Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Spyware Help Needed popups with IE

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Spyware Help Needed popups with IE

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 12-08-2007, 12:59 AM
Newbie
D-A-L Newbie
  
Join Date: May 2006
Posts: 12
jradams76 Is a beginner here at D-A-L
Spyware Help Needed popups with IE
Hi, I'm running Windows XP Home edition and recently had problems with a lot of popups happening. This has slowed my computer to a standstill and is making it impossible to surf the internet. I have downloaded Search and Destroy along with using AVG as a virus scanner. I have ran both of these applications and it has cleared over 80 cookies and trojans that were installed. I'm continuing to expierence the popup issues. I friend recommended me to this site to help me. I downloaded hijackthis and have posted my log below. Any help is appreciated!

Thanks

Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:47 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\eqnhdxxq.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\?ecurity\s?oolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...nsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...rchbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...rchbar&LC=0409
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [runner1] "C:\WINDOWS\retadpu77.exe" 61A847B5BBF72815358B2B27128065E9C084320161C4661227 A755E9C2933154389A
O4 - HKLM\..\Run: [{00-02-2A-AA-ZN}] "C:\windows\system32\ljdsregm.exe" SKY009
O4 - HKLM\..\Run: [SystemOptimizer] "rundll32.exe" "C:\WINDOWS\system32\nmuhynmr.dll",forkonce
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Enq] C:\WINDOWS\system32\?ecurity\s?oolsv.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\eqnhdxxq.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Real\profsywuy.html

--
End of file - 14309 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 12-08-2007, 11:45 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Spyware Help Needed popups with IE
You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items to avoid horrible clutter and/or potential lost backup issues.

It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.
  • Create a new folder in your C: Drive.
  • Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and
  • Move the HijackThis.exe file into the newly created FOLDER.
  • Rename (right click) HijackThis file (since some infections hide from that specific program name) to mw_scan or some other name.
  • Run HJT from there (and revise your shortcut accordingly).




Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.





Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while it’s running. That may cause it to stall




Let us see/review what is loaded on your PC:
  • Run HijackThis and Click Open the Misc Tools section button.
  • Then click the Open Uninstall Manager… button.
  • Click the Save list… button. Save uninstall_list to your desktop.

  • Open the Uninstall list file and post in your next reply, please.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 12-08-2007, 04:38 PM
Newbie
D-A-L Newbie
  
Join Date: May 2006
Posts: 12
jradams76 Is a beginner here at D-A-L
Re: Spyware Help Needed popups with IE
Hi thanks for the reply. I have posted the 3 log files below:

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 11:03:46 AM 8/12/2007

Listing files found while scanning....

C:\windows\system32\ddcdccd.dll
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\gfiilbsg.dll
C:\windows\system32\ixltlnfu.ini
C:\windows\system32\mljjhih.dll
C:\windows\system32\nmuhynmr.dll
C:\windows\system32\rmnyhumn.ini
C:\windows\system32\rmnyhumn.ini2
C:\windows\system32\rmnyhumn.tmp
C:\windows\system32\ufnltlxi.dll
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\system32\ycbeg.tmp
rundll32.exe

Beginning removal...

Attempting to delete C:\windows\system32\ddcdccd.dll
C:\windows\system32\ddcdccd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\gebcy.dll Has been deleted!

Attempting to delete C:\windows\system32\ixltlnfu.ini
C:\windows\system32\ixltlnfu.ini Has been deleted!

Attempting to delete C:\windows\system32\mljjhih.dll
C:\windows\system32\mljjhih.dll Has been deleted!

Attempting to delete C:\windows\system32\nmuhynmr.dll
C:\windows\system32\nmuhynmr.dll Has been deleted!

Attempting to delete C:\windows\system32\rmnyhumn.ini
C:\windows\system32\rmnyhumn.ini Has been deleted!

Attempting to delete C:\windows\system32\rmnyhumn.ini2
C:\windows\system32\rmnyhumn.ini2 Has been deleted!

Attempting to delete C:\windows\system32\rmnyhumn.tmp
C:\windows\system32\rmnyhumn.tmp Has been deleted!

Attempting to delete C:\windows\system32\ufnltlxi.dll
C:\windows\system32\ufnltlxi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\system32\ycbeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.tmp
C:\WINDOWS\system32\ycbeg.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 11:08:48 AM 8/12/2007

Listing files found while scanning....

C:\windows\system32\ddcdccd.dll

Beginning removal...

Attempting to delete C:\windows\system32\ddcdccd.dll
C:\windows\system32\ddcdccd.dll Has been deleted!

Performing Repairs to the registry.
Done!

-------------------------------------------

ComboFix 07-08-09.3 - "HP_Owner" 2007-08-12 11:19:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.541 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode
C:\DOCUME~1\HP_Owner\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\HP_Owner\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\HP_Owner\APPLIC~1\..\err.log
C:\DOCUME~1\HP_Owner\APPLIC~1\..\ResErrors.log
C:\DOCUME~1\HP_Owner\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
C:\DOCUME~1\HP_Owner\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\HP_Owner\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat
C:\DOCUME~1\HP_Owner\APPLIC~1\WinAntiVirus Pro 2007\CookieList.dat
C:\DOCUME~1\HP_Owner\APPLIC~1\WinAntiVirus Pro 2007\history.db
C:\DOCUME~1\HP_Owner\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log
C:\DOCUME~1\HP_Owner\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\DOCUME~1\HP_Owner\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log
C:\DOCUME~1\HP_Owner\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat
C:\DOCUME~1\HP_Owner\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\HP_Owner\STARTM~1\Programs.\Outerinfo\ Terms.lnk
C:\DOCUME~1\HP_Owner\STARTM~1\Programs.\Outerinfo\ Uninstall.lnk
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantivirus pro 2007
C:\Program Files\Java\hoke4444.dll
C:\Program Files\Java\hoke83122.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
C:\Program Files\Real\profsywuy.html
C:\Program Files\svhost
C:\Program Files\winantispyware 2007
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\154504 cb4c284a87020dbcb8\a1d0d276c19a446d243823a7\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\154504 cb4c284a87020dbcb8\a1d0d276c19a446d243823a7\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\154504 cb4c284a87020dbcb8\a1d0d276c19a446d243823a7\#inter nal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\154504 cb4c284a87020dbcb8\a1d0d276c19a446d243823a7\#inter nal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\154504 cb4c284a87020dbcb8\a1d0d276c19a446d243823a7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\154504 cb4c284a87020dbcb8\a1d0d276c19a446d243823a7\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\346bfc962369407be84b49a7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\346bfc962369407be84b49a7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\346bfc962369407be84b49a7\#inter nal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\346bfc962369407be84b49a7\#inter nal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\346bfc962369407be84b49a7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\346bfc962369407be84b49a7\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\544fbe4c54c046225fa5fabf\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\544fbe4c54c046225fa5fabf\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\544fbe4c54c046225fa5fabf\#inter nal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\544fbe4c54c046225fa5fabf\#inter nal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\544fbe4c54c046225fa5fabf\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\544fbe4c54c046225fa5fabf\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\ac4241bf87d44b9842d6e7b8\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\ac4241bf87d44b9842d6e7b8\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\ac4241bf87d44b9842d6e7b8\#inter nal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\ac4241bf87d44b9842d6e7b8\#inter nal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\ac4241bf87d44b9842d6e7b8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\ac4241bf87d44b9842d6e7b8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\b186e6d482274fd2c0722c9c\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\b186e6d482274fd2c0722c9c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\b186e6d482274fd2c0722c9c\#inter nal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\b186e6d482274fd2c0722c9c\#inter nal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\b186e6d482274fd2c0722c9c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e1ad47a3e1df4165dc91c78d\559baa c0cf2241cb1ccdb4ba\b186e6d482274fd2c0722c9c\#name
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\UWA7P
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstalle r.exe
C:\WINDOWS\racle~1
C:\WINDOWS\racle~1\?racle\
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\A1\kmhp83122.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\ecurit~1\s?oolsv.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\uyj.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z2
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\wr.txt
D:\Autorun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


2007-08-12 11:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 11:03 <DIR> d-------- C:\VundoFix Backups
2007-08-12 11:01 <DIR> d-------- C:\HJT
2007-08-11 19:52 75,328 --a------ C:\WINDOWS\system32\jahtmmsf.exe
2007-08-11 19:49 75,328 --a------ C:\WINDOWS\system32\vcwtoagr.exe
2007-08-10 23:07 75,328 --a------ C:\WINDOWS\system32\rurvrvha.exe
2007-08-10 22:07 75,328 --a------ C:\WINDOWS\system32\tvknsgip.exe
2007-08-10 21:41 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-10 21:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-10 19:06 75,328 --a------ C:\WINDOWS\system32\jkcppicf.exe
2007-08-10 19:03 75,328 --a------ C:\WINDOWS\system32\eqnhdxxq.exe
2007-08-10 17:59 75,328 --a------ C:\WINDOWS\system32\dmpahayi.exe
2007-08-10 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-10 17:36 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Talkback
2007-08-10 16:56 75,328 --a------ C:\WINDOWS\system32\khkwdweh.exe
2007-08-10 16:53 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-08-10 16:53 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-08-10 16:53 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-08-10 16:53 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-08-10 16:53 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-08-10 16:53 <DIR> d-------- C:\Program Files\Webroot
2007-08-10 16:53 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-08-10 16:53 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Webroot
2007-08-10 16:52 75,328 --a------ C:\WINDOWS\system32\wxnnxlib.exe
2007-08-10 16:52 164 --a------ C:\install.dat
2007-08-10 16:51 75,328 --a------ C:\WINDOWS\system32\josytfdr.exe
2007-08-10 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-08-10 16:14 75,328 --a------ C:\WINDOWS\system32\vwusjqau.exe
2007-08-09 20:52 75,328 --a------ C:\WINDOWS\system32\rkturvra.exe
2007-08-08 19:07 75,328 --a------ C:\WINDOWS\system32\glcpoowc.exe
2007-08-08 07:04 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-08-08 07:04 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-12 11:23 --------- d-------- C:\Program Files\Real
2007-08-10 22:13 --------- d-------- C:\Program Files\Easy Internet signup
2007-07-31 14:55 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM
2007-07-26 08:24 16368 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\wklnhst.dat
2007-07-18 20:51 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-10 16:17 --------- d-------- C:\Program Files\Common Files\DirectX
2007-07-02 10:01 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Snapfish
2007-06-24 08:05 37027 --a------ C:\WINDOWS\atmoUn.exe
2007-06-24 08:05 --------- d-------- C:\Program Files\Viewpoint
2007-05-16 11:12 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A9665B3-06F2-4697-8B04-23B7F7EE2855}]
C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AF7726F-0DDF-43BA-A79A-3E9F1195C313}]
C:\Program Files\Real\lavuja.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2002-01-01 06:29]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 12:04]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 20:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 11:59]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 13:01 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 14:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 14:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 15:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-01-01 06:52]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 16:43]
"PS2"="C:\WINDOWS\system32\ps2.exe" []
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [2004-10-14 17:54]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-23 16:34]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb10.exe" [2004-03-24 03:05]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-15 18:44]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 19:57 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 19:53 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-04-12 02:10 C:\WINDOWS\ALCMTR.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-17 16:05]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"{00-02-2A-AA-ZN}"="C:\windows\system32\ljdsregm.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-10 19:28]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"Enq"="C:\WINDOWS\system32\?ecurity\s?oolsv.ex e" []

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 23:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 23:50:52]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2004-06-23 20:23:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 02:19:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 23:28:24]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Real\profsywuy.html
FriendlyName=

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\system32\Drivers\SSHRMD.SYS
R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\system32\Drivers\SSIDRV.SYS
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys
R3 WinDriver6;Alohabob USB Bridge Cable Driver;C:\WINDOWS\system32\drivers\windrvr6.sys
S3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smse rial.sys


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
AutoRun\command- D:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-08-11 01:27:50 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
2007-08-10 20:53:40 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 11:25:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\C6F2FEA33D1FDC74FBB33A721FAFEB85\Usage]
"PSSpecific"=dword:370c0fba
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\MSSYCLM]
"Start"=dword:fbebfe7b

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-12 11:28:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 11:28

--- E O F ---

----------------------------------
Uninstall LOG from hijackthis

Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Professional
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Adobe Shockwave Player
Agere Systems PCI Soft Modem
Alohabob PC Relocator Ultra Control
AVG 7.5
Barnyard
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
Canon ScanGear Toolbox CS 2.2
CC_ccProxyExt
ccCommon
ccPxyCore
Crystal Maze from Hewlett-Packard Desktops (remove only)
Danny Phantom Ghost Frenzy (remove only)
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.5.3
HP Image Zone Plus 4.5.3
HP Organize
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP Software Update
HPIZplus450
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iPod for Windows 2006-03-23
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
KBD
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
MGI PhotoSuite 8.06 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works
Mozilla Firefox (2.0.0.6)
MSRedist
MSXML 4.0 SP2 (KB927978)
muvee autoProducer 3.5 magicMoments - HPD
Nicktoons Basketball
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
OmniPage Pro 9.0
Orbital from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
Photo Finale
Photosmart 320,370,7400,8100,8400 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
Polar Golfer from Hewlett-Packard Desktops (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Rhapsody
Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
Sonic Express Labeler
Sonic RecordNow!
SPBBC
SpongeBob SquarePants - Battle for Bikini Bottom
SpongeBob SquarePants - The Movie
SpongeBob SquarePants Employee of the Month
SpongeBob SquarePants® Operation Krabby Patty
Spy Sweeper
Spybot - Search & Destroy 1.4
Super Granny from Hewlett-Packard Desktops (remove only)
Super SpongeBob Collapse!
Symantec Script Blocking Installer
SymNet
The Sims Complete Collection
Tradewinds from Hewlett-Packard Desktops (remove only)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Updates from HP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086

----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:36 AM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\mw_scan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...rchbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...rchbar&LC=0409
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A9665B3-06F2-4697-8B04-23B7F7EE2855} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: 0 - {5AF7726F-0DDF-43BA-A79A-3E9F1195C313} - C:\Program Files\Real\lavuja.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{00-02-2A-AA-ZN}] "C:\windows\system32\ljdsregm.exe" SKY009
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Enq] C:\WINDOWS\system32\?ecurity\s?oolsv.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Real\profsywuy.html

--
End of file - 14454 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 13-08-2007, 04:54 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Spyware Help Needed popups with IE
You will need to be REBOOTING a number of times in the fix procedures. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.


If you are running two (2) real-time antivirus tools you will need to uninstall one of them (Norton or AVG). The will conflict with each other and/or cause system instabilities.



Your system has an outdated version(s) of Sun Java that could create serious security exposure issues for your PC.

Update your Java.

Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

Please follow these steps to remove older version Java components.
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.

Download the latest version of Java Runtime Environment (JRE) 6.0 Update 2 or higher, and install it to your computer.


New Version should show as (HijackThis log):

C:\Program Files\Java\jre1.6.0_02\… or higher



REBOOT.



SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O2 - BHO: (no name) - {5A9665B3-06F2-4697-8B04-23B7F7EE2855} - C:\WINDOWS\system32\gebcy.dll (file missing)

O4 - HKLM\..\Run: [ALCMTR] ALCMTR.EXE
O4 - HKLM\..\Run: [{00-02-2A-AA-ZN}] "C:\windows\system32\ljdsregm.exe" SKY009
O4 - HKCU\..\Run: [ENQ] C:\WINDOWS\system32\?ecurity\s?oolsv.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



Delete TEMPORARY FILES: Now, use CCleaner to hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

Run CCleaner.

FIRST-TIME USE:
Select the ”Options” BUTTON option (top LEFT), ”Advanced” BUTTON, and then UNCHECK the ”Only delete files in Windows Temp Folders older than 48 hours”. Set back to default afterwards.

Select the ”Cleaner” BUTTON option (top LEFT), if not already selected. Use the ”Windows” TAB up front by default.
  • Uncheck ”Cookies” option (advisable)
  • Optionally, Uncheck ”Recently Typed URLs” option (potentially still useful)
  • Click the ”Analyse” button.
  • Thereafter, click ”Run Cleaner” after you have reviewed what it proposes to clean.

***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE FILES:

C:\WINDOWS\ALCMTR.EXE

2007-08-11 19:52 75,328 --a------ C:\WINDOWS\system32\jahtmmsf.exe
2007-08-11 19:49 75,328 --a------ C:\WINDOWS\system32\vcwtoagr.exe
2007-08-10 23:07 75,328 --a------ C:\WINDOWS\system32\rurvrvha.exe
2007-08-10 22:07 75,328 --a------ C:\WINDOWS\system32\tvknsgip.exe
2007-08-10 19:06 75,328 --a------ C:\WINDOWS\system32\jkcppicf.exe
2007-08-10 19:03 75,328 --a------ C:\WINDOWS\system32\eqnhdxxq.exe
2007-08-10 17:59 75,328 --a------ C:\WINDOWS\system32\dmpahayi.exe
2007-08-10 16:56 75,328 --a------ C:\WINDOWS\system32\khkwdweh.exe
2007-08-10 16:52 75,328 --a------ C:\WINDOWS\system32\wxnnxlib.exe
2007-08-10 16:51 75,328 --a------ C:\WINDOWS\system32\josytfdr.exe
2007-08-10 16:14 75,328 --a------ C:\WINDOWS\system32\vwusjqau.exe
2007-08-09 20:52 75,328 --a------ C:\WINDOWS\system32\rkturvra.exe
2007-08-08 19:07 75,328 --a------ C:\WINDOWS\system32\glcpoowc.exe




POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 13-08-2007, 11:45 PM
Newbie
D-A-L Newbie
  
Join Date: May 2006
Posts: 12
jradams76 Is a beginner here at D-A-L
Re: Spyware Help Needed popups with IE
Things seem to be running a lot faster!!! System is more responsive now. Here is the hijackthis log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:52 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\ImageZoneSynchRulesAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\mw_scan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...rchbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...rchbar&LC=0409
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {5AF7726F-0DDF-43BA-A79A-3E9F1195C313} - C:\Program Files\Real\lavuja.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Real\profsywuy.html

--
End of file - 10754 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 15-08-2007, 12:44 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Spyware Help Needed popups with IE
WE need to fix one item in HijackThis (related file item removed in ComboFix). Plus there are a lot of not particular useful entries (have it thier way) that you should consider removing.


SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O24 - Desktop Component 0: (no name) - C:\Program Files\Real\profsywuy.html


[Optional Fixes]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...rchbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...rchbar&LC=0409

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=3c00&LC=0409 (file missing)

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 17-08-2007, 12:23 AM
Newbie
D-A-L Newbie
  
Join Date: May 2006
Posts: 12
jradams76 Is a beginner here at D-A-L
Re: Spyware Help Needed popups with IE
Thank You I have ran hijackthis again and removed those entries here is what th e log looks like now.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:15 PM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\HJT\mw_scan.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {5AF7726F-0DDF-43BA-A79A-3E9F1195C313} - C:\Program Files\Real\lavuja.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Real\profsywuy.html

--
End of file - 7608 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
desktop changed and popups for spyware BossBT Spyware, Adware, Viruses and HijackThis Logs 1 03-06-2008 05:45 AM
Annoying Malware/Spyware/Whatever they're called popups (RESOLVED) dv8shun Spyware, Adware, Viruses and HijackThis Logs 3 23-06-2006 04:42 PM
spyware Quake - popups wbpalacios Spyware, Adware, Viruses and HijackThis Logs 3 01-04-2006 03:11 AM
Spyware popups hijackthis log-topher21(RESOLVED) topher21 Spyware, Adware, Viruses and HijackThis Logs 17 19-12-2005 08:50 PM
Microsoft Anti-Spyware=IE Spyware! Tyler Desktop / Server Applications 8 25-01-2005 04:47 PM


All times are GMT +1. The time now is 10:16 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav