Tech Support Forum - View Single Post

Rockfish · 02-25-2006, 05:46 PM

Thanks for your help, it seems to run a lot better.

I did not find either of these files

* C:\Documents and Settings\Administrator\Application Data\T?sks\
C:\Program Files\uphl\

Here are the new logs. Please let me know if there is anything else I can do. Thank you so much.
Cheryl

Logfile of HijackThis v1.99.1
Scan saved at 6:42:28 PM, on 2/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\HPINST~1\Pavilion\XPENABF3EN\plugin\bin\pchbutton.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPENABF3EN\plugin\bin\pchbutton.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128178116421
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6F63B8F-C6FC-4D39-A492-9BF2628ED490}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:50:20 PM, 2/25/2006
+ Report-Checksum: B9E4F8C0

+ Scan result:

HKU\S-1-5-21-2807826083-847354008-2869748782-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\Recovery\OffshoreClicks.zip/owner@php.offshoreclicks[2].txt -> TrackingCookie.Offshoreclicks : Cleaned with backup
C:\WINDOWS\system32\nvctrl.exe -> Hijacker.SpyAxe : Cleaned with backup

::Report End

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, February 25, 2006 18:40:42
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 26/02/2006
Kaspersky Anti-Virus database records: 178652
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 113823
Number of viruses found: 10
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 5457 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c
C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af
C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af
C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0002.cab/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ay
C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.f
C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.f
C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.f
C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.f
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP204\A0025318.exe Infected: Trojan-Dropper.Win32.Agent.aiq
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP204\A0025319.exe Infected: Trojan-Dropper.Win32.Agent.aiq
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025375.exe Infected: Trojan-Dropper.Win32.PurityScan.ad
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025376.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025429.exe Infected: Trojan-Downloader.Win32.PurityScan.bu
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025430.dll Infected: Trojan-Downloader.Win32.IstBar.eq
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025447.exe Infected: Trojan-Dropper.Win32.PurityScan.ad
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025448.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025495.exe Infected: Trojan-Downloader.Win32.PurityScan.bu
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025497.exe Infected: Trojan-Dropper.Win32.PurityScan.ad
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025498.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025499.dll Infected: Trojan-Clicker.Win32.Small.kb
C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025719.dll Infected: Trojan-Downloader.Win32.IstBar.eq

Scan process completed.

02-25-2006, 05:46 PM	#3 (permalink)
Rockfish Registered User Join Date: Feb 2006 Posts: 4 OS: xp	Thanks for your help, it seems to run a lot better. I did not find either of these files * C:\Documents and Settings\Administrator\Application Data\T?sks\ C:\Program Files\uphl\ Here are the new logs. Please let me know if there is anything else I can do. Thank you so much. Cheryl Logfile of HijackThis v1.99.1 Scan saved at 6:42:28 PM, on 2/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\MSMSGS.EXE C:\PROGRA~1\HPINST~1\Pavilion\XPENABF3EN\plugin\bin\pchbutton.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPENABF3EN\plugin\bin\pchbutton.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128178116421 O17 - HKLM\System\CCS\Services\Tcpip\..\{D6F63B8F-C6FC-4D39-A492-9BF2628ED490}: NameServer = 68.94.156.1 68.94.157.1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 4:50:20 PM, 2/25/2006 + Report-Checksum: B9E4F8C0 + Scan result: HKU\S-1-5-21-2807826083-847354008-2869748782-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\Recovery\OffshoreClicks.zip/owner@php.offshoreclicks[2].txt -> TrackingCookie.Offshoreclicks : Cleaned with backup C:\WINDOWS\system32\nvctrl.exe -> Hijacker.SpyAxe : Cleaned with backup ::Report End ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Saturday, February 25, 2006 18:40:42 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 26/02/2006 Kaspersky Anti-Virus database records: 178652 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan Statistics: Total number of scanned objects: 113823 Number of viruses found: 10 Number of infected objects: 21 Number of suspicious objects: 0 Duration of the scan process: 5457 sec Infected Object Name - Virus Name C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0002.cab/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ay C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.f C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.f C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe/WISE0022.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.f C:\Documents and Settings\Administrator\Desktop\stuff2\Spybot - Search & Destroy 1.1\bkn\BearShare\Installer\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.f C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP204\A0025318.exe Infected: Trojan-Dropper.Win32.Agent.aiq C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP204\A0025319.exe Infected: Trojan-Dropper.Win32.Agent.aiq C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025375.exe Infected: Trojan-Dropper.Win32.PurityScan.ad C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025376.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025429.exe Infected: Trojan-Downloader.Win32.PurityScan.bu C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025430.dll Infected: Trojan-Downloader.Win32.IstBar.eq C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025447.exe Infected: Trojan-Dropper.Win32.PurityScan.ad C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025448.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025495.exe Infected: Trojan-Downloader.Win32.PurityScan.bu C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025497.exe Infected: Trojan-Dropper.Win32.PurityScan.ad C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025498.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025499.dll Infected: Trojan-Clicker.Win32.Small.kb C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP205\A0025719.dll Infected: Trojan-Downloader.Win32.IstBar.eq Scan process completed.