Solved: DL'd Possible Virus Please Help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bootch42

Thread Starter
Joined
Feb 6, 2007
Messages
23
Hello, I really appreciate any help. This is my problem.
I know better than to Run an unknown program so I don't know what i was thinking. I dl'd a program that I needed using a p2p:
(autocad 2006 full version_english + keygen 100% w0rking.exe)
, when I got it i ran scans with Housecall, norton's, mcaffee online scan, and symantec online scan. I got no bad scans.
I continued to run the program, when i did so a command prompt screen opened for a brief second and closed and that was it. I knew that was a bad sign. When I checked the activity log i noticed that there was an intrusion prevention at the time I ran the program. This log listed an intrusion from inside trying to get out. It kept trying to get out every few seconds from 6:35 pm until 8:00 pm.
There are no obvious signs of any problem from the possible virus, my PC runs fine.
I run all the scans I know of and can't find anything. I also cannot delete the file I dl'd it gives me an error that another program is using this file and the program must be stopped b4 the file can be deleted.
I know it was stupid but if anybody can help I would really appreciate it.
Thanks,
Bruce
 
Joined
Feb 1, 2007
Messages
310
Have you tried booting into safe mode as administrator and deleting it from there?

And why ya trying to pirate autocad =p?
 

bootch42

Thread Starter
Joined
Feb 6, 2007
Messages
23
No not yet. Is that going to delete any problems that the virus might have caused and I don't know about?
 
Joined
Nov 19, 2004
Messages
743
restart your machine
then see if the files are still in use . if the files are not in use
delete it .
to delete the file (s) right click the file and select delete .
cheers
 

bootch42

Thread Starter
Joined
Feb 6, 2007
Messages
23
Sorry but i did try rebooting it didn't help. Any other ideas would be appreciated. Especially if you could tell me if there might be a possible hidden virus or trojan on my pc. I have scanned w/every scan i know of.
 
Joined
Jul 19, 2005
Messages
11,670
Click on the red triangle in the upper right hand corner of the dialogue box and ask a moderator to move you over to security.

With your problem I believe you will get better results in the security section.
 
Joined
Jul 26, 2002
Messages
46,331
Hi bootch42

Welcome to TSG! :)

I have moved your thread to the Security forum.

I hope you have learned your lesson about using p2p apps. It just isn't worth it.

Please do the following:

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
 

bootch42

Thread Starter
Joined
Feb 6, 2007
Messages
23
Thanks so much for the help.
Here is my scan:

Logfile of HijackThis v1.99.1
Scan saved at 12:04:46 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84784958-474F-469E-9E53-A444D7AB5B6F}: NameServer = 205.152.37.23,205.152.144.23
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 

bootch42

Thread Starter
Joined
Feb 6, 2007
Messages
23
Forgot this list:


µTorrent
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Ahead InCD
Ahead Nero Burning ROM
Ahead NeroMIX
Ahead NeroVision Express
Alt-Tab Task Switcher Powertoy for Windows XP
AppCore
Ares 1.9.9
AV
ccCommon
City of Villains/City of Heroes (remove only)
Creative MediaSource
Customer Experience Enhancement
DFX 8 for Windows Media Player
DISCover
DivX
Doom 3
DVD Decrypter (Remove Only)
DX-Ball 1.09
EA SPORTS online 2005
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
EPSON Printer Software
EPSON Scan
EPSON Web-To-Page
GemMaster Mystic
Google Earth
Google SketchUp 6
Google SketchUp 6
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play HD DVD 2.2
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Software Update
HP Web Helper
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
Invision 2.0 Build 3515
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
LiveUpdate 3.1 (Symantec Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Plus! Dancer LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
mIRC
Mozilla Firefox (2.0.0.1)
MSRedist
MSXML 4.0 SP2 (KB927978)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
Otto
PC-Doctor 5 for Windows
Picasa 2
PL-2303 USB-to-Serial
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RealPlayer
Retrospect 6.5
Rhapsody
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Shareaza version 2.2.3.0
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Ericsson PC Suite 1.10.21
Sound Blaster Audigy 4
SPBBC 32bit
SpeechRedist
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SymNet
Tiger Woods PGA TOUR 2005
Unreal Tournament 2004
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Updates from HP (remove only)
VSO CopyToDVD 3
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Toolbar for Internet Explorer

Thanks again for the help :^)
 
Joined
Jul 26, 2002
Messages
46,331
I don't see any malware there. You do have a little cltter there that I'll help you clean up and I'd like for you to run an online scan as well. Please do the following:

* You can use the HijackThis Delete a file on reboot tool to delete that file you are having trouble deleting. Open Hijack This and click on the Open the Misc Tools section button. Now click on the Delete a file on reboot... button. Either type or browse to the file you are trying to delete.

You will be asked if you want to restart. Click Yes.

* Go to Add/Remove programs and uninstall this old version of Java:

J2SE Runtime Environment 5.0 Update 6


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O15 - Trusted Zone: http://*.trymedia.com (HKLM)



* Restart your computer.


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan
 

bootch42

Thread Starter
Joined
Feb 6, 2007
Messages
23
This is what Panda found,
I had to split it into three Posts.:


Incident Status Location

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.com.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[server.iad.liveperson.net/hc/86992609]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[server.iad.liveperson.net/hc/86992609]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.target.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.go.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Virus:Generic Trojan Disinfected C:\Program Files\mIRC\Invision\Stdio.dll
Spyware:Cookie/Com.com Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.com.com/]
Spyware:Cookie/NewMedia Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Falkag Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Serving-sys Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/cs.sexcounter Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/360i Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Go Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Target Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.target.com/]
Spyware:Cookie/Toplist Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/YieldManager Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[server.iad.liveperson.net/hc/60166198]
Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[server.iad.liveperson.net/hc/87263826]
Spyware:Cookie/onestat.com Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/BurstBeacon Not disinfected K:\New Backup\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8vbzczaq.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/2o7 Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/2o7 Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Searchportal Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Zedo Not disinfected K:\New Backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Adware:Adware/Gmter Not disinfected K:\New Backup\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\A419B7FF\popup[1].htm
 

bootch42

Thread Starter
Joined
Feb 6, 2007
Messages
23
Adware:Adware/Gmter Not disinfected K:\New Backup\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\A419B7FF\popup[2].htm
Spyware:Cookie/Com.com Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.com.com/]
Spyware:Cookie/Statcounter Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/adultfriendfinder Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/YieldManager Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Adrevolver Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/BurstNet Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/RealMedia Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Casalemedia Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Go Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.go.com/]
Spyware:Cookie/Searchportal Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/2o7 Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hbmediapro Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/PointRoll Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Maxserving Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/WUpd Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Yadro Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Bridgetrack Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Humanclick Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[hc2.humanclick.com/hc/11199995]
Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1j09f3ke.default\cookies.txt[server.iad.liveperson.net/hc/6844036]
Spyware:Cookie/2o7 Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected K:\New Backup\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Toplist Not disinfected K:\New Backup\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/HideWindow.A Not disinfected K:\New Backup\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected K:\New Backup\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected K:\New Backup\hp\bin\Terminator.exe
Virus:Generic Trojan Disinfected K:\New Backup\Program Files\mIRC\Invision\Stdio.dll
Spyware:Cookie/2o7 Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1A9.tmp
Spyware:Cookie/YieldManager Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1AA.tmp
Spyware:Cookie/BurstNet Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1AD.tmp
Spyware:Cookie/Com.com Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1AE.tmp
Spyware:Cookie/QuestionMarket Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B1.tmp
Spyware:Cookie/RealMedia Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B2.tmp
Spyware:Cookie/Serving-sys Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B3.tmp
Spyware:Cookie/Statcounter Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B4.tmp
Spyware:Cookie/Tribalfusion Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B6.tmp
Spyware:Cookie/Zedo Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppq1B7.tmp
Spyware:Cookie/Belnk Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppqC9.tmp
Spyware:Cookie/Belnk Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppqCA.tmp
Spyware:Cookie/PointRoll Not disinfected K:\New Backup\Program Files\Yahoo!\YPSR\Quarantine\ppqCB.tmp
Spyware:Cookie/Hbmediapro Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl111.txt
Spyware:Cookie/NewMedia Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl135.txt
Spyware:Cookie/Atwola Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl140.txt
Spyware:Cookie/Belnk Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl144.txt
Spyware:Cookie/BurstNet Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl155.txt
Spyware:Cookie/Enhance Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl158.txt
Spyware:Cookie/Cassava Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl164.txt
Spyware:Cookie/Cd Freaks Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl167.txt
Spyware:Cookie/Cgi-bin Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl169.txt
Spyware:Cookie/Com.com Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl189.txt
Spyware:Cookie/360i Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl200.txt
Spyware:Cookie/did-it Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl207.txt
Spyware:Cookie/Belnk Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl208.txt
Spyware:Cookie/ErrorSafe Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl220.txt
Spyware:Cookie/FortuneCity Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl232.txt
Spyware:Cookie/Go Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl240.txt
Spyware:Cookie/DomainSponsor Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl285.txt
Spyware:Cookie/OfferOptimizer Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl339.txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl346.txt
Spyware:Cookie/RealMedia Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl362.txt
Spyware:Cookie/onestat.com Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl407.txt
Spyware:Cookie/Statcounter Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl408.txt
Spyware:Cookie/Reliablestats Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl409.txt
Spyware:Cookie/WebPower Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl454.txt
Spyware:Cookie/BurstBeacon Not disinfected K:\RECYCLER\S-1-5-21-3237420586-398547159-1791670613-1008\Dl486.txt
Spyware:Cookie/2o7 Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
 

bootch42

Thread Starter
Joined
Feb 6, 2007
Messages
23
Spyware:Cookie/YieldManager Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/PointRoll Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/adultfriendfinder Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Casalemedia Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Cd Freaks Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/CentrPort Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Bridgetrack Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Sextracker Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/360i Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/did-it Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/FortuneCity Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/2o7 Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/QkSrv Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/onestat.com Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Tradedoubler Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Valueclick Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/WebPower Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/BurstBeacon Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Adserver Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected K:\Retrospect Backup\Backup of HP_PAVILION (C)\Documents and Settings\Administrator\Cookies\[email protected][1].txt
 

bootch42

Thread Starter
Joined
Feb 6, 2007
Messages
23
Here is the HJT scan:

Logfile of HijackThis v1.99.1
Scan saved at 5:25:15 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84784958-474F-469E-9E53-A444D7AB5B6F}: NameServer = 205.152.37.23,205.152.144.23
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Thanks you so much for the help. The advice earlier did remove that file that wouldn't leave. Thanks again :D
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top