• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
Remmdogg

Hijackthis log for a superslow computer

17 posts in this topic

Hi, I hope someone can help me fix this poor computer.

 

 

 

 

PandaScan:

 

Incident Status Location

 

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt

Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe

Adware:Adware/PestTrap Not disinfected C:\nj.exe

Adware:Adware/Weirdontheweb Not disinfected C:\Program Files\ItBill\itbill.exe

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\api.exe

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\DownloadManager.exe

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\insdl.dll

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\MediaPipe.exe

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\MPTray.exe

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\MPUpdate.exe

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\p2pinst.exe

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\p2pl.exe

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\register.dll

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\MediaPipe\uninst.exe

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\p2pnetworks\mpp2pl.exe

Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\p2pnetworks\p2pnetworks.exe

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\SysProtect\flfxr15.dll

Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Program Files\SysProtect\FRec.dll

Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Program Files\SysProtect\FWraper.dll

Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Program Files\SysProtect\FxCore.dll

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\SysProtect\Install.exe

Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Program Files\SysProtect\InstHelp.exe

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\SysProtect\support.exe

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\SysProtect\Updater.exe

Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Program Files\SystemDoctor 2006\updater.exe

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp\Update\Distribution.dll.050

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp\Update\Music.dll.025

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp\Update\Windows.dll.076

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73.tmp

Spyware:Cookie/Bfast Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp

Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp

Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp

Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp

Spyware:Cookie/FastClick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7D.tmp

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp

Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp

Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\system32\df_kme.exe

Potentially unwanted tool:application/sysprotect Not disinfected C:\WINDOWS\system32\drivers\sscan.sys

Virus:Trj/Agent.CHF Disinfected C:\WINDOWS\system32\gebyayw.dll

Adware:adware/secure32 Not disinfected C:\WINDOWS\warnhp.html

Virus:Trj/AtlMonStealer.A Disinfected D:\do_work\hbsdvydx.exe

 

 

 

 

 

 

SmitFraudFix v2.65

 

Scan done at 17:23:04.46, Sat 07/01/2006

Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\warnhp.html Deleted

C:\Documents and Settings\HP_Owner\Application Data\Install.dat Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 5:58:53 PM, on 7/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\AOL\1136671762\ee\AOLSoftware.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0718bd22-9a38-4394-8596-b05f5af33775} - C:\WINDOWS\system32\batenc.dll

O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\sstts.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136671762\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [funk] funk.exe

O4 - HKLM\..\Run: [bikini] bikini.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151076878812

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: batenc - C:\WINDOWS\SYSTEM32\batenc.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Share this post


Link to post
Share on other sites

Hi Remmdogg

 

Did you lose your other topic where you were getting help from miekiemoes?

 

Click here to follow it:

http://www.lavasoftsupport.com/index.php?showtopic=1387

 

And then place that URL into your favorites so you can find it again

 

Keep your replies in that thread, so we don't all get confused or duplicate efforts

 

Thanks for your cooperation.

Share this post


Link to post
Share on other sites

Actually this is a seperate computer I'm working on now. Meikiemoes asked me to start a new thread for this computer being that it's a new set of logs.

Share this post


Link to post
Share on other sites
Actually this is a seperate computer I'm working on now. Meikiemoes asked me to start a new thread for this computer being that it's a new set of logs.
Ah, ok. :) It helps to know that otherwise, we think it is just a poster who is lost and posting multiple threads for the same problem.

 

I need to see another report from HijackThis. Instead scan, choose *Open Misc Tools Section*

Then choose *Open Uninstall Manager*

This will make a list of installed programs.

When it finishes, press the *Save List* button

Copy and paste the results of that List back here please.

Share this post


Link to post
Share on other sites

:blush:Sorry about that. But thanks for letting me know! :) I'll remember that for another old computer I used to have. I :D ya'll!!!! I'd love to learn how to do this...

 

 

 

Anyhoo, Here's the results:

 

Ad-Aware SE Personal

Adobe Acrobat - Reader 6.0.2 Update

Adobe Reader 6.0.1

Adobe Reader 7.0

Agere Systems PCI Soft Modem

AOL Uninstaller (Choose which Products to Remove)

CC_ccProxyMSI

CC_ccStart

ccCommon

Easy Internet Sign-up

Help and Support Additions

High Definition Audio Driver Package - KB835221

Hijackthis 1.99.1

HijackThis 1.99.1

Hotfix for Windows XP (KB896344)

HP Deskjet Preloaded Printer Drivers

HP Image Zone 4.2

HP Image Zone Plus 4.2

HP Organize

HP Photo & Imaging 3.5 - HP Devices

HP PSC & OfficeJet 4.0

HP Software Update

HPIZ402

IntelliMover Data Transfer Demo

Internet Worm Protection

InterVideo WinDVD Creator 2

InterVideo WinDVD Player

iTunes

Java 2 Runtime Environment, SE v1.4.2_03

KBD

LiveReg (Symantec Corporation)

LiveUpdate 3.0 (Symantec Corporation)

Logitech Desktop Messenger

Logitech Print Service

Logitech QuickCam

Logitech® Camera Driver

MediaPipe

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft .NET Framework 2.0

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Plus! Dancer LE

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Works 7.0

MSN

MSN Messenger 7.5

MSRedist

muvee autoProducer 3.5 magicMoments - HPD

Norton AntiVirus 2005

Norton AntiVirus 2005 (Symantec Corporation)

Norton AntiVirus Help

Norton AntiVirus Parent MSI

Norton AntiVirus SYMLT MSI

Norton Internet Security

Norton Internet Security

Norton Internet Security

Norton Internet Security

Norton Internet Security

Norton Internet Security

Norton Internet Security

Norton Personal Firewall

Norton Personal Firewall (Symantec Corporation)

Norton Security Center

Norton WMI Update

Norton WMI Update

p2pnetworks

Panda ActiveScan

PC-Doctor for Windows

Photosmart 320,370,7400,8100,8400 Series

PS2

QuickTime

RealPlayer

S3 S3Display

S3 S3Gamma2

S3 S3Info2

S3 S3Overlay

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893066)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Software Jukebox 2.0 NA-01D

Sonic RecordNow!

SPBBC

Symantec

Symantec Script Blocking Installer

SymNet

SysProtect 1.3.144.1

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Updates from HP

VIA Rhine-Family Fast Ethernet Adapter

VIA/S3G Display Driver

Viewpoint Media Player

Windows Installer 3.1 (KB893803)

Windows Media Connect

Windows Media Format Runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 10

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB883667

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Yahoo! Anti-Spy

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Share this post


Link to post
Share on other sites

Ok! Thanks! That helps.

 

First, go to Add/Remove programs in the Control Panel.

 

For each of the following, click on the program name and press *remove*

 

Java 2 Runtime Environment, SE v1.4.2_03 **

 

MediaPipe

 

p2pnetworks

 

SysProtect 1.3.144.1

 

**Note: That one is not malware, but that is an outdated vulnerable version of Sun Java that poses a security risk. It needs to be removed manually and then get the latest up to date version of Sun Java here:

http://www.java.com/en/download/manual.jsp

 

When done removing those programs, reboot your computer. Then run this free tool to remove Vundo:

 

Please download VundoFix.exe to your desktop.

 

double-click *VundoFix.exe* to run it.

- Put a check next to *Run VundoFix as a task*.

- You will receive a message saying vundofix will close and re-open in a minute or less. Click *OK*

- When VundoFix re-opens, click the *Scan for Vundo* button.

- Once it's done scanning, click the *Remove Vundo* button.

- You will receive a prompt asking if you want to remove the files, click *YES*

- Once you click yes, your desktop will go blank as it starts removing Vundo.

- When completed, it will prompt that it will shutdown your computer, click *OK*.

- Turn your computer back on.

- Please post the contents of C:\vundofix.txt into your next reply

 

Please scan once more with HijackThis and post a fresh log.

Share this post


Link to post
Share on other sites

Here we are.

 

 

VundoFix V4.2.84

 

Running as SYSTEM

from c:\windows\system32\VundoFix.exe

 

Checking Java version...

 

Java version is 1.5.0.7

 

Scan started at 4:20:16 PM 7/3/2006

 

Listing files found while scanning....

 

C:\WINDOWS\system32\sstts.dll

C:\WINDOWS\system32\sttss.ini

C:\WINDOWS\system32\sttss.bak1

C:\WINDOWS\system32\sttss.bak2

C:\WINDOWS\system32\sttss.ini2

C:\WINDOWS\system32\sttss.tmp

 

C:\WINDOWS\system32\sttss.bak1

C:\WINDOWS\system32\sttss.bak2

C:\WINDOWS\system32\sttss.tmp

C:\WINDOWS\system32\sttss.ini

C:\WINDOWS\system32\sttss.ini2

C:\WINDOWS\system32\sstts.dll

C:\WINDOWS\system32\sttss.ini2

C:\WINDOWS\system32\sttss.bak2

C:\WINDOWS\system32\sttss.tmp

C:\WINDOWS\system32\sttss.ini

C:\WINDOWS\system32\sttss.ini2

C:\WINDOWS\system32\sstts.dll

Attempting to delete C:\WINDOWS\system32\sstts.dll

C:\WINDOWS\system32\sstts.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sttss.ini

C:\WINDOWS\system32\sttss.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sttss.bak1

C:\WINDOWS\system32\sttss.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sttss.bak2

C:\WINDOWS\system32\sttss.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sttss.ini2

C:\WINDOWS\system32\sttss.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sttss.tmp

C:\WINDOWS\system32\sttss.tmp Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 4:34:32 PM, on 7/3/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\AOL\1136671762\ee\AOLSoftware.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0718bd22-9a38-4394-8596-b05f5af33775} - C:\WINDOWS\system32\batenc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136671762\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [funk] funk.exe

O4 - HKLM\..\Run: [bikini] bikini.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151076878812

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: batenc - C:\WINDOWS\SYSTEM32\batenc.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Share this post


Link to post
Share on other sites

Good job so far! There is more to do.

 

There is a file on there I need to examine more closely.

 

Go here to upload the file as an attachment

http://www.thespykiller.co.uk/forum/index.php?board=1.0

Just press new topic (Make the subject: For CalamityJane from Remmdogg at LS ),

fill in a short message & then press the browse button and then navigate to & select the file on your computer, then press the *Post* button to upload the file

 

Files to upload:

 

C:\WINDOWS\system32\batenc.dll

 

(Do not post HJT logs there as they will not get dealt with)

 

You DO NOT need to be a member to upload, anybody can upload the files

 

You will not see the file after it has been uploaded as they only show to the authorized users who can download them. I will collect it from there and reply back to you here in this topic :)

Share this post


Link to post
Share on other sites

I got your file. It is trojan conhook.aa. Ewido's Anti-Trojan detection can remove this

 

1. Download, install, and update Ewido AntiSpyware(get the free trial version)

http://www.ewido.net/en/download/

 

a. Install Ewido AntiSpyware

 

b. Launch Ewido, there should be a Orange Ewido icon on your desktop, double-click it.

 

c. The program will prompt you to update click the OK button

 

d. The program will now go to the main screen

 

e. At the top of the main screen click on *Update*

 

f. Click on Start. The update will start and a progress bar will show the updates being installed.

 

g. Do not scan yet. We'll do that later in SAFE MODE. After updating close Ewido and any open programs.

 

*Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).

You will still be able to manually update Ewido using the *update* button :)

 

2. Review, then save or printout the rest of these instructions so you have them handy since we'll do these steps in SAFE MODE and you won't be able to see this window.

 

3. Reboot into Safe Mode

You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

4. Once in safe mode, start Ewido

 

a. Click on scanner

 

b. Click on *complete system scan*

 

c. Let the program scan the machine.

 

(If you get a warning about a file being in an archive, please choose *yes* to quarantine the entire archive)

 

d. When the scan is done you will see a list of infected objects (if any found) At the bottom of the list, Please click on "recommended action"/and choose to Set all Elements to quarantine

EwidoSetAllElementsQuarantine.gif

 

Then click on *apply to all actions* button

EwidoApplyAllActions.gif

 

Now Ewido will begin to clean all those infected files in the list.

 

When it's done, you will then see a message in green letters that says "all actions have been applied"

 

5. At that point, then press the *Save Report*

 

6. Reboot back into normalmode

 

7. Post the results from the Ewido report back here.

Share this post


Link to post
Share on other sites

I was wondering if I should have deleted the cookies.

 

 

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 7:42:37 PM 7/3/2006

 

+ Scan result:

 

 

 

HKU\S-1-5-21-351990485-1994869247-3693449334-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).

HKU\S-1-5-21-351990485-1994869247-3693449334-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\AppID\{1C02CE6B-CC12-4ea1-B2D8-113F611F25C2} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\AppID\{8A1E94DA-725D-4f64-B110-DB3F73ADB6F7} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{1BEA1806-F5C7-4696-B0A0-26CFD6A958DD} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{258E07A2-FF65-493B-B6BD-421A1F2992A3} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{4B6A7638-0999-4924-93B7-C5738E1BAEE1} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{5585C185-B318-4072-A00D-8385F443AE07} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{622423BD-B825-4989-BA65-86D0B990D328} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{7516C86C-2F3D-4724-BD4E-1608F1BDAE12} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{9793B356-4337-44AC-9A22-DF6A7930602C} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{A56B6D30-FDE0-42A9-BE6B-18B5D3F2F519} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{A6E398B2-A288-4D76-B0D0-8F153D14B66E} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{B22EE952-9A58-4495-AE78-C0146FA1A3C7} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{C1EA2421-BC9A-4546-943C-126F9D818EFB} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{C88B2356-A6FE-41EC-B0FB-41F2C82C867E} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{DE3C77B8-7378-4A4C-B6F8-4A008B4A6009} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{E95F8133-A554-4C0C-9B9A-EEEE3B82CEDE} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{F18701B3-185D-42FD-A55E-F47FDAC8F362} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\Interface\{F9AC5167-2C13-4607-B924-81C1C2251C84} -> Adware.SysProtect : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned with backup (quarantined).

C:\WINDOWS\system32\batenc.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).

[216] C:\WINDOWS\system32\batenc.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).

[784] C:\WINDOWS\system32\batenc.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).

C:\WINDOWS\system32\jkhfe.exe -> Downloader.ConHook.ab : Cleaned with backup (quarantined).

C:\nj.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).

C:\WINDOWS\system32\gaxbdhhq.dll -> Logger.VBStat.c : Cleaned with backup (quarantined).

C:\WINDOWS\system32\qeuksxpi.dll -> Logger.VBStat.c : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73.tmp -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp -> TrackingCookie.Bfast : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7D.tmp -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

 

 

::Report end

Share this post


Link to post
Share on other sites

You can delete anything you like from quarantine. Cleaned and backup in quarantine is just in case you need or want to restore something that maybe should not have been deleted.

 

Could you scan once more with HijackThis and post a new log please?

Share this post


Link to post
Share on other sites

Thanks.

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:21:19 AM, on 7/4/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\AOL\1136671762\ee\AOLSoftware.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0718bd22-9a38-4394-8596-b05f5af33775} - C:\WINDOWS\system32\batenc.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136671762\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [funk] funk.exe

O4 - HKLM\..\Run: [bikini] bikini.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151076878812

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: batenc - batenc.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Share this post


Link to post
Share on other sites

Open HijackThis and do a *scan only*

When it finishes, place a checkmark next to these entries, then press the *fix checked* button

 

O2 - BHO: (no name) - {0718bd22-9a38-4394-8596-b05f5af33775} - C:\WINDOWS\system32\batenc.dll (file missing)

 

O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H

 

O4 - HKLM\..\Run: [funk] funk.exe

 

O4 - HKLM\..\Run: [bikini] bikini.exe

 

O20 - Winlogon Notify: batenc - batenc.dll (file missing)

.........

Delete the following files and folder (if found)

 

C:\Program Files\p2pnetworks (folder)

 

funk.exe (file)

 

bikini.exe (file)

 

Reboot your computer.

 

Scan once more with HijackThis and post a fresh log. Hopefully it will be a clean one :o

Share this post


Link to post
Share on other sites

Phew. Hopefully we're clean.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 3:29:57 PM, on 7/4/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\AOL\1136671762\ee\AOLSoftware.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136671762\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151076878812

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Share this post


Link to post
Share on other sites

Looks good Remmdogg! :D

 

Some final cleanup and prevention recomendations follow.

 

Followup with a Full System Scan with Ad-Aware SE

Please can you make sure that you are using

Ad-aware SE Build 106r1

Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

 

[if not Uninstall your old Ad-aware first then install SE]

Then use the WebUpDate

to get the latest Definition file

SE1R113 28.06.2006

To do this Open Ad-aware

Click the WebUpDate

button at the top right hand side of the Ad-aware screen (The world globe).

Click "Connect"

Ad-aware will then download the latest Definition file for you.

To make sure it is updated , look at the main

Ad-aware screen, and look under "Initialization Status"

It should say the Latest Definition file.

then scan doing a "Full Scan"

 

Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr

Wait while Windows scans your system for files to delete.

Make sure these 3 are checkmarked and press *ok* to delete them.

 

Temporary Files

Temporary Internet Files

Recycle Bin

 

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

 

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

(winXP)

 

1. Turn off System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Put a Checkmark in the box next to "Turn off System Restore".

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Remove the checkmark next to "Turn off System Restore".

Click Apply, and then click OK.

 

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

 

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :).

How do I prevent Browser Hijacks and Spyware?

http://www.dslreports.com/faq/13620

 

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!

Windows Update

http://update.microsoft.com/microsoftupdate/

 

And see this link for instructions on how to configure the enhanced security features in SP2:

http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

 

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

 

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:

Microsoft Baseline Security Analyzer

http://www.microsoft.com/technet/security/...s/mbsahome.mspx

Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

 

Also visit this Free Online Scanner from Microsoft for PC Health and Safety

http://safety.live.com/site/en-US/default.htm

and Microsoft Security At Home

http://www.microsoft.com/athome/security/default.mspx

for tips to Protect your Pc, Protect yourself and Protect your Family.

Share this post


Link to post
Share on other sites

THank you so much. It's fun how this computer was liberated today: The fourth of July.

 

Well I can't say enough the gratitude my friends share.

 

Peaceand love to you and yours.

Share this post


Link to post
Share on other sites

You're quite welcome. Glad we could help :D

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0