Tech Support Forum - View Single Post - Hello, can some one take a look at this hijackthis log file for me

kbnet56 · 10-05-2006, 10:16 AM

Ok, I did everything you said, included in this post is the AVG Antispyware log
the Panda Active Active scan log, a new Hijackthis log.

If you notice, I have been unable to delete:

O2 - BHO: (no name) - {D3153544-0F65-496C-8F40-8147612C91A8} - C:\WINDOWS\system32\lcp361.dll
O20 - Winlogon Notify: lcp361 - C:\WINDOWS\SYSTEM32\lcp361.dll
C:\WINDOWS\system32\lcp361.dll

When I go into Windows/system32 and manually try to delete lcp361.dll it won't delete. It says it
is being used by another person or program. I have tried to delete it from a clean boot where no programs
but basic system programs load.. to no avail. I have tried to delete it in safemode to no avail.

What my computer is doing is for no apparent reason, I do not even have to be surfing the net.. it will bring
up a full web page ad .. sometimes my speakers will just start playing some music with some advertisment like
a radio is on.. here are some of the urls of the pages that have popped up.. alot are in relation to spyware,
however.. some are totally unrelated:

http://www.winantivirus.com/download...soft&ex=1&ax=1

http://www.winantiviruspro.com/pages...d=http+com+nav

http://www.amaena.com/pastelblue/?mp...d=dn_kn_swmplx

http://70.87.13.78/ipd-cpv-adv-y-x9m.html

http://www.bizrate.com/search__cat_i...__sfsk--0.html

Here are the logs you requested:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:12:29 AM 10/5/2006

+ Scan result:

E:\Biz\Desktop2\Programs and Software\CAsino SoftWAre\casino tropez\SetupCasino.exe -> Adware.Casino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3933A2D4-313C-CB82-3FF9-E9660D4850AF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1267699857-2275037637-1995648789-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA0E41C6-7850-AD03-4758-F830E674D570} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP368\A0041682.dll -> Adware.InstantBuzz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP402\A0042816.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP402\A0042818.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP405\A0042860.dll -> Adware.InstantBuzz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP405\A0042862.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP405\A0042863.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined).
D:\SetupInstantBuzz.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined).
E:\Biz\Desktop2\Programs and Software\Euin Chia\SetupInstantBuzz.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined).
E:\TrackthatAd\SetupInstantBuzz.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined).
HKU\S-1-5-21-1267699857-2275037637-1995648789-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7475D3FD-5D85-49DB-8B9B-6968467B2D80} -> Adware.InstantBuzz : Cleaned with backup (quarantined).
HKU\S-1-5-21-1267699857-2275037637-1995648789-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B8D60EBB-5565-4392-957B-7164BA087AD4} -> Adware.InstantBuzz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP388\A0042302.dll -> Downloader.ConHook.ah : Cleaned with backup (quarantined).
C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.

::Report end

Panda Active Scan Report

Incident Status Location

Adware:adware/sahagent Not disinfected c:\windows\system32\bqrufs5f.dat
Adware:adware/psic Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Start Menu\ClickMe.url
Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Spyware:spyware/apropos Not disinfected c:\program files\SysAI
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@ad.yieldmanager[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@doubleclick[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@qksrv[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@stats1.reliablestats[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@trafficmp[1].txt
Adware:Adware/I-search.us Not disinfected C:\WINDOWS\ScrBlaze.scr
Potentially unwanted tool:Application/FunWeb Not disinfected D:\hijackthis\backups\backup-20061003-134315-836.inf

Logfile of HijackThis v1.99.1
Scan saved at 11:13:17 AM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
d:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
D:\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Explorer.EXE
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: (no name) - {D3153544-0F65-496C-8F40-8147612C91A8} - C:\WINDOWS\system32\lcp361.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\drivers\NSW2005\NAV\EXTERNAL\NORTON\APP\NAVSHEXT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://thesecret.tv/movie/player/vivid_ocx.jpeg
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: lcp361 - C:\WINDOWS\SYSTEM32\lcp361.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Merle Miller.D9DYK641\Desktop\CWShredder.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~2\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

10-05-2006, 10:16 AM	#5 (permalink)
kbnet56 Registered User Join Date: Sep 2006 Posts: 12 OS: xp	I did what you asked me.. somethings wouldnt delete Ok, I did everything you said, included in this post is the AVG Antispyware log the Panda Active Active scan log, a new Hijackthis log. If you notice, I have been unable to delete: O2 - BHO: (no name) - {D3153544-0F65-496C-8F40-8147612C91A8} - C:\WINDOWS\system32\lcp361.dll O20 - Winlogon Notify: lcp361 - C:\WINDOWS\SYSTEM32\lcp361.dll C:\WINDOWS\system32\lcp361.dll When I go into Windows/system32 and manually try to delete lcp361.dll it won't delete. It says it is being used by another person or program. I have tried to delete it from a clean boot where no programs but basic system programs load.. to no avail. I have tried to delete it in safemode to no avail. What my computer is doing is for no apparent reason, I do not even have to be surfing the net.. it will bring up a full web page ad .. sometimes my speakers will just start playing some music with some advertisment like a radio is on.. here are some of the urls of the pages that have popped up.. alot are in relation to spyware, however.. some are totally unrelated: http://www.winantivirus.com/download...soft&ex=1&ax=1 http://www.winantiviruspro.com/pages...d=http+com+nav http://www.amaena.com/pastelblue/?mp...d=dn_kn_swmplx http://70.87.13.78/ipd-cpv-adv-y-x9m.html http://www.bizrate.com/search__cat_i...__sfsk--0.html Here are the logs you requested: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 5:12:29 AM 10/5/2006 + Scan result: E:\Biz\Desktop2\Programs and Software\CAsino SoftWAre\casino tropez\SetupCasino.exe -> Adware.Casino : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{3933A2D4-313C-CB82-3FF9-E9660D4850AF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-1267699857-2275037637-1995648789-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA0E41C6-7850-AD03-4758-F830E674D570} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP368\A0041682.dll -> Adware.InstantBuzz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP402\A0042816.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP402\A0042818.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP405\A0042860.dll -> Adware.InstantBuzz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP405\A0042862.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP405\A0042863.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined). D:\SetupInstantBuzz.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined). E:\Biz\Desktop2\Programs and Software\Euin Chia\SetupInstantBuzz.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined). E:\TrackthatAd\SetupInstantBuzz.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined). HKU\S-1-5-21-1267699857-2275037637-1995648789-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7475D3FD-5D85-49DB-8B9B-6968467B2D80} -> Adware.InstantBuzz : Cleaned with backup (quarantined). HKU\S-1-5-21-1267699857-2275037637-1995648789-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B8D60EBB-5565-4392-957B-7164BA087AD4} -> Adware.InstantBuzz : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP388\A0042302.dll -> Downloader.ConHook.ah : Cleaned with backup (quarantined). C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned. ::Report end Panda Active Scan Report Incident Status Location Adware:adware/sahagent Not disinfected c:\windows\system32\bqrufs5f.dat Adware:adware/psic Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Start Menu\ClickMe.url Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch Spyware:spyware/apropos Not disinfected c:\program files\SysAI Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@ad.yieldmanager[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@apmebf[1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@as-us.falkag[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@atdmt[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@doubleclick[2].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@qksrv[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@stats1.reliablestats[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Merle Miller.D9DYK641\Cookies\merle miller@trafficmp[1].txt Adware:Adware/I-search.us Not disinfected C:\WINDOWS\ScrBlaze.scr Potentially unwanted tool:Application/FunWeb Not disinfected D:\hijackthis\backups\backup-20061003-134315-836.inf Logfile of HijackThis v1.99.1 Scan saved at 11:13:17 AM, on 10/5/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe d:\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe D:\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\SYSTEM32\notepad.exe C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\Explorer.EXE D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ O2 - BHO: (no name) - {D3153544-0F65-496C-8F40-8147612C91A8} - C:\WINDOWS\system32\lcp361.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\drivers\NSW2005\NAV\EXTERNAL\NORTON\APP\NAVSHEXT.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://thesecret.tv/movie/player/vivid_ocx.jpeg O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: lcp361 - C:\WINDOWS\SYSTEM32\lcp361.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Merle Miller.D9DYK641\Desktop\CWShredder.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~2\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe