here's my hijack this log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:10:58 PM, on 6/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\retadpu72.exe C:\Program Files\Messenger\msmsgs.exe C:\DOCUME~1\moe\MYDOCU~1\FNTS~1\dvdplay.exe C:\Program Files\WinPop\winpop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\COMMON~1\zokq\zokqm.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\s?stem\?hkntfs.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\COMMON~1\zokq\zokqa.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\moe\Desktop\HiJackThis_v2.0.0.0.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allvantage.com/myvantage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allvantage.com/myvantage/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allvantage.com/myvantage/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = - R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {651B1385-816A-DC9A-4B60-898DC92C8296} - C:\WINDOWS\system32\yyhqoy.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA197C7734672DE3F546CAC59B6 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\moe\MYDOCU~1\FNTS~1\dvdplay.exe" -vt yazb O4 - HKCU\..\Run: [Cluc] "C:\Program Files\s?stem\?hkntfs.exe" O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [zokq] C:\PROGRA~1\COMMON~1\zokq\zokqm.exe O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\moe\My Documents\My Music\LimeWire\LimeWire.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 11032 bytes
Hi! Step 1: Download and Run OiUninstaller Download and run this uninstaller: http://www.outerinfo.com/OiUninstaller.exe ======== Step 2: Download AVG Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. Version 7.5.0.50 ! * Install AVG Anti-Spyware by double clicking the installer. * Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked. * On the main screen under Your Computer's security. * Click on Change state next to Resident shield. It should now change to inactive. * Click on Change state next to Automatic updates. It should now change to inactive. * Next to Last Update, click on Update now. (You will need an active internet connection to perform this) * Wait until you see the Update succesfull message. * Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows. * Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link to manually update ewido. AVG Anti-Spyware manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. If AVG doesn't work in Safemode, please use this patchfile to make it work. Don't run just yet! ======== Step 3: Disable processes Open Task Manager by pressing ctrl + alt + delete keys simultaneously * Click Processes * Click Image Name to Alphabetize the list * Find C:\WINDOWS\retadpu72.exe C:\DOCUME~1\moe\MYDOCU~1\FNTS~1\dvdplay.exe C:\Program Files\WinPop\winpop.exe C:\PROGRA~1\COMMON~1\zokq\zokqm.exe :\PROGRA~1\COMMON~1\zokq\zokqa.exe and click on it * Click End Process * Repeat steps for each process listed above Close Task Manager ======== Step 4: Run HijackThis Click on do a system scan only Place a checkmark next to these lines(if still present) O2 - BHO: (no name) - {651B1385-816A-DC9A-4B60-898DC92C8296} - C:\WINDOWS\system32\yyhqoy.dll O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper.dll O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9 B1894E754BE54C29159A7DA197C7734672DE3F546CAC59B6 O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\moe\MYDOCU~1\FNTS~1\dvdplay.exe" -vt yazb O4 - HKCU\..\Run: [Cluc] "C:\Program Files\s?stem\?hkntfs.exe" O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe O4 - HKCU\..\Run: [zokq] C:\PROGRA~1\COMMON~1\zokq\zokqm.exe Then close all windows except Hijackthis and click Fix Checked ======== Step 5: Delete Temporary files Navigate to C:\Windows\Temp Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin. Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin. Clean out your Temporary Internet files. Proceed like this: Quit Internet Explorer, all browsers and quit any instances of Windows Explorer. For Internet Explorer 7 * Click Start, click Control Panel, and then double-click Internet Options. * On the General tab, click Delete... under Browsing History. * Next to Temporary Internet Files, click Delete files, and then click OK. * Next to Cookies, click Delete cookies, and then click OK. * Next to History, click Delete history, and then click OK. * Click the Close button. * Click OK. For Internet Explorer 4.x - 6.x * Click Start, click Control Panel, and then double-click Internet Options. * On the General tab, click Delete Files under Temporary Internet Files. * In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK. * On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK. * Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK. * Click OK. For Netscape 4.x and Up * Click Edit from the Netscape menubar. * Click Preferences... from the Edit menu. * Expand the Advanced menu by clicking the triangle sign. * Click Cache. * Click both the Clear Memory Cache and the Clear Disk Cache buttons. For Mozilla 1.x and Up * Click Edit from the Mozilla menubar. * Click Preferences... from the Edit menu. * Expand the Advanced menu by clicking the plus sign. * Click Cache. * Click the Clear Cache button. For Opera * Click File from the Opera menubar. * Click Preferences... from the File menu. * Click the History and Cache menu. * Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache. * Click Ok to close the Preferences menu. Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin. ======== Step 6: Show hidden foldes & Safemode [*]Go to Start > My Computer [*]Go to Tools > Folder Options [*]Click on the View tab [*]Untick the following: [*]Hide extensions for known file types [*]Hide protected operating system files (Recommended) [*]You will get a message warning you about showing protected operating system files, click Yes [*]Make sure this option is selected: [*]Show hidden files and folders [*]Click Apply and then click OK Restart your computer to Safe Mode. 1. If the computer is running, shut down Windows, and then turn off the power. 2. Wait 30 seconds, and then turn the computer on. 3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. 4. Ensure that the Safe Mode option is selected. 5. Press Enter. The computer then begins to start in Safe Mode. 6. Login on your usual account. ======== Step 7: Delete files in Safemode When in Safemode, please find and remove these: (if still present) C:\WINDOWS\system32\yyhqoy.dll C:\WINDOWS\xmlhelper.dll C:\WINDOWS\retadpu72.exe C:\Program Files\WinPop FOLDER C:\PROGRA~1\COMMON~1\zokq FOLDER ======== Step 8: Run AVG Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan. * Click on Scanner on the toolbar. * Click on the Settings tab. * Under How to act? * Click on Recommended Action and choose Quarantine from the popup menu. * Under How to scan? * All checkboxes should be ticked. * Under Possibly unwanted software: * All checkboxes should be ticked. * Under Reports: * Select Automatically generate report after every scan and uncheck Only if threats were found. * Under What to scan? * Select Scan every file. * Click on the Scan tab. * Click on Complete System Scan to start the scan process. * Let the program scan the machine. * When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. * Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) * At the bottom of the window click on the Apply all Actions button. (3) * When done, click the Save Scan Report button. (4) * Click the Save Report as button. * Save the report to your Desktop. * Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. Reboot in Normal Mode. Step 9: Post back reports Post fresh HijackThis log and AVG's report.
Here's my log file - any suggestions? Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 8:46:20 PM, on 6/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\qyvjsbvn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RioMSC.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\WINDOWS\avp.exe C:\Documents and Settings\All Users\Application Data\ihqhgrsh.exe C:\WINDOWS\smgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SXYB4LER\HiJackThis_v2.0.0.0[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://comcast.net/comcast.html R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\pgvcaaxj.dll O2 - BHO: (no name) - {A18D2E8F-3EC1-408F-BA4E-35829FD9B2DF} - C:\WINDOWS\system32\awtqn.dll O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\nnnoonm.dll O2 - BHO: (no name) - {F3CDEF9B-419B-4338-BD23-F7E5A05E2EA3} - C:\Program Files\Common Files\meroz83122.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [actfxivA] C:\WINDOWS\actfxivA.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qwinoodt.exe CHD003 O4 - HKLM\..\Run: [{54-40-0D-DD-ZN}] C:\windows\system32\nndsregr.exe CHD003 O4 - HKLM\..\Run: [j86759] C:\WINDOWS\j86759 O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe O4 - HKLM\..\Run: [ihqhgrsh.exe] C:\Documents and Settings\All Users\Application Data\ihqhgrsh.exe O4 - HKLM\..\Run: [smgr] smgr.exe O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xhfduhlg.dll",realset O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Gua] "C:\Documents and Settings\Owner\Application Data\F?nts\s?chost.exe" O4 - HKCU\..\Policies\Explorer\Run: [svchost.exe] C:\Program Files\Common Files\svchost.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096510223875 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127783090328 O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll O20 - Winlogon Notify: nnnoonm - C:\WINDOWS\SYSTEM32\nnnoonm.dll O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing) O23 - Service: DomainService - - C:\WINDOWS\system32\qyvjsbvn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\actfxiv.exe (file missing) O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\rtemehdowu.html -- End of file - 9781 bytes
Ok, here is my new Hijack this log. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 8:54:07 PM, on 6/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\s?stem\?hkntfs.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\moe\My Documents\My Music\LimeWire\LimeWire.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\moe\Desktop\HiJackThis_v2.0.0.0.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allvantage.com/myvantage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allvantage.com/myvantage/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allvantage.com/myvantage/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = - R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Cluc] "C:\Program Files\s?stem\?hkntfs.exe" O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\moe\My Documents\My Music\LimeWire\LimeWire.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 12044 bytes And here is the AVG log: AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 8:44:43 PM 6/25/2007 + Scan result: C:\Documents and Settings\moe\Desktop\backups\backup-20070625-131233-178.dll -> Adware.Agent : Cleaned with backup (quarantined). C:\WINDOWS\xmlhelper.dll -> Adware.Agent : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0003984.dll -> Adware.PurityScan : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP8\A0003868.exe -> Adware.PurityScan : Cleaned with backup (quarantined). C:\Program Files\WinPop\winpop.exe -> Adware.Rond : Cleaned with backup (quarantined). C:\WINDOWS\b122.exe -> Adware.Softomate : Cleaned with backup (quarantined). C:\WINDOWS\b138.exe -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0003925.dll -> Adware.TargetServer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0004013.exe -> Backdoor.VB.kb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0003922.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP6\A0002290.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined). C:\2.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined). C:\54.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0003981.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP5\A0002173.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0003923.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP9\A0003898.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined). C:\WINDOWS\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP9\A0003901.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined). C:\Program Files\Common Files\zokq\zokqd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP9\A0003899.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP9\A0003897.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined). C:\WINDOWS\b103.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP9\A0003900.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined). C:\WINDOWS\b136.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined). C:\Program Files\music_now\inetchk.exe -> Hijacker.Small : Cleaned with backup (quarantined). C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined). C:\Documents and Settings\moe\Cookies\moe@overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\moe\Cookies\moe@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\moe\Cookies\moe@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP8\A0003872.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\wnstsisv32.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP5\A0002082.exe -> Trojan.Small.mi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP5\A0002108.exe -> Trojan.Small.mi : Cleaned with backup (quarantined). C:\Program Files\WinPop\UnInstall.exe -> Trojan.Small.oa : Cleaned with backup (quarantined). ::Report end
@zedeutch Make a new thread to your log. ================== @scrapmom Good, but PurityScan is still there... We can try manyally remove: * Click Start * Click Control Panel * Double-click Add or Remove Program * Find and remove these programs if found: Yazzle by Oin Purityscan by Oin Snowballwars by Oin anything with Oin or Outerinfo Zolero Tizzletalk MediaTickets Cowabanga After that remove this folder: C:\Program Files\PurityScan Download and Run ComboFix * Download this file from either of the two below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe * Then double click combofix.exe & follow the prompts. * When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Post fresh HijackThis log and Combos log, please.
"moe" - 2007-06-26 10:37:08 - ComboFix 07-06-26.8 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\moe\MYDOCU~1.\ecurit~1 C:\DOCUME~1\moe\MYDOCU~1.\fnts~1 C:\DOCUME~1\moe\MYDOCU~1.\fnts~1\dvdplay.exe C:\Program Files\outerinfo C:\Program Files\outerinfo\Terms.rtf C:\Program Files\sstem~1 C:\Program Files\sstem~1\?hkntfs.exe C:\Program Files\winpop C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\core.sys ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CORE -------\core ((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 ))))))))))))))))))))))))))))))) 2007-06-26 10:36 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-25 12:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-23 00:04 <DIR> d-------- C:\Program Files\Includes 2007-06-23 00:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-06-22 23:43 <DIR> d-------- C:\Program Files\Lavasoft 2007-06-22 23:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-06-22 23:38 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll 2007-06-22 23:38 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2007-06-22 23:38 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2007-06-22 23:38 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2007-06-22 23:38 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2007-06-22 23:38 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2007-06-22 23:38 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2007-06-22 23:38 <DIR> d-------- C:\Program Files\Sygate 2007-06-22 08:18 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer 2007-06-22 08:18 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\Sammsoft 2007-06-22 00:07 <DIR> d-------- C:\WINDOWS\system32\appmgmt 2007-06-21 23:37 0 -rahs---- C:\MSDOS.SYS 2007-06-21 23:37 0 -rahs---- C:\IO.SYS 2007-06-21 23:37 <DIR> d-------- C:\DOCUME~1\moe\WINDOWS 2007-06-19 22:38 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-06-19 21:29 23,040 --------- C:\WINDOWS\kb913800.exe 2007-06-19 21:01 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\2Wire 2007-06-19 20:53 <DIR> d-------- C:\Program Files\2Wire Wireless Manager 2007-06-19 20:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\2Wire 2007-06-19 20:38 <DIR> d-------- C:\Program Files\QwestQuickNetworking 2007-06-19 09:07 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-06-18 15:27 <DIR> d-------- C:\Program Files\WinTouch 2007-06-18 15:01 <DIR> d-------- C:\WINDOWS\zokq 2007-06-18 15:01 <DIR> d-------- C:\Program Files\Common Files\zokq 2007-06-18 14:10 176,085 --a------ C:\WINDOWS\b129.exe.bin 2007-06-18 09:55 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-06-16 16:48 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\Google 2007-06-16 15:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google 2007-06-16 12:05 <DIR> d-------- C:\Program Files\MySpace 2007-06-16 12:05 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\MySpace 2007-06-15 23:18 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-06-15 23:18 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-06-15 23:18 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-06-15 23:18 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\Leadertech 2007-06-15 22:56 <DIR> d-------- C:\Programme 2007-06-15 22:35 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\Walgreens 2007-06-15 18:06 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\MSNInstaller 2007-06-14 20:36 <DIR> d--h----- C:\Program Files\Zero G Registry 2007-06-14 20:36 <DIR> d-------- C:\Program Files\Coupon Sense 2007-06-14 20:23 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\AdobeUM 2007-06-14 12:49 <DIR> d-------- C:\WINDOWS\AllVantage 2007-06-14 12:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-14 10:03 <DIR> d--hs---- C:\RECYCLER 2007-06-14 09:40 86,016 --a------ C:\WINDOWS\unvise32qt.exe 2007-06-14 09:40 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys 2007-06-14 09:40 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2007-06-14 09:40 <DIR> d-------- C:\Program Files\Real 2007-06-14 09:40 <DIR> d-------- C:\Program Files\QuickTime 2007-06-14 09:40 <DIR> d-------- C:\Program Files\Common Files\Nullsoft 2007-06-14 09:40 <DIR> d-------- C:\My Music 2007-06-14 09:40 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\You've Got Pictures Screensaver 2007-06-14 09:40 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\AOL 2007-06-14 09:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime 2007-06-14 09:39 118,784 --a------ C:\WINDOWS\system32\Msstdfmt.dll 2007-06-14 09:39 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll 2007-06-14 09:39 10,752 --a------ C:\WINDOWS\system32\aamd532.dll 2007-06-14 09:39 <DIR> d-------- C:\Program Files\Viewpoint 2007-06-14 09:39 <DIR> d-------- C:\Program Files\Pure Networks 2007-06-14 09:39 <DIR> d-------- C:\Program Files\Common Files\Real 2007-06-14 09:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint 2007-06-14 09:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks 2007-06-14 09:38 335 --a------ C:\WINDOWS\nsreg.dat 2007-06-14 09:38 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys 2007-06-14 09:38 <DIR> d-------- C:\Program Files\Common Files\AOL 2007-06-14 09:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL 2007-06-13 20:35 <DIR> d-------- C:\DOCUME~1\moe\Shared 2007-06-13 20:35 <DIR> d-------- C:\DOCUME~1\moe\Incomplete 2007-06-13 20:28 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\LimeWire 2007-06-13 18:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft 2007-06-13 17:28 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\Yahoo! 2007-06-13 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-06-13 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! 2007-06-13 17:16 143,360 --a------ C:\WINDOWS\GTRemove.exe 2007-06-13 17:16 <DIR> d-------- C:\Program Files\Qwest 2007-06-13 17:16 <DIR> d-------- C:\Program Files\Common Files\supportsoft 2007-06-13 17:16 <DIR> d-------- C:\Program Files\Actiontec 2007-06-13 17:16 <DIR> d-------- C:\Program Files\2Wire_USB_Drivers 2007-06-13 17:15 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\InstallShield 2007-06-13 09:14 <DIR> d-------- C:\Program Files\Yahoo! 2007-06-13 08:03 8,704 --a------ C:\WINDOWS\system32\fxsperf.dll 2007-06-13 08:03 72,192 --a------ C:\WINDOWS\system32\fxscom.dll 2007-06-13 08:03 6,656 --a------ C:\WINDOWS\system32\fxsres.dll 2007-06-13 08:03 562,176 --a------ C:\WINDOWS\system32\fxsst.dll 2007-06-13 08:03 55,296 --a------ C:\WINDOWS\system32\fxsevent.dll 2007-06-13 08:03 452,096 --a------ C:\WINDOWS\system32\fxsapi.dll 2007-06-13 08:03 400,384 --a------ C:\WINDOWS\system32\fxsxp32.dll 2007-06-13 08:03 397,312 --a------ C:\WINDOWS\system32\fxstiff.dll 2007-06-13 08:03 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll 2007-06-13 08:03 285,184 --a------ C:\WINDOWS\system32\fxscomex.dll 2007-06-13 08:03 27,136 --a------ C:\WINDOWS\system32\fxsdrv.dll 2007-06-13 08:03 267,776 --a------ C:\WINDOWS\system32\fxssvc.exe 2007-06-13 08:03 246,272 --a------ C:\WINDOWS\system32\fxst30.dll 2007-06-13 08:03 23,552 --a------ C:\WINDOWS\system32\fxsmon.dll 2007-06-13 08:03 23,552 --a------ C:\WINDOWS\system32\fxsext32.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 03:44:39 -------- d-----w C:\Program Files\DIGStream 2007-06-17 20:37:36 -------- d-----w C:\Program Files\Google 2007-06-16 16:24:55 -------- d-----w C:\Program Files\WildTangent 2007-06-14 00:16:55 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-13 14:44:41 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-13 07:54:27 -------- d-----w C:\Program Files\HPQ 2007-06-12 20:48:40 -------- d-----w C:\Program Files\Windows Plus 2007-06-12 20:48:36 -------- d-----w C:\Program Files\Windows NT 2007-06-12 20:45:09 -------- d-----w C:\Program Files\Synaptics 2007-06-12 20:45:09 -------- d-----w C:\Program Files\Symantec 2007-06-12 20:45:05 -------- d-----w C:\Program Files\Sonic 2007-06-12 20:44:15 -------- d-----w C:\Program Files\RGB 2007-06-12 20:44:15 -------- d-----w C:\Program Files\Quickensetup 2007-06-12 20:44:02 -------- d-----w C:\Program Files\Quicken 2007-06-12 20:43:50 -------- d-----w C:\Program Files\Online Services 2007-06-12 20:42:52 -------- d-----w C:\Program Files\Norton Internet Security 2007-06-12 20:42:30 -------- d-----w C:\Program Files\Netscape 2007-06-12 20:42:17 -------- d-----w C:\Program Files\muvee Technologies 2007-06-12 20:42:17 -------- d-----w C:\Program Files\music_now 2007-06-12 20:42:17 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-06-12 20:42:16 -------- d-----w C:\Program Files\MSN Encarta Plus 2007-06-12 20:42:14 -------- d-----w C:\Program Files\Movie Maker 2007-06-12 20:42:13 -------- d-----w C:\Program Files\Microsoft Works 2007-06-12 20:41:43 -------- d-----w C:\Program Files\Microsoft Office Trial Wizard 2007-06-12 20:41:41 -------- d-----w C:\Program Files\Microsoft Money 2006 2007-06-12 20:41:27 -------- d-----w C:\Program Files\microsoft frontpage 2007-06-12 20:41:27 -------- d-----w C:\Program Files\Messenger 2007-06-12 20:41:01 -------- d-----w C:\Program Files\HP Rhapsody 2007-06-12 20:40:55 -------- d-----w C:\Program Files\HP 2007-06-12 20:40:03 -------- d-----w C:\Program Files\Hewlett-Packard 2007-06-12 20:39:41 -------- d-----w C:\Program Files\GemMaster 2007-06-12 20:39:38 -------- d-----w C:\Program Files\ESPNMotion 2007-06-12 20:39:38 -------- d-----w C:\Program Files\EnglishOtto 2007-06-12 20:39:35 -------- d-----w C:\Program Files\CONEXANT 2007-06-12 20:39:35 -------- d-----w C:\Program Files\Common Files\TiVo Shared 2007-06-12 20:39:13 -------- d-----w C:\Program Files\Common Files\SureThing Shared 2007-06-12 20:39:13 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-06-12 20:39:13 -------- d-----w C:\Program Files\Common Files\Sonic Shared 2007-06-12 20:39:02 -------- d-----w C:\Program Files\Common Files\Palo Alto Software 2007-06-12 20:39:02 -------- d-----w C:\Program Files\Common Files\ODBC 2007-06-12 20:39:02 -------- d-----w C:\Program Files\Common Files\muvee Technologies 2007-06-12 20:38:50 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-06-12 20:38:44 -------- d-----w C:\Program Files\Common Files\LightScribe 2007-06-12 20:38:38 -------- d-----w C:\Program Files\Common Files\Intuit 2007-06-12 20:38:37 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-06-12 20:38:34 -------- d-----w C:\Program Files\Common Files\HP 2007-06-12 20:38:30 -------- d-----w C:\Program Files\ATI Technologies 2007-06-12 20:38:29 -------- d-----w C:\Program Files\AMD 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-13 22:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 14:39] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-06-18 15:57] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 13:33] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22] {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 07:25] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 22:05] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 13:50] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 07:27] "IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2005-09-30 05:33] "SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 23:59] "@"="" [] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 12:39] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 11:56] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 15:26] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45] "QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [2006-11-07 21:07] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-06-14 09:40] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-14 09:40] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-22 22:22] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-04-27 13:04] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08] "Cluc"="C:\Program Files\s?stem\?hkntfs.exe" [] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 18:34] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-16 15:07] "AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-03-23 11:45] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-06-18 15:58] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 07:13] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] *Newly Created Service* - COMHOST HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393 rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee} %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf Contents of the 'Scheduled Tasks' folder 2007-06-23 07:00:30 C:\WINDOWS\tasks\At1.job 2007-06-18 16:01:59 C:\WINDOWS\tasks\At10.job 2007-06-26 17:00:01 C:\WINDOWS\tasks\At11.job 2007-06-25 18:00:00 C:\WINDOWS\tasks\At12.job 2007-06-21 19:00:30 C:\WINDOWS\tasks\At13.job 2007-06-25 20:00:00 C:\WINDOWS\tasks\At14.job 2007-06-24 21:00:10 C:\WINDOWS\tasks\At15.job 2007-06-22 22:00:30 C:\WINDOWS\tasks\At16.job 2007-06-23 23:00:02 C:\WINDOWS\tasks\At17.job 2007-06-23 00:00:30 C:\WINDOWS\tasks\At18.job 2007-06-26 01:00:00 C:\WINDOWS\tasks\At19.job 2007-06-16 22:17:39 C:\WINDOWS\tasks\At2.job 2007-06-16 22:17:39 C:\WINDOWS\tasks\At20.job 2007-06-26 03:00:00 C:\WINDOWS\tasks\At21.job 2007-06-26 04:00:00 C:\WINDOWS\tasks\At22.job 2007-06-26 05:00:00 C:\WINDOWS\tasks\At23.job 2007-06-24 06:00:00 C:\WINDOWS\tasks\At24.job 2007-06-16 22:17:39 C:\WINDOWS\tasks\At3.job 2007-06-16 22:17:39 C:\WINDOWS\tasks\At4.job 2007-06-16 22:17:39 C:\WINDOWS\tasks\At5.job 2007-06-16 22:17:39 C:\WINDOWS\tasks\At6.job 2007-06-16 22:17:39 C:\WINDOWS\tasks\At7.job 2007-06-16 22:17:39 C:\WINDOWS\tasks\At8.job 2007-06-22 15:00:30 C:\WINDOWS\tasks\At9.job 2007-06-14 17:45:53 C:\WINDOWS\tasks\Easy Internet Sign-up.job 2006-02-16 15:36:17 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-26 10:41:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-26 10:42:15 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-26 10:42 --- E O F ---
Sorry, forgot to post the Hijack this log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:06:38 AM, on 6/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\AllVantage\dunnow.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\moe\Desktop\HiJackThis_v2.0.0.0.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allvantage.com/myvantage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allvantage.com/myvantage/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Cluc] "C:\Program Files\s?stem\?hkntfs.exe" O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\moe\My Documents\My Music\LimeWire\LimeWire.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{AA04DDC3-9BAA-41E4-BC52-6D4E64AEE11A}: NameServer = 205.171.3.65 205.171.2.65 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 11619 bytes
Run HijackThis Click on do a system scan only Place a checkmark next to these lines(if still present) O4 - HKCU\..\Run: [Cluc] "C:\Program Files\s?stem\?hkntfs.exe" Then close all windows except Hijackthis and click Fix Checked Otherwise seems to be clean. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: * Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Reenable system restore with instructions from tutorial above * Make your Internet Explorer more secure - This can be done by following these simple instructions: * From within Internet Explorer click on the Tools menu and then click on Options. * Click once on the Security tab * Click once on the Internet icon so it becomes highlighted. * Click once on the Custom Level button. * Change the Download signed ActiveX controls to Prompt * Change the Download unsigned ActiveX controls to Disable * Change the Initialize and script ActiveX controls not marked as safe to Disable * Change the Installation of desktop items to Prompt * Change the Launching programs and files in an IFRAME to Prompt * Change the Navigate sub-frames across different domains to Prompt * When all these settings have been made, click on the OK button. * If it prompts you as to whether or not you want to save the settings, press the Yes button. * Next press the Apply button and then the OK to exit the Internet Properties page. * Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources * Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. * Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls * Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. * Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer * Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Instructions for - Spybot S & D and Ad-aware * Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware * Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will enhance your safety * IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. * MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer * Google Toolbar <= Get the free google toolbar to help stop pop up windows. * Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference! The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware. Also, please read this great article by Tony Klein So How Did I Get Infected In First Place Happy surfing and stay clean!
You hade PurityScan and Trojans. Please do that enable/disable systemrestore, because your systemrestore is full of those viruses.
