1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: DL'd Possible Virus Please Help

Discussion in 'Virus & Other Malware Removal' started by bootch42, Feb 6, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. bootch42

    bootch42 Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    23
    Hello, I really appreciate any help. This is my problem.
    I know better than to Run an unknown program so I don't know what i was thinking. I dl'd a program that I needed using a p2p:
    (autocad 2006 full version_english + keygen 100% w0rking.exe)
    , when I got it i ran scans with Housecall, norton's, mcaffee online scan, and symantec online scan. I got no bad scans.
    I continued to run the program, when i did so a command prompt screen opened for a brief second and closed and that was it. I knew that was a bad sign. When I checked the activity log i noticed that there was an intrusion prevention at the time I ran the program. This log listed an intrusion from inside trying to get out. It kept trying to get out every few seconds from 6:35 pm until 8:00 pm.
    There are no obvious signs of any problem from the possible virus, my PC runs fine.
    I run all the scans I know of and can't find anything. I also cannot delete the file I dl'd it gives me an error that another program is using this file and the program must be stopped b4 the file can be deleted.
    I know it was stupid but if anybody can help I would really appreciate it.
    Thanks,
    Bruce
     
  2. Crusnik

    Crusnik

    Joined:
    Feb 1, 2007
    Messages:
    310
    Have you tried booting into safe mode as administrator and deleting it from there?

    And why ya trying to pirate autocad =p?
     
  3. bootch42

    bootch42 Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    23
    No not yet. Is that going to delete any problems that the virus might have caused and I don't know about?
     
  4. Crusnik

    Crusnik

    Joined:
    Feb 1, 2007
    Messages:
    310
    That dos window was probably part of an installer.
     
  5. timothye

    timothye

    Joined:
    Nov 19, 2004
    Messages:
    743
    restart your machine
    then see if the files are still in use . if the files are not in use
    delete it .
    to delete the file (s) right click the file and select delete .
    cheers
     
  6. bootch42

    bootch42 Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    23
    Sorry but i did try rebooting it didn't help. Any other ideas would be appreciated. Especially if you could tell me if there might be a possible hidden virus or trojan on my pc. I have scanned w/every scan i know of.
     
  7. win2kpro

    win2kpro

    Joined:
    Jul 19, 2005
    Messages:
    11,670
    Click on the red triangle in the upper right hand corner of the dialogue box and ask a moderator to move you over to security.

    With your problem I believe you will get better results in the security section.
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi bootch42

    Welcome to TSG! :)

    I have moved your thread to the Security forum.

    I hope you have learned your lesson about using p2p apps. It just isn't worth it.

    Please do the following:

    * Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    * Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
     
  9. bootch42

    bootch42 Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    23
    Thanks so much for the help.
    Here is my scan:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:04:46 PM, on 2/7/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DISC\DISCover.exe
    C:\Program Files\DISC\DiscUpdMgr.exe
    C:\Program Files\DISC\DiscStreamHub.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://*.trymedia.com (HKLM)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84784958-474F-469E-9E53-A444D7AB5B6F}: NameServer = 205.152.37.23,205.152.144.23
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
     
  10. bootch42

    bootch42 Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    23
    Forgot this list:


    µTorrent
    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0.9
    Adobe Shockwave Player
    Ahead InCD
    Ahead Nero Burning ROM
    Ahead NeroMIX
    Ahead NeroVision Express
    Alt-Tab Task Switcher Powertoy for Windows XP
    AppCore
    Ares 1.9.9
    AV
    ccCommon
    City of Villains/City of Heroes (remove only)
    Creative MediaSource
    Customer Experience Enhancement
    DFX 8 for Windows Media Player
    DISCover
    DivX
    Doom 3
    DVD Decrypter (Remove Only)
    DX-Ball 1.09
    EA SPORTS online 2005
    Easy Internet Sign-up
    Enhanced Multimedia Keyboard Solution
    EPSON Printer Software
    EPSON Scan
    EPSON Web-To-Page
    GemMaster Mystic
    Google Earth
    Google SketchUp 6
    Google SketchUp 6
    High Definition Audio Driver Package - KB888111
    Hijackthis 1.99.1
    HijackThis 1.99.1
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB912024)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB928388)
    HP Boot Optimizer
    HP DigitalMedia Archive
    HP DVD Play HD DVD 2.2
    HP Imaging Device Functions 7.0
    HP Photosmart for Media Center PC
    HP Photosmart Premier Software 6.5
    HP Software Update
    HP Web Helper
    Intel(R) Matrix Storage Manager
    Intel(R) PRO Network Connections Drivers
    Intel(R) Quick Resume Technology Drivers
    Intel® Viiv™ Software
    Invision 2.0 Build 3515
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    LiveUpdate 3.1 (Symantec Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB887998)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft Calculator Plus
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Office Standard Edition 2003 60 days trial
    Microsoft Plus! Dancer LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Works
    mIRC
    Mozilla Firefox (2.0.0.1)
    MSRedist
    MSXML 4.0 SP2 (KB927978)
    muvee autoProducer 5.0
    muvee autoProducer unPlugged 2.0
    My HP Games
    Norton AntiVirus
    Norton Confidential Browser Component
    Norton Confidential Web Protection Component
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    NVIDIA Drivers
    Otto
    PC-Doctor 5 for Windows
    Picasa 2
    PL-2303 USB-to-Serial
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    Quicken 2006
    QuickTime
    RealPlayer
    Retrospect 6.5
    Rhapsody
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB926255)
    Shareaza version 2.2.3.0
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sony Ericsson PC Suite 1.10.21
    Sound Blaster Audigy 4
    SPBBC 32bit
    SpeechRedist
    Spybot - Search & Destroy 1.4
    SpywareBlaster v3.5.1
    SymNet
    Tiger Woods PGA TOUR 2005
    Unreal Tournament 2004
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Updates from HP (remove only)
    VSO CopyToDVD 3
    WildTangent Web Driver
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892050
    Windows XP Hotfix - KB893066
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    WinRAR archiver
    Yahoo! Anti-Spy
    Yahoo! Toolbar for Internet Explorer

    Thanks again for the help :^)
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I don't see any malware there. You do have a little cltter there that I'll help you clean up and I'd like for you to run an online scan as well. Please do the following:

    * You can use the HijackThis Delete a file on reboot tool to delete that file you are having trouble deleting. Open Hijack This and click on the Open the Misc Tools section button. Now click on the Delete a file on reboot... button. Either type or browse to the file you are trying to delete.

    You will be asked if you want to restart. Click Yes.

    * Go to Add/Remove programs and uninstall this old version of Java:

    J2SE Runtime Environment 5.0 Update 6


    * Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

    O15 - Trusted Zone: http://*.trymedia.com (HKLM)



    * Restart your computer.


    * Run ActiveScan online virus scan here

    When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from ActiveScan
     
  12. bootch42

    bootch42 Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    23
    This is what Panda found,
    I had to split it into three Posts.:


    Incident Status Location

    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.com.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[server.iad.liveperson.net/hc/86992609]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[server.iad.liveperson.net/hc/86992609]
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[www.myaffiliateprogram.com/]
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.target.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.as-us.falkag.net/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.go.com/]
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.adopt.hbmediapro.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Virus:Generic Trojan Disinfected C:\Program Files\mIRC\Invision\Stdio.dll
    Spyware:Cookie/Com.com Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.com.com/]
    Spyware:Cookie/NewMedia Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.anm.co.uk/]
    Spyware:Cookie/Falkag Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/Falkag Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.as-us.falkag.net/]
    Spyware:Cookie/Atwola Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Serving-sys Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/BurstNet Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/cs.sexcounter Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.cs.sexcounter.com/]
    Spyware:Cookie/360i Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.ct.360i.com/]
    Spyware:Cookie/Go Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.go.com/]
    Spyware:Cookie/RealMedia Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Serving-sys Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Target Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.target.com/]
    Spyware:Cookie/Toplist Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.toplist.cz/]
    Spyware:Cookie/YieldManager Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[server.iad.liveperson.net/hc/60166198]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[server.iad.liveperson.net/hc/87263826]
    Spyware:Cookie/onestat.com Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[stat.onestat.com/]
    Spyware:Cookie/BurstBeacon Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/2o7 Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/YieldManager Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/PointRoll Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Apmebf Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstNet Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Cgi-bin Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Go Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/2o7 Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/QuestionMarket Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/RealMedia Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Searchportal Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Serving-sys Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Toplist Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Tribalfusion Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstBeacon Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Zedo Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Adware:Adware/Gmter Not disinfected K:\New Backup\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\A419B7FF\popup[1].htm
     
  13. bootch42

    bootch42 Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    23
    Adware:Adware/Gmter Not disinfected K:\New Backup\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\A419B7FF\popup[2].htm
    Spyware:Cookie/Com.com Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.com.com/]
    Spyware:Cookie/Statcounter Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/adultfriendfinder Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.adultfriendfinder.com/]
    Spyware:Cookie/YieldManager Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Zedo Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Falkag Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/Falkag Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.as-us.falkag.net/]
    Spyware:Cookie/Adrevolver Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/BurstNet Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/BurstBeacon Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/RealMedia Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Casalemedia Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Go Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.go.com/]
    Spyware:Cookie/Searchportal Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/2o7 Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Hbmediapro Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.adopt.hbmediapro.com/]
    Spyware:Cookie/PointRoll Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Maxserving Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Overture Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Overture Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/WUpd Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Serving-sys Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Tribalfusion Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Yadro Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.yadro.ru/]
    Spyware:Cookie/Bridgetrack Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[citi.bridgetrack.com/]
    Spyware:Cookie/Humanclick Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[hc2.humanclick.com/]
    Spyware:Cookie/Humanclick Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[hc2.humanclick.com/hc/11199995]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[server.iad.liveperson.net/hc/6844036]
    Spyware:Cookie/2o7 Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/YieldManager Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/PointRoll Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/QuestionMarket Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Toplist Not disinfected K:\New Backup\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    Potentially unwanted tool:Application/HideWindow.A Not disinfected K:\New Backup\hp\bin\FondleWindow.exe
    Potentially unwanted tool:Application/KillApp.B Not disinfected K:\New Backup\hp\bin\KillIt.exe
    Potentially unwanted tool:Application/KillApp.A Not disinfected K:\New Backup\hp\bin\Terminator.exe
    Virus:Generic Trojan Disinfected K:\New Backup\Program Files\mIRC\Invision\Stdio.dll
    Spyware:Cookie/2o7 Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1A9.tmp
    Spyware:Cookie/YieldManager Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1AA.tmp
    Spyware:Cookie/BurstNet Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1AD.tmp
    Spyware:Cookie/Com.com Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1AE.tmp
    Spyware:Cookie/QuestionMarket Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B1.tmp
    Spyware:Cookie/RealMedia Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B2.tmp
    Spyware:Cookie/Serving-sys Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B3.tmp
    Spyware:Cookie/Statcounter Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B4.tmp
    Spyware:Cookie/Tribalfusion Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B6.tmp
    Spyware:Cookie/Zedo Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B7.tmp
    Spyware:Cookie/Belnk Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppqC9.tmp
    Spyware:Cookie/Belnk Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppqCA.tmp
    Spyware:Cookie/PointRoll Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppqCB.tmp
    Spyware:Cookie/Hbmediapro Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl111.txt
    Spyware:Cookie/NewMedia Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl135.txt
    Spyware:Cookie/Atwola Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl140.txt
    Spyware:Cookie/Belnk Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl144.txt
    Spyware:Cookie/BurstNet Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl155.txt
    Spyware:Cookie/Enhance Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl158.txt
    Spyware:Cookie/Cassava Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl164.txt
    Spyware:Cookie/Cd Freaks Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl167.txt
    Spyware:Cookie/Cgi-bin Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl169.txt
    Spyware:Cookie/Com.com Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl189.txt
    Spyware:Cookie/360i Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl200.txt
    Spyware:Cookie/did-it Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl207.txt
    Spyware:Cookie/Belnk Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl208.txt
    Spyware:Cookie/ErrorSafe Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl220.txt
    Spyware:Cookie/FortuneCity Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl232.txt
    Spyware:Cookie/Go Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl240.txt
    Spyware:Cookie/DomainSponsor Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl285.txt
    Spyware:Cookie/OfferOptimizer Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl339.txt
    Spyware:Cookie/AspinallsOnlineCasino Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl346.txt
    Spyware:Cookie/RealMedia Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl362.txt
    Spyware:Cookie/onestat.com Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl407.txt
    Spyware:Cookie/Statcounter Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl408.txt
    Spyware:Cookie/Reliablestats Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl409.txt
    Spyware:Cookie/WebPower Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl454.txt
    Spyware:Cookie/BurstBeacon Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl486.txt
    Spyware:Cookie/2o7 Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
     
  14. bootch42

    bootch42 Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    23
    Spyware:Cookie/YieldManager Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Hbmediapro Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    Spyware:Cookie/PointRoll Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/adultfriendfinder Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Advertising Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Apmebf Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Atlas DMT Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Serving-sys Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstNet Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstNet Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    Spyware:Cookie/Casalemedia Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Ccbill Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Cd Freaks Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/CentrPort Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Cgi-bin Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Bridgetrack Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Com.com Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Sextracker Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/360i Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/did-it Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/FastClick Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/FortuneCity Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Go Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Hitbox Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Mediaplex Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/2o7 Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Overture Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/QkSrv Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Searchportal Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Serving-sys Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/onestat.com Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Mammamediasolutions Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Tradedoubler Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Tribalfusion Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/Valueclick Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/WebPower Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstBeacon Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Adserver Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Zedo Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
     
  15. bootch42

    bootch42 Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    23
    Here is the HJT scan:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:25:15 PM, on 2/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DISC\DISCover.exe
    C:\Program Files\DISC\DiscUpdMgr.exe
    C:\Program Files\DISC\DiscStreamHub.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{84784958-474F-469E-9E53-A444D7AB5B6F}: NameServer = 205.152.37.23,205.152.144.23
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    Thanks you so much for the help. The advice earlier did remove that file that wouldn't leave. Thanks again :D
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/541736

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice