another HJT file i'd be grateful for you to peruse

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mlg5454

Thread Starter
Joined
Dec 9, 2005
Messages
43
Logfile of HijackThis v1.99.1
Scan saved at 6:54:31 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1135372308\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1135372308\ee\aim6.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135372308\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqpp - ssqpp.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
You have no anti-virus protection.
Get AVG (it's free): http://free.grisoft.com/doc/1
Install it and run a scan.

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

mlg5454

Thread Starter
Joined
Dec 9, 2005
Messages
43
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:41:44 PM, 12/26/2005
+ Report-Checksum: 350DA4CC

+ Scan result:

:mozilla.7:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.11:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.42:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.43:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.44:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.45:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.47:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.50:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.89:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.92:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.93:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.98:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.99:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.100:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.101:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.107:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.108:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.109:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.110:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.111:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.112:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.113:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.114:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.115:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.116:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.117:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.123:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.129:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.130:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.131:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.132:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.134:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.135:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.136:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.144:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.145:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.147:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.148:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.149:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.154:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.155:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.156:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.160:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.161:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.182:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.183:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.184:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.185:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.186:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.187:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.188:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.189:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.204:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.212:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.218:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.219:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.220:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.221:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.225:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.241:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.242:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.243:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.244:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.262:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.268:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bh5ixs1y.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup


::Report End
 

mlg5454

Thread Starter
Joined
Dec 9, 2005
Messages
43
Logfile of HijackThis v1.99.1
Scan saved at 6:54:31 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1135372308\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1135372308\ee\aim6.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135372308\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqpp - ssqpp.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Don't forget to install AVG, you need anti-virus protection.

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O20 - Winlogon Notify: ssqpp - ssqpp.dll (file missing)


Boot into Safe Mode.

Navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

It's normal if some files don't delete!

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.
 

mlg5454

Thread Starter
Joined
Dec 9, 2005
Messages
43
Logfile of HijackThis v1.99.1
Scan saved at 12:27:43 PM, on 12/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common

Files\AOL\1135372308\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca

le=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo

cale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*htt

p://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.aimtoday.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo

cale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca

le=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ycomp/defaults/su/*htt

p://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection

Wizard,ShellNext =

http://go.microsoft.com/fwlink/?LinkId=488
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar.dll
O3 - Toolbar: HP view -

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program

Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv]

c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program

Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd0

6.exe
O4 - HKLM\..\Run: [HPHmon06]

C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard]

C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher]

c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program

Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1135372308\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search -

res://C:\Program

Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -

res://C:\Program

Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page

- res://C:\Program

Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft

Excel -

res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages -

res://C:\Program

Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -

res://C:\Program

Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED}

(Support.com Installer) -

http://supportsoft.adelphia.net/sdccommon/download/tgct

lins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido

networks - C:\Program Files\ewido

anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido

networks - C:\Program Files\ewido

anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -

C:\Program Files\iPod\bin\iPodService.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

You can mark your thread "Solved" from the Thread Tools drop down menu.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top