Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Help Needed!!!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 03-31-2006, 09:55 AM   #1 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 11
OS: WinXP


Help Needed!!!
I cannot get rid of popups from Adult Friend Finder and also some security ones advising me to download programs from varying sites. After being advised to run HJT, here is my log. Any help is GREATLY APPRECIATED!!

Logfile of HijackThis v1.99.1
Scan saved at 11:44:43 AM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\TpScrLk.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM+\AIM+.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.unc.edu
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.unc.edu/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\hgdaa.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/client/iftwclix.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/software/e...all/isetup.cab
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\SYSTEM32\afslogon.dll
O20 - Winlogon Notify: hgdaa - C:\WINDOWS\system32\hgdaa.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM AFS Client (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
uncamber is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-31-2006, 11:17 AM   #2 (permalink)
Moderator, Microsoft Support
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2


Welcome to TSF

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
  • Click on see report. Then click Save report
Please post that log in your next reply.
__________________
POADB is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2006, 11:41 PM   #3 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 11
OS: WinXP


Vundo Fix:

undoFix V4.2.43

Checking Java version...

Java version is 1.4.2.4

Scan started at 11:57:38 AM 3/31/2006

Listing files found while scanning....


C:\WINDOWS\system32\aadgh.bak1
C:\WINDOWS\system32\aadgh.ini
C:\WINDOWS\system32\hgdaa.dll
Attempting to delete C:\WINDOWS\system32\aadgh.bak1
C:\WINDOWS\system32\aadgh.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aadgh.ini
C:\WINDOWS\system32\aadgh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgdaa.dll
C:\WINDOWS\system32\hgdaa.dll Has been deleted!

Performing Repairs to the registry.
Done!

HJT Report:

Logfile of HijackThis v1.99.1
Scan saved at 1:41:05 AM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\TpScrLk.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM+\AIM+.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.unc.edu
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.unc.edu/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\hgdaa.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/client/iftwclix.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/software/e...all/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\SYSTEM32\afslogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM AFS Client (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe



THANK YOU SOOO MUCH!
uncamber is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2006, 11:48 PM   #4 (permalink)
Moderator, Microsoft Support
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2


Hi. You're misisng the Panda Online results.

Run HJT and fix this item:

O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\hgdaa.dll (file missing)

Please post the online scan results along with a NEW HJT log.
__________________
POADB is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2006, 07:59 AM   #5 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 11
OS: WinXP


Panda Scan Results:

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@112.2o7[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@as-us.falkag[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@hc2.humanclick[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@kmpads[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@maxserving[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@target[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@webpower[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www47.buydomains[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www48.seeq[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@112.2o7[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@as-us.falkag[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@hc2.humanclick[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@kmpads[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@maxserving[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@target[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@webpower[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www47.buydomains[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www48.seeq[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.yieldmanager[2].txt
uncamber is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2006, 07:59 AM   #6 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 11
OS: WinXP


Panda Scan Results:

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@112.2o7[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@as-us.falkag[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@hc2.humanclick[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@kmpads[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@maxserving[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@target[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@webpower[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www47.buydomains[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www48.seeq[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@112.2o7[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@as-us.falkag[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@hc2.humanclick[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@kmpads[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@maxserving[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@target[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@webpower[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www47.buydomains[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www48.seeq[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.yieldmanager[2].txt
uncamber is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2006, 10:34 AM   #7 (permalink)
Moderator, Microsoft Support
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2


Please download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Main at the top and from the list on the main window, choose Select All.
  • Click the Empty Selected button.
Now Select FireFox From the top, and then do the same again.
  • Click Exit on the Main menu to close the program.

I'll need you to run Panda online sscan again please, and a new HJT log.
__________________
POADB is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2006, 11:53 AM   #8 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 11
OS: WinXP


Panda Scan:

Incident Status Location

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 1:53:04 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\TpScrLk.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM+\AIM+.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.unc.edu
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.unc.edu/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/client/iftwclix.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/software/e...all/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\SYSTEM32\afslogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM AFS Client (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
uncamber is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2006, 12:04 PM   #9 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,331
OS: Windows 98 & Windows XP Home/Pro

My System

Just cookies files...delete all of them in this folder:

C:\Documents and Settings\Administrator\Cookies\

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2006, 02:57 PM   #10 (permalink)
Registered User
 
Join Date: Mar 2006
Posts: 11
OS: WinXP


No more problems!! Thanks so much :)
uncamber is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:30 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85