Solved: c:progra~\soproc.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

MzzzShay

Thread Starter
Joined
Jun 26, 2004
Messages
66
Hello,

I am wondering if someone will help me out. When my computer boots up I get a message that windows cannot find file(then the title). I have found out that it is spyware but when I do a search on comp it doesn't find anything. Please help. Also when I shut down the computer I get about 3 messages to end some processes but they go away before I can write down what the names are. Here is my HJT log. Thanks :)

Logfile of HijackThis v1.99.1
Scan saved at 3:17:48 AM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Uwzdao\Xcoyhpx.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ornu\nslo.exe
C:\WINDOWS\system32\F?nts\msiexec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {56E8DF58-6FED-3C66-BE66-652366CDC79D} - C:\WINDOWS\system32\vrpm.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {56B2D0C7-6373-39F2-2094-6F833CD99BCD} - C:\WINDOWS\system32\nam.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {56B2D0C7-6373-39F2-2094-6F833CD99BCD} - C:\WINDOWS\system32\nam.dll
O2 - BHO: (no name) - {56E8DF58-6FED-3C66-BE66-652366CDC79D} - C:\WINDOWS\system32\vrpm.dll (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [GsAyeQ] C:\WINDOWS\xcaiexiy.exe
O4 - HKLM\..\Run: [Mnvhnq] C:\Program Files\Uwzdao\Xcoyhpx.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Á³# *L"h'þ9Ӝð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mldsm.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SOProc_RegSoAlertAjWx1Nn] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertAjWx1Nn
O4 - HKCU\..\Run: [Srro] "C:\Program Files\ornu\nslo.exe" -vt mtx
O4 - HKCU\..\Run: [Lcn] C:\WINDOWS\system32\F?nts\msiexec.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://www.iwin.com/global/premium/sony/bewitched/main.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Service\Software Jukebox v2.0 File.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Joined
Sep 7, 2004
Messages
49,014
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

MzzzShay

Thread Starter
Joined
Jun 26, 2004
Messages
66
Here are my results:
Also I did copy those programs when I shut down computer. They are ccApp and ShellconhiddenWindow.
********
11:29 AM: | Start of Session, Monday, January 16, 2006 |
11:29 AM: Spy Sweeper started
11:29 AM: Sweep initiated using definitions version 601
11:29 AM: Starting Memory Sweep
11:29 AM: Found Adware: purityscan
11:29 AM: Detected running threat: C:\WINDOWS\system32\nam.dll (ID = 230)
11:33 AM: Detected running threat: C:\Program Files\ornu\nslo.exe (ID = 230)
11:35 AM: Memory Sweep Complete, Elapsed Time: 00:05:12
11:35 AM: Starting Registry Sweep
11:35 AM: Found Adware: altnet
11:35 AM: HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 103494)
11:35 AM: Found Adware: exact cashback/bargain buddy
11:35 AM: HKLM\software\classes\webinstaller.cexecute\ (5 subtraces) (ID = 105376)
11:35 AM: HKCR\webinstaller.cexecute\ (5 subtraces) (ID = 105385)
11:35 AM: Found Adware: cws-aboutblank
11:35 AM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343)
11:35 AM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907)
11:35 AM: Found Adware: internetoptimizer
11:35 AM: HKCR\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128885)
11:35 AM: HKLM\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128896)
11:35 AM: HKLM\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 128912)
11:35 AM: HKLM\software\microsoft\windows\currentversion\uninstall\rotue\ (ID = 128925)
11:35 AM: Found Adware: moneytree
11:35 AM: HKCR\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ (8 subtraces) (ID = 135185)
11:35 AM: HKCR\interface\{3517fb25-305d-4012-b531-186e3851e7ed}\ (8 subtraces) (ID = 137348)
11:35 AM: HKCR\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\ (8 subtraces) (ID = 137349)
11:35 AM: HKLM\software\classes\interface\{3517fb25-305d-4012-b531-186e3851e7ed}\ (8 subtraces) (ID = 137678)
11:35 AM: HKLM\software\classes\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\ (8 subtraces) (ID = 137679)
11:35 AM: HKLM\software\classes\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\typelib\ (2 subtraces) (ID = 137680)
11:35 AM: HKLM\software\classes\typelib\{5530d356-0063-41b9-b20d-e9d799e8d907}\ (9 subtraces) (ID = 137687)
11:35 AM: HKCR\typelib\{5530d356-0063-41b9-b20d-e9d799e8d907}\ (9 subtraces) (ID = 139091)
11:35 AM: Found Adware: shopathomeselect
11:35 AM: HKLM\software\classes\webinstaller.cexecute.1\ (3 subtraces) (ID = 141687)
11:35 AM: HKCR\webinstaller.cexecute.1\ (3 subtraces) (ID = 141739)
11:35 AM: Found Adware: ist sidefind
11:35 AM: HKCR\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 141765)
11:35 AM: HKCR\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 141766)
11:35 AM: HKLM\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 141772)
11:35 AM: HKLM\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 141773)
11:35 AM: Found Adware: topsearch
11:35 AM: HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 143925)
11:35 AM: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143928)
11:35 AM: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143930)
11:35 AM: Found Trojan Horse: trojan-downloader-updateagent
11:35 AM: HKLM\software\winsysupdate\ (3 subtraces) (ID = 144817)
11:35 AM: Found Adware: websearch toolbar
11:35 AM: HKLM\software\microsoft\windows\currentversion\installer\userdata\sto\ (1 subtraces) (ID = 146480)
11:35 AM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
11:35 AM: Found Adware: websearch.com hijacker
11:35 AM: HKLM\software\microsoft\internet explorer\main\ || searchassistant (ID = 146565)
11:35 AM: Found Trojan Horse: p2pnetwork
11:35 AM: HKLM\software\microsoft\ole\ || p2pnetwork (ID = 359377)
11:35 AM: Found Adware: rx toolbar
11:35 AM: HKCR\rxresult.rxresultfilter\ (3 subtraces) (ID = 729537)
11:35 AM: HKCR\rxresult.rxresultfilter\clsid\ (1 subtraces) (ID = 729539)
11:35 AM: HKCR\rxresult.rxresultfilter.1\ (3 subtraces) (ID = 729541)
11:35 AM: HKCR\rxresult.rxresultfilter.1\clsid\ (1 subtraces) (ID = 729543)
11:35 AM: HKCR\rxresult.rxresulttracker\ (3 subtraces) (ID = 729545)
11:35 AM: HKCR\rxresult.rxresulttracker\clsid\ (1 subtraces) (ID = 729547)
11:35 AM: HKCR\rxresult.rxresulttracker.1\ (3 subtraces) (ID = 729549)
11:35 AM: HKCR\rxresult.rxresulttracker.1\clsid\ (1 subtraces) (ID = 729551)
11:35 AM: HKCR\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ (10 subtraces) (ID = 729553)
11:35 AM: HKCR\clsid\{59879fa4-4790-461c-a1cc-4ec4de4ca483}\ (8 subtraces) (ID = 729564)
11:35 AM: HKCR\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 subtraces) (ID = 729573)
11:35 AM: HKLM\software\classes\rxresult.rxresultfilter\ (3 subtraces) (ID = 729616)
11:35 AM: HKLM\software\classes\rxresult.rxresultfilter\clsid\ (1 subtraces) (ID = 729618)
11:35 AM: HKLM\software\classes\rxresult.rxresultfilter.1\ (3 subtraces) (ID = 729620)
11:35 AM: HKLM\software\classes\rxresult.rxresultfilter.1\clsid\ (1 subtraces) (ID = 729622)
11:35 AM: HKLM\software\classes\rxresult.rxresulttracker\ (3 subtraces) (ID = 729624)
11:35 AM: HKLM\software\classes\rxresult.rxresulttracker\clsid\ (1 subtraces) (ID = 729626)
11:35 AM: HKLM\software\classes\rxresult.rxresulttracker.1\ (3 subtraces) (ID = 729628)
11:35 AM: HKLM\software\classes\rxresult.rxresulttracker.1\clsid\ (1 subtraces) (ID = 729630)
11:35 AM: HKLM\software\classes\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ (10 subtraces) (ID = 729632)
11:35 AM: HKLM\software\classes\clsid\{59879fa4-4790-461c-a1cc-4ec4de4ca483}\ (8 subtraces) (ID = 729643)
11:35 AM: HKLM\software\classes\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 subtraces) (ID = 729652)
11:35 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{59879fa4-4790-461c-a1cc-4ec4de4ca483}\ (ID = 729662)
11:36 AM: Found Adware: directrevenue-abetterinternet
11:36 AM: HKU\WRSS_Profile_S-1-5-21-1350422157-1636378532-649730168-500\software\aurora\ (18 subtraces) (ID = 360174)
11:36 AM: Found Adware: ist software
11:36 AM: HKU\S-1-5-21-1350422157-1636378532-649730168-1009\software\ist\ (2 subtraces) (ID = 129108)
11:36 AM: HKU\S-1-5-21-1350422157-1636378532-649730168-1009\system\currentcontrolset\control\lsa\ || p2pnetwork (ID = 359373)
11:36 AM: HKU\S-1-5-21-1350422157-1636378532-649730168-1009\software\microsoft\ole\ || p2pnetwork (ID = 359374)
11:36 AM: HKU\S-1-5-21-1350422157-1636378532-649730168-1009\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042)
11:36 AM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
11:36 AM: Registry Sweep Complete, Elapsed Time:00:01:02
11:36 AM: Starting Cookie Sweep
11:36 AM: Found Spy Cookie: 2o7.net cookie
11:36 AM: [email protected][1].txt (ID = 1957)
11:36 AM: Found Spy Cookie: yieldmanager cookie
11:36 AM: [email protected][1].txt (ID = 3751)
11:36 AM: Found Spy Cookie: adknowledge cookie
11:36 AM: [email protected][1].txt (ID = 2072)
11:36 AM: Found Spy Cookie: addynamix cookie
11:36 AM: [email protected][2].txt (ID = 2062)
11:36 AM: Found Spy Cookie: pointroll cookie
11:36 AM: [email protected][2].txt (ID = 3148)
11:36 AM: Found Spy Cookie: advertising cookie
11:36 AM: [email protected][1].txt (ID = 2175)
11:36 AM: Found Spy Cookie: atlas dmt cookie
11:36 AM: [email protected][2].txt (ID = 2253)
11:36 AM: Found Spy Cookie: bravenet cookie
11:36 AM: [email protected][2].txt (ID = 2322)
11:36 AM: Found Spy Cookie: burstnet cookie
11:36 AM: [email protected][2].txt (ID = 2336)
11:36 AM: Found Spy Cookie: fastclick cookie
11:36 AM: [email protected][2].txt (ID = 2651)
11:36 AM: [email protected][2].txt (ID = 2652)
11:36 AM: Found Spy Cookie: nextag cookie
11:36 AM: [email protected][2].txt (ID = 5014)
11:36 AM: Found Spy Cookie: questionmarket cookie
11:36 AM: [email protected][1].txt (ID = 3217)
11:36 AM: Found Spy Cookie: realmedia cookie
11:36 AM: [email protected][1].txt (ID = 3235)
11:36 AM: Found Spy Cookie: revenue.net cookie
11:36 AM: [email protected][1].txt (ID = 3257)
11:36 AM: Found Spy Cookie: statcounter cookie
11:36 AM: [email protected][1].txt (ID = 3447)
11:36 AM: Found Spy Cookie: webtrendslive cookie
11:36 AM: [email protected][1].txt (ID = 3667)
11:36 AM: Found Spy Cookie: trafficmp cookie
11:36 AM: [email protected][1].txt (ID = 3581)
11:36 AM: Found Spy Cookie: tripod cookie
11:36 AM: [email protected][1].txt (ID = 3591)
11:36 AM: Found Spy Cookie: burstbeacon cookie
11:36 AM: [email protected][2].txt (ID = 2335)
11:36 AM: Found Spy Cookie: adserver cookie
11:36 AM: [email protected][1].txt (ID = 2142)
11:36 AM: Found Spy Cookie: zedo cookie
11:36 AM: [email protected][2].txt (ID = 3762)
11:36 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
11:36 AM: Starting File Sweep
11:36 AM: Found Adware: bullguard popup ad
11:36 AM: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
11:37 AM: Found Adware: 180search assistant/zango
11:37 AM: a0034160.dll (ID = 70439)
11:38 AM: Found Adware: winad
11:38 AM: a0034150.exe (ID = 90399)
11:39 AM: Found Adware: begin2search
11:39 AM: greenmovie2313asaadsasfad.ico (ID = 51033)
11:39 AM: mp3red51aads1.ico (ID = 51044)
11:40 AM: Found Adware: ist surf accuracy
11:40 AM: a0034151.exe (ID = 180326)
11:42 AM: a0034152.exe (ID = 180136)
11:43 AM: __unin__.exe (ID = 49793)
11:43 AM: Found Adware: ist istbar
11:43 AM: a0034156.exe (ID = 64496)
11:43 AM: Found Adware: instafinder
11:43 AM: a0039661.exe (ID = 63654)
11:43 AM: a0039680.exe (ID = 49793)
11:46 AM: a0039681.exe (ID = 49803)
11:47 AM: asmfiles.cab (ID = 49805)
11:56 AM: a0034141.exe (ID = 87779)
12:00 PM: a0039658.dll (ID = 49877)
12:03 PM: bulldownload.exe (ID = 52017)
12:03 PM: a0039675.exe (ID = 111765)
12:03 PM: a0038933.dll (ID = 214023)
12:05 PM: a0034142.dll (ID = 87276)
12:05 PM: a0034163.exe (ID = 64666)
12:08 PM: Found Adware: exact software
12:08 PM: a0034158.exe (ID = 50591)
12:10 PM: Warning: Invalid file - not a PKZip file
12:10 PM: Warning: Unhandled Archive Type
12:10 PM: Warning: Invalid file - not a PKZip file
12:11 PM: Warning: Unhandled Archive Type
12:11 PM: Warning: Unhandled Archive Type
12:11 PM: Warning: Unhandled Archive Type
12:11 PM: Warning: Unhandled Archive Type
12:11 PM: Warning: Unhandled Archive Type
12:11 PM: Warning: Invalid Stream
12:13 PM: File Sweep Complete, Elapsed Time: 00:36:53
12:13 PM: Full Sweep has completed. Elapsed time 00:43:22
12:13 PM: Traces Found: 416
12:15 PM: Removal process initiated
12:15 PM: Quarantining All Traces: 180search assistant/zango
12:15 PM: Quarantining All Traces: cws-aboutblank
12:15 PM: Quarantining All Traces: directrevenue-abetterinternet
12:15 PM: Quarantining All Traces: ist istbar
12:15 PM: Quarantining All Traces: purityscan
12:16 PM: Quarantining All Traces: websearch toolbar
12:16 PM: Quarantining All Traces: begin2search
12:16 PM: Quarantining All Traces: internetoptimizer
12:16 PM: Quarantining All Traces: p2pnetwork
12:16 PM: Quarantining All Traces: trojan-downloader-updateagent
12:16 PM: Quarantining All Traces: winad
12:16 PM: Quarantining All Traces: altnet
12:16 PM: Quarantining All Traces: bullguard popup ad
12:16 PM: Quarantining All Traces: exact cashback/bargain buddy
12:16 PM: Quarantining All Traces: exact software
12:16 PM: Quarantining All Traces: instafinder
12:16 PM: Quarantining All Traces: ist sidefind
12:16 PM: Quarantining All Traces: ist software
12:16 PM: Quarantining All Traces: ist surf accuracy
12:16 PM: Quarantining All Traces: moneytree
12:16 PM: Quarantining All Traces: rx toolbar
12:16 PM: Quarantining All Traces: shopathomeselect
12:16 PM: Quarantining All Traces: topsearch
12:16 PM: Quarantining All Traces: websearch.com hijacker
12:16 PM: Quarantining All Traces: 2o7.net cookie
12:16 PM: Quarantining All Traces: addynamix cookie
12:16 PM: Quarantining All Traces: adknowledge cookie
12:16 PM: Quarantining All Traces: adserver cookie
12:16 PM: Quarantining All Traces: advertising cookie
12:16 PM: Quarantining All Traces: atlas dmt cookie
12:16 PM: Quarantining All Traces: bravenet cookie
12:16 PM: Quarantining All Traces: burstbeacon cookie
12:16 PM: Quarantining All Traces: burstnet cookie
12:16 PM: Quarantining All Traces: fastclick cookie
12:16 PM: Quarantining All Traces: nextag cookie
12:16 PM: Quarantining All Traces: pointroll cookie
12:16 PM: Quarantining All Traces: questionmarket cookie
12:16 PM: Quarantining All Traces: realmedia cookie
12:16 PM: Quarantining All Traces: revenue.net cookie
12:16 PM: Quarantining All Traces: statcounter cookie
12:16 PM: Quarantining All Traces: trafficmp cookie
12:16 PM: Quarantining All Traces: tripod cookie
12:16 PM: Quarantining All Traces: webtrendslive cookie
12:16 PM: Quarantining All Traces: yieldmanager cookie
12:16 PM: Quarantining All Traces: zedo cookie
12:17 PM: Preparing to restart your computer. Please wait...
12:17 PM: Removal process completed. Elapsed time 00:01:47
********
11:25 AM: | Start of Session, Monday, January 16, 2006 |
11:25 AM: Spy Sweeper started
11:27 AM: Your spyware definitions have been updated.
11:29 AM: | End of Session, Monday, January 16, 2006 |

Logfile of HijackThis v1.99.1
Scan saved at 12:33:30 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Uwzdao\Xcoyhpx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\F?nts\msiexec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {56E8DF58-6FED-3C66-BE66-652366CDC79D} - C:\WINDOWS\system32\vrpm.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {56B2D0C7-6373-39F2-2094-6F833CD99BCD} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {56E8DF58-6FED-3C66-BE66-652366CDC79D} - C:\WINDOWS\system32\vrpm.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [GsAyeQ] C:\WINDOWS\xcaiexiy.exe
O4 - HKLM\..\Run: [Mnvhnq] C:\Program Files\Uwzdao\Xcoyhpx.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Á³# *L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mldsm.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SOProc_RegSoAlertAjWx1Nn] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertAjWx1Nn
O4 - HKCU\..\Run: [Srro] "C:\Program Files\ornu\nslo.exe" -vt mtx
O4 - HKCU\..\Run: [Lcn] C:\WINDOWS\system32\F?nts\msiexec.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://www.iwin.com/global/premium/sony/bewitched/main.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Service\Software Jukebox v2.0 File.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thank you
 
Joined
Sep 7, 2004
Messages
49,014
Add remove programs – remove Viewpoint

Fix these with HJT – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - {56E8DF58-6FED-3C66-BE66-652366CDC79D} - C:\WINDOWS\system32\vrpm.dll (file missing)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {56B2D0C7-6373-39F2-2094-6F833CD99BCD} - (no file)

O2 - BHO: (no name) - {56E8DF58-6FED-3C66-BE66-652366CDC79D} - C:\WINDOWS\system32\vrpm.dll (file missing)

O4 - HKLM\..\Run: [GsAyeQ] C:\WINDOWS\xcaiexiy.exe

O4 - HKLM\..\Run: [Mnvhnq] C:\Program Files\Uwzdao\Xcoyhpx.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Á ³#
*L"h'þ9Ӝð3rÅ WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mldsm.exe

O4 - HKCU\..\Run: [SOProc_RegSoAlertAjWx1Nn] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertAjWx1Nn

O4 - HKCU\..\Run: [Srro] "C:\Program Files\ornu\nslo.exe" -vt mtx

O4 - HKCU\..\Run: [Lcn] C:\WINDOWS\system32\F?nts\msiexec.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\xcaiexiy.exe
C:\Program Files\Uwzdao
C:\Program Files\Viewpoint
C:\Program Files\ISTsvc
C:\PROGRA~1\SOFTWA~1
C:\Program Files\ornu
C:\WINDOWS\system32\F?nts

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 

MzzzShay

Thread Starter
Joined
Jun 26, 2004
Messages
66
Upon startup, I didn't get the windows cannot find c:progra~\soproc.exe :)
I haven't shut down yet so not sure about the ccApp or the shellconhiddenWindow. I will report this upon next start up. Here is my new HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 4:23:45 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://www.iwin.com/global/premium/sony/bewitched/main.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Service\Software Jukebox v2.0 File.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

MzzzShay

Thread Starter
Joined
Jun 26, 2004
Messages
66
Thank you so much dear!!! I really appreciate your help. For now I think all is well. If not I'll be back...:)
 
Joined
Sep 7, 2004
Messages
49,014
MzzzShay said:
Thank you so much dear!!! I really appreciate your help. For now I think all is well. If not I'll be back...:)
Welcome! We'll be here!:)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top