.inf Adware:Adware/PsGuard No disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt
  4. Hi, here is the SMITFILES log smitRem log file version 2.7 by noahdfear The current date is: Sat 10/15/2005 The current time is: 23:40:14.25 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key present! Running LTDFix/PSGuard.com fix! checking for PSGuard.com key PSGuard.com key not present! ShudderLTD key was successfully removed! if previously present, PSGuard.com key was successfully removed! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ Need Money.url ~~~ system32 folder ~~~ oleext.dll intmonp.exe msmsgs.exe ole32vbs.exe msole32.exe hp***.tmp shnlog.exe intmon.exe hhk.dll logfiles ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ uninstIU.exe popuper.exe ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN!
  5. Here is the rest of the Ewido scan report. Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected]ure[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup C:\Program Files\Power Scan -> Spyware.PowerScan : Cleaned with backup C:\WINDOWS\000001_.tmp:anvzou -> Spyware.SearchPage : Cleaned with backup C:\WINDOWS\sb_affiliate.ini:dxbgw -> TrojanDownloader.Agent.lz : Cleaned with backup C:\WINDOWS\sb_affiliate.ini:dxbgwx -> TrojanDownloader.Agent.lz : Cleaned with backup C:\WINDOWS\sites.ini -> Spyware.PSGuard : Cleaned with backup C:\WINDOWS\SYSTEM32\intell32.exe -> Spyware.PSGuard : Cleaned with backup C:\WINDOWS\WindowsUpdate.log:qxzlyk -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\wininit.ini:jmkpa -> TrojanDownloader.Agent.lz : Cleaned with backup C:\WINDOWS\winnt.bmp:iyjqtm -> Spyware.Ipyn : Cleaned with backup C:\WINDOWS\wmprfdan.prx:uovaw -> Spyware.Ipyn : Cleaned with backup C:\WINDOWS\WMPrfKor.prx:otqyfe -> Spyware.SearchPage : Cleaned with backup C:\WINDOWS\_default.pif:mrwrbk -> Spyware.Ipyn : Cleaned with backup C:\WINDOWS\_default.pif:trdmzz -> Trojan.Agent.bi : Cleaned with backup ::Report End
  6. Hi, I did run Adware and also Ewido scan whose log is posted below. Please let me know what else can I do. Thanks. --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 11:19:11 PM, 10/15/2005 + Report-Checksum: 58125382 + Scan result: HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup HKLM\SOFTWARE\Classes\a.a\CLSID\\ -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{145E6FB1-1256-44ed-A336-8BBA43373BE6} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{434236E6-77E0-412c-B45B-7E78E7F41E59} -> Spyware.PurityScan : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}\TypeLib\\ -> Spyware.2020Search : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B599C57E-113A-4488-A5E9-BC552C4F1152} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A} -> Spyware.HotBar : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A}\TypeLib\\ -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{0E704BA4-C517-4BE7-A1CD-C3FFDA1E1FFE} -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{0E704BA4-C517-4BE7-A1CD-C3FFDA1E1FFE}\TypeLib\\ -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F} -> Spyware.CommonName : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F}\TypeLib\\ -> Spyware.CommonName : Cleaned with backup HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID\\ -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\jn92j.3wo9\CLSID\\ -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\jn92j.3wo9.1\CLSID\\ -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\MediaPass.Installer -> Spyware.WinAd : Cleaned with backup HKLM\SOFTWARE\Classes\MediaPass.Installer\CLSID -> Spyware.WinAd : Cleaned with backup HKLM\SOFTWARE\Classes\MediaPass.Installer\CurVer -> Spyware.WinAd : Cleaned with backup HKLM\SOFTWARE\Classes\MediaPassX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID\\ -> Spyware.HotBar : Cleaned with backup HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CurVer -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag.1 -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F} -> Spyware.CommonName : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{E9A5B71C-093B-4F34-AF07-34FCA89BA0DF} -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PSGuard spyware remover -> Spyware.PSGuard : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup HKLM\SOFTWARE\ShudderLTD -> Spyware.PSGuard : Error during cleaning HKLM\SOFTWARE\ShudderLTD\PSGuard -> Spyware.PSGuard : Error during cleaning HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard -> Spyware.PSGuard : Error during cleaning HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License -> Spyware.PSGuard : Cleaned with backup C:\!Submit\intmonp.exe -> Trojan.Puper.ag : Cleaned with backup C:\Documents and Settings\Default User\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup :mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.105:C:\Documents and Settings\Owner\Application
  7. Hi, Can someone please take a look at my HJT log and tell me any fixes that I can do solve the problem. There is also a warning message on the desktop as a background image that I am not able to get rid of. Thanks. Logfile of HijackThis v1.99.1 Scan saved at 5:37:29 PM, on 10/15/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\PROGRA~1\WinPatrol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\popuper.exe C:\WINDOWS\System32\intmonp.exe C:\WINDOWS\System32\msole32.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\System32\shnlog.exe C:\WINDOWS\System32\intmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Hijack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\prefs.js) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hpB73D.tmp O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [WinPatrol] "c:\PROGRA~1\WinPatrol.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122192707703 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  8. I am sorry I lost you here on the last step. Once I save these 2 files 1) Winkey.reg (Save as type: regedit4 .reg type) 2) Winkey.hiv (Save as type: Scroll to select-regetd32/WinAPI *hiv *dat files) What do I do next? Also after "Copy and paste the bold text below into the address bar of Registrar Lite:(this is making a Registry backup for safety in case of error) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ I had to click on GO in order to File> Export and and save as. Hopefully that is what I had to do.
  9. Here is the new HJT log. Logfile of HijackThis v1.99.1 Scan saved at 7:15:56 AM, on 7/31/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\PROGRA~1\WinPatrol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\WINDOWS\explorer.exe C:\Hijack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\prefs.js) O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [WinPatrol] "c:\PROGRA~1\WinPatrol.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122192707703 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  10. Jacee, I was out of town and should have posted that here. Anyways here are the Panda scan and smit file. Will post HJT log in the next reply. I am still getting the "Installing" when computer reboots. Thanks. Incident Status Location Adware:adware/superspider No disinfected C:\PROGRAM FILES\q330994.exe Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\GOING PLACES\Air Tickets.lnk Adware:adware/popuper No disinfected C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\Need Money.url Adware:adware/perfect-search No disinfected C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\INSURANCE\Auto Insurance.url Adware:adware/startpage.lh No disinfected C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\INSURANCE\Travel Insurance.url Spyware:spyware/petro-line No disinfected C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\SITES ABOUT\Ab scissor.url Adware:adware/cws.searchmeup No disinfected C:\new.exe Adware:adware/msxmidi No disinfected C:\WINDOWS\msxmidi.exe Adware:adware/wupd No disinfected C:\PROGRAM FILES\Media Pass Adware:adware/psguard No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PSGUARD SPYWARE REMOVER Adware:adware/dealhelper No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WINDH Spyware:spyware/istbar No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TESTCONTENTMATCHCONTROL1.CONTENTMATCHTAG Adware:adware/mediatickets No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TESTCONTENTMATCHCONTROL1.CONTENTMATCHTAG.1 Adware:adware/apropos No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\AUTOLOADER Adware:adware/wintools No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\DDATE Adware:adware/iguard No disinfected HKEY_CLASSES_ROOT\CLSID\{145E6FB1-1256-44ED-A336-8BBA43373BE6} Adware:adware/virmaid No disinfected HKEY_CLASSES_ROOT\CLSID\{77B2F8DE-CB3F-4B6B-839B-807DD1ADBA1C} Adware:adware/bluescreenwarningNo disinfected HKEY_CLASSES_ROOT\CLSID\{B599C57E-113A-4488-A5E9-BC552C4F1152} Spyware:spyware/dyfuca No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER Adware:adware/ncase No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\SEARCH BAR_BAK Adware:adware/delta No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\REGISTRATION\DELTA Virus:Trj/Puper.D Disinfected C:\!Submit\intmon.exe Adware:Adware/Popuper No disinfected C:\!Submit\intmonp.exe Virus:Trj/Zlob.H Disinfected C:\!Submit\msmsgs.exe Adware:Adware/Virmaid No disinfected C:\!Submit\msole32.exe smitRem log file version 2.2 by noahdfear The current date is: Tue 07/26/2005 The current time is: 20:34:57.39 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Post-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Wininet.dll ~~~ CLEAN!
  11. Again after the reboot the Windows Installer window came up saying "Preparing to Install.......". A few seconds later the Norton Antivirus Window came up with this message "Norton Antivirus 2005 does not support the Repair feature, please uinstall and reinstall." I don't know what it is trying to install?????? I did say YES to the Winpatrol message and here is the new HJT log Logfile of HijackThis v1.99.1 Scan saved at 11:10:58 PM, on 7/25/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\PROGRA~1\WinPatrol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\System32\wuauclt.exe C:\Hijack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\prefs.js) O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [WinPatrol] "c:\PROGRA~1\WinPatrol.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122192707703 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  12. Jacee, I apologise for not being precise in my response. I am not getting the following messages "IE can not find the Active Desktop HTML file. The file is needed for Active Desktop" Norton Antivirus is telling me that I have Bloodhound Virus on my computer but it can not fix. The wallpaper on my computer has a warning message printed on it that the computer has spyware and adware on it. Everytime I reboot WinPatrol asks me if I wish to change my homepage to "******". If you want to keep your homepage as espn.com than click NO. I have been saying NO evertime I reboot. The other new problem is that when I reboot a Windows Installer window come up as if it is trying to install something. Then Norton Antivirus message come up saying that it does not support the installer.
  13. Jacee, here it is. "Silent Runners.vbs", revision 39, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Mozilla Quick Launch" = ""C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo" ["Mozilla, Netscape"] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string] "PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"] "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [null data] "KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"] "IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"] "hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"] "HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"] "ashMaiSv" = "C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe" [file not found] "WinPatrol" = ""c:\PROGRA~1\WinPatrol.exe"" ["BillP Studios"] "Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs Inc."] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided) \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" [file not found] TheCleaner\(Default) = "{2DE506B9-4320-11d3-8E42-002035221EDA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"] TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"] TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"] TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" [file not found] TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"] TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\sstext3d.scr" [MS] Startup items in "Owner" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "America Online 8.0 Tray Icon" -> shortcut to: "C:\Program Files\America Online 8.0\aoltray.exe -check" ["America Online, Inc."] "CompuServe 7.0 Tray Icon" -> shortcut to: "C:\Program Files\CompuServe 7.0\cstray.exe -check" ["CompuServe Interactive Services, Inc."] Enabled Scheduled Tasks: ------------------------ "ISP signup reminder 1" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /i /n:1" [MS] "ISP signup reminder 2" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /i /n:2" [MS] "ISP signup reminder 3" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /i /n:3" [MS] "Norton AntiVirus - Scan my computer - Owner" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "Registration reminder 1" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:1" [MS] "Registration reminder 2" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:2" [MS] "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: %SystemRoot%\system32\mswsock.dll [MS], 1 - 3 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {E7C9AF76-A50A-423A-A5CA-88DB1A24CEAE}\ "ButtonText" = "Microsoft AntiSpyware helper" "MenuText" = "Microsoft AntiSpyware helper" Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Missing lines (compared with English-language version): [strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"] Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] Norton AntiVirus Firewall Monitor Service, NPFMntor, "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"] NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] Symantec SPBBCSvc, SPBBCSvc, "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."] WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "Yes" at the first message box. ---------- (total run time: 104 seconds, including 18 seconds for message boxes)
  14. Here are the new logs but rebooting brings that item back. Logfile of HijackThis v1.99.1 Scan saved at 7:14:47 AM, on 7/25/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\PROGRA~1\WinPatrol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\System32\wuauclt.exe C:\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=31631 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\prefs.js) O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [WinPatrol] "c:\PROGRA~1\WinPatrol.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122192707703 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 7:10:42 AM, 7/25/2005 + Report-Checksum: 3BBA0FF4 + Date of database: 6/1/2005 + Version of scan engine: v3.0 + Duration: 42 min + Scanned Files: 61548 + Speed: 24.24 Files/Second + Infected files: 2 + Removed files: 2 + Files put in quarantine: 2 + Files that could not be opened: 0 + Files that could not be cleaned: 0 + Binder: Yes + Crypter: Yes + Archives: No + Scanned items: C:\Documents and Settings\Owner\Start Menu C:\ + Scan result: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup ::Report End
  15. Thanks for all your help so far. Here is the new HJT log and the smitfiles.txt file follows but I am not able to get rid of the following. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=31631 Logfile of HijackThis v1.99.1 Scan saved at 9:38:29 PM, on 7/24/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\PROGRA~1\WinPatrol.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\System32\wuauclt.exe C:\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=31631 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\6s5i5rw9.slt\prefs.js) O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [WinPatrol] "c:\PROGRA~1\WinPatrol.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122192707703 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe smitRem log file version 2.2 by noahdfear The current date is: Sun 07/24/2005 The current time is: 21:32:02.48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ PSGuard spyware remover PSGuard spyware remover.lnk Spyware Removal.lnk Online Dating.lnk quick launch PSGuard spyware remover.lnk ~~~ Favorites ~~~ adult cars sexual life shopping job search.url poker.url Online Gambling.url online dating.url Black Jack Online.url Online Pharmacy\Adipex.url Black Jack Online.url Home Loan.url Network Security.url Online Dating.url Online Pharmacy.url Remove Spyware.url Spam Filters.url Take It Here - Free * TGP.url Web Detective.url Online Gambling folder Online Pharmacy folder ~~~ system32 folder ~~~ oleext.dll wppp.html ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Post-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ oleext.dll ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Wininet.dll ~~~ wininet.dll INFECTED!! Starting replacement procedure. ~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~ ~~~~ dllcache\wininet.dll not present! ~~~~ ~~~~ Looking for C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll ~~~~ ~~~~ KB890923\SP2QFE\wininet.dll not present! ~~~~ ~~~~ Looking for C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll ~~~~ ~~~~ KB867282\SP2QFE\wininet.dll not present! ~~~~ ~~~~ Looking for C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll ~~~~ ~~~~ KB883939\SP2QFE\wininet.dll not present! ~~~~ ~~~~ Looking for C:\WINDOWS\ServicePackFiles\i386\wininet.dll ~~~~ ~~~~ C:\WINDOWS\ServicePackFiles\i386\wininet.dll Present! ~~~~ ~~~~ Checking C:\WINDOWS\ServicePackFiles\i386\wininet.dll for infection ~~~~ ~~~~ ServicePackFiles\i386\wininet.dll Clean! ~~~~ ~~~ Replaced wininet.dll from ServicePackFiles\i386 ~~~ ~~~ Upon reboot ~~~ wininet.old present! oleadm.dll not present! oleext.dll present! ~~~ Upon completion ~~~ wininet.old not present! oleadm.dll not present! oleext.dll not present! ~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~ ~~~~ C:\WINDOWS\system32\wininet.dll Clean! ~~~~
×
×
  • Create New...