|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
09-11-2007, 02:34 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 62
OS: Win/XP
|
Cleaning up my system. HJT log inside.
Hello. My computer at present doesn't have SP2 on it due to extreme slowdown problems when I tried to update to SP2 so I figured I was on borrowed time before I had issues. Now AVG detected JS/Downloader agent and couldn't clean it so I began researching and found this site. I went through the 5 steps except I had a problem with the DSS running. It encountered a problem and had to close. So I sit here before you with limited knowledge of how all of this stuff works but I really like your step by step instructions. Here is my HiJack This log and some other scan right behind it. Let me know what I should do next.
 Thanks in advance,Sandy Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:24:54 PM, on 9/11/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\ehome\ehtray.exe C:\windows\system\hpsysdrv.exe C:\Program Files\USB Storage RW\shwicon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\nvsvc32.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\hp center\137903\Program\BackWeb-137903.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\WgaTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1183357003421 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183356966781 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 7967 bytes Incident Status Location Spyware:spyware/betterinet Not disinfected c:\windows\system32\in10b6s.dll Adware:adware/comet Not disinfected c:\windows\downloaded program files\cc.inf Adware:adware/keenvalue Not disinfected c:\windows\system32\drivers\etc\hosts.bho Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[3].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@clickbank[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@gostats[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@go[2].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@i.screensavers[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@target[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atwola[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@burstnet[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@drivecleaner[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@errorsafe[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@go[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@stats.drivecleaner[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.burstbeacon[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.drivecleaner[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.errorsafe[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@2o7[4].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@2o7[5].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@2o7[6].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@2o7[7].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@2o7[8].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@atwola[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@atwola[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@atwola[3].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@azjmp[2].txt Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@banner[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@belnk[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@burstnet[1].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@c3.gostats[2].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@did-it[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@dist.belnk[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@go[2].txt Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@mysearch[2].txt Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@rightmedia[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@www.burstbeacon[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@xiti[1].txt Adware:Adware/Zango Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\res1B.tmp Adware:Adware/Zango Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\res1C.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~341577.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~353580.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~428090.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~429505.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~507891.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~521788.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~526822.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~609290.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~645705.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~658127.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~661222.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~673027.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~684026.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~685062.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~695895.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~700831.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~705792.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~732350.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~735358.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~744389.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~746047.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~764948.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~765.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~776682.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~792812.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~890266.tmp Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temp\~896676.tmp Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\4RWDI9KN\channels_02[1].gif Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Joe.HOMECOMPUTER\Cookies\joe@go[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ross\Cookies\ross@atwola[2].txt Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Ross\Cookies\ross@mysearch[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ross\Cookies\ross@xiti[1].txt Virus:Trj/Downloader.PME Disinfected C:\Documents and Settings\Ross\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0B.dat Virus:Trj/Downloader.PME Disinfected C:\Documents and Settings\Ross\Local Settings\Temp\CDASilentInstall0500.exe Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Sandra\Application Data\Mozilla\Profiles\default\vijgai78.slt\cookies.txt[.apmebf.com/] Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@64.62.232[1].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@adopt.hbmediapro[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ath.belnk[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@azjmp[2].txt Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@banner[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@belnk[2].txt Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@c.fsx[1].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@c3.gostats[2].txt Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ccbill[2].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ct.360i[1].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ct.360i[3].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ct.360i[4].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ct.360i[5].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ct.360i[6].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ct.360i[7].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@did-it[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@dist.belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@dist.belnk[3].txt Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@entrepreneur[1].txt Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@fe.lea.lycos[2].txt Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@gangbangsquad[2].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@gostats[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@go[2].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@i.screensavers[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ig.com[1].txt Spyware:Cookie/Servlet Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@servlet[4].txt Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@spywarestormer[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@target[1].txt Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@teensforcash[2].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@toplist[3].txt Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@www.affiliatefuel[2].txt Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@www.seeq[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@xiti[1].txt Virus:Trj/Downloader.PME Disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\CDASilentInstall0500.exe Hacktool:HackTool/KillProcWin.A Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\CDASilentInstall0501.exe[simple_killw.exe] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\Cookies\sandra@atwola[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@atwola[2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@azjmp[2].txt Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@banner[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@belnk[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@burstnet[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@cgi-bin[10].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@cgi-bin[11].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@cgi-bin[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@cgi-bin[6].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@cgi-bin[8].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@ct.360i[1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@did-it[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@dist.belnk[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@drivecleaner[2].txt Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@fe.lea.lycos[1].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@gostats[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@go[1].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@i.screensavers[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@stats.drivecleaner[2].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@target[2].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@toplist[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@www.burstbeacon[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@www.drivecleaner[2].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@www.myaffiliateprogram[1].txt Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Cookies\sandra@yadro[2].txt Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Application Data\HP\Digital Imaging\Vault\3cc01e4a_256000.exe Virus:Trojan Horse Disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Application Data\HP\Digital Imaging\Vault\40ec7b80_1426.inf Adware:Adware Program Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Application Data\HP\Digital Imaging\Vault\c498d42b_379.inf Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Application Data\HP\Digital Imaging\Vault\c99187c8_365.inf Adware:Adware/WUpd Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Application Data\HP\Digital Imaging\Vault\d6aee2c3_316.inf Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Application Data\HP\Digital Imaging\Vault\ef19590a_225280.exe Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Temp\Cookies\sandra@atwola[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Temp\Cookies\sandra@burstnet[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Temp\Cookies\sandra@go[1].txt Spyware:Cookie/Servlet Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Temp\Cookies\sandra@servlet[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Sandra.HOMECOMPUTER\Local Settings\Temp\Cookies\sandra@www.burstbeacon[2].txt Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe Virus:Generic Malware Disinfected C:\Program Files\DownloadManager\Agent.dll Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\DownloadManager\DM.exe Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\DownloadManager\DownloadManager.exe Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\DownloadManager\MPTray.exe Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\DownloadManager\MPUpdate.exe Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\DownloadManager\p2pinst.exe Adware:Adware/Zango Not disinfected C:\Program Files\Netscape\Netscape\plugins\npclntax.dll Adware:Adware/TVMedia Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Install.inf Adware:Adware/Look2Me Not disinfected C:\WINDOWS\iconzx.exe Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\ftuninst.exe Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32ftuninst.exe |
|
     |
|
09-14-2007, 05:24 PM
|
#3 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 62
OS: Win/XP
|
Re: Cleaning up my system. HJT log inside.
Not sure why others posts keep getting attention and answers? I thought I followed the directions to get help by waiting the allotted time frame. My initial post was on 9-11-07 and it is 9-14-07. Will anyone help me?
|
|
|
|
|
09-16-2007, 08:35 AM
|
#4 (permalink) | |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,548
OS: Windows XP Pro
|
Re: Cleaning up my system. HJT log inside.
Hi and welcome to TSF.
Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance, then please carry out my instructions. Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. -------------------------------------------------------------- Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. -------------------------------------------------------------- I've got a few concerns about the following program. Below I've quoted what information the program collects. Do you really require this program? If not then I would recommend you uninstall it. MarketBrowser Privacy Statement - http://www.marketbrowser.com/privacy.asp?limitted=yes Quote:
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE Please remember to close all other windows, including browsers then click Fix checked. -------------------------------------------------------------- Please download Brute Force Uninstaller to your desktop.
Save it in the same folder you made earlier (c:\BFU). Do not do anything with these yet! Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter. -------------------------------------------------------------- Run Brute Force Uninstaller Go to Start > My Computer and navigate to the C:\BFU folder.
-------------------------------------------------------------- Restart your computer in Normal Mode --------------------------------------------------------------
Generate an Uninstall List
Please save a copy and paste the contents with your next reply. -------------------------------------------------------------- Please reply back with the following logs: C:\ComboFix.txt Fresh HiJackThis Log Uninstall List
__________________
 Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
|
09-18-2007, 08:33 AM
|
#5 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 62
OS: Win/XP
|
Re: Cleaning up my system. HJT log inside.
O.K. I did the requested steps and I am about to post the logs but I have 1 new problem. Once I re-booted after being in safemode, it took the administrator and made the only user the administrator and I lost the administrator desktop! I need that desktop back as it has all of my bookmarks etc on it. I do not want the user that is presently listed to have administrator privledges on his account also. (minor) Can you help me find out how to put the administrator back as the desktop and remove the present user's administrator privledges? Thanks in advance, Off to jury duty. Perhaps this will come back once I am totally finished? I couldn't even find this site for awhile as it was bookmarked on my Explorer (administrator)homepage. I had to hunt and peck to find this site among all other tech forums. |
and select alcanshorty.bfu by double clicking on it.