Solved: Hard drive deteriorating virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Icehawk78

Thread Starter
Joined
Dec 30, 2005
Messages
18
Was running computer and transferring files between an older computer and my current one via my iPod. Run a quick scan with Webroot SpySweeper just to check, since older computer did not have spyware or antivirus on it. Both Norton Antivirus and Trend Micro PC-Cillin pop up with issues about midway through the scan. I shut off network activity, and after looking through the processes and not finding anything that looks suspect, I restart in safe mode. Run Norton Antivirus scan, which comes up with nothing. (Definitions were updated today). Restart in normal mode, same issues start coming up all on their own.

Norton gves me this:
High Risk; Norton AntiVirus has detected a virus on your computer;
Object name: C:\WINDOWS\TEMP\tmpBD.tmp (the digits between tmp and the extension seemed to just continually grow as hex values.)
Virus name: Trojan.Logger or Keylogger.Trojan
Action taken: Access to the file was denied; Unable to repair this file.

PC-Cillin also gave me a message, but I forgot to write it down. As suspected, the free space on my hard drive has been continually shrinking.

Computer info: AMD Athlon 64 3000+ Processor; 512 MB DDR 2100 Ram

The following is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:43:51 PM, on 12/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\TRILLIAN\TRILLIAN.EXE
C:\PROGRAM FILES\GOOGLE\GMAIL NOTIFIER\G001-1.0.25.0\GNOTIFY.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\NICHOL~1.LAU\LOCALS~1\Temp\Rar$EX02.750\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Saint Apollo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.2.50:8080
O1 - Hosts: 62.212.84.38 download.empornium.us
O1 - Hosts: 62.212.84.38 tracker.empornium.us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Wireless Keyboard] C:\Program Files\Microsoft IntelliType Pro\type32.exe
O4 - HKLM\..\Run: [TouchPad Drivers] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://ispe.sdc.hp.com/awebui/jsp/answerweb/applets/ISPEActiveChat.CAB
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TmljaG9sYXMgTGF1eA\command.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

Icehawk78

Thread Starter
Joined
Dec 30, 2005
Messages
18
Update:

Looked at some other posts, downloaded and ran Ewido as many others were told to do (in safe mode)

Afterwards, restarted and ran HijackThis again. Both logs are posted. Any help is greatly appreciated.

HijackThis first:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:39 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\GOOGLE\GMAIL NOTIFIER\G001-1.0.25.0\GNOTIFY.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Saint Apollo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.2.50:8080
O1 - Hosts: 62.212.84.38 download.empornium.us
O1 - Hosts: 62.212.84.38 tracker.empornium.us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Wireless Keyboard] C:\Program Files\Microsoft IntelliType Pro\type32.exe
O4 - HKLM\..\Run: [TouchPad Drivers] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://ispe.sdc.hp.com/awebui/jsp/answerweb/applets/ISPEActiveChat.CAB
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TmljaG9sYXMgTGF1eA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Ewido report is too large to be posted or attached.
 
Joined
Sep 7, 2004
Messages
49,014
Download Hoster from here:
www.funkytoad.com/download/hoster.zip
Run the program Hoster and press Restore Original Hosts, OK, and Exit Program.
==========
DownLoad http://www.intermute.com/spysubtract/cwshredder_download.html
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"


Download About:Buster from:
http://www.majorgeeks.com/download4289.html
Double click aboutbuster.exe, click Update, click OK, click Start, then click OK.


The Ewido log no doubt had a ton of cookies – can you remove a chuck of those so that I can see what is in the Ewido log

Fix these with HJT – mark them, close IE, click fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TmljaG9sYXMgTGF1eA\command.exe (file missing)
==================

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find

Command Service

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.



DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\TmljaG9sYXMgTGF1eA

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 

Icehawk78

Thread Starter
Joined
Dec 30, 2005
Messages
18
After scrolling through, the Ewido log appears to be nothing but Cookies. Incidentally, I have noticed that after running Ewido in safe mode and catching everything, the actual issue that I first noticed (the virus/malware) has stopped showing up. Any ideas on what it could have been? It showed up after scanning the iPod's memory (not running or autorunning anything or for that matter, even transferring anything from the iPod to the PC) for spyware, and after removing 13,513 cookies, it disappeared. If nothing else, I'm curious to know what it was so I know how to stop it if it comes back and so I know whether or not I can safely reconnect my iPod to my laptop again without emptying the contents of the transferred files.

In addition, I've been looking around to see what the best Spyware, Antivirus, and/or Firewalls there are out there. My current subcriptions are about to expire, so if there are any that aren't free but are better as overall scanners, I'd appreciate suggestions.

Here's a sampling from the log; I tried my best to make sure I didn't delete anything that didn't have hundreds or thousands of duplicates. Another HJT log will be posted after I do the safe mode stuff.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:57:34 AM, 12/31/2005
+ Report-Checksum: 424D9C21

+ Scan result:

:mozilla.23:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.898:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.912:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.923:C:\Documents and Settings\Nicholas A. Laux\Application Data\Mozilla\Firefox\Profiles\l7sg4itf.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Nicholas A. Laux\Local Settings\Temp\Cookies\nicholas a. [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nicholas A. Laux\Local Settings\Temp\Cookies\nicholas a. [email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.11:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Com : Cleaned with backup
-> : Error during cleaning
:mozilla.30:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
-> : Error during cleaning
:mozilla.47:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
-> : Error during cleaning
:mozilla.66:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.72:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.73:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.74:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.75:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.78:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.79:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.80:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.82:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.84:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.86:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.87:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.88:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.94:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.108:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.110:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.111:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.112:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.115:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.118:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
-> : Error during cleaning
:mozilla.120:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.121:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.122:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.123:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.168:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.176:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.191:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.192:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
-> : Error during cleaning
:mozilla.199:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.213:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.214:C:\RECYCLER\NPROTECT\00012619.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.129:C:\RECYCLER\NPROTECT\00013020.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.130:C:\RECYCLER\NPROTECT\00013020.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.131:C:\RECYCLER\NPROTECT\00013020.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.132:C:\RECYCLER\NPROTECT\00013020.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
-> : Error during cleaning
:mozilla.134:C:\RECYCLER\NPROTECT\00013020.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.135:C:\RECYCLER\NPROTECT\00013020.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.136:C:\RECYCLER\NPROTECT\00013020.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.225:C:\RECYCLER\NPROTECT\00013021.MOZ -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.226:C:\RECYCLER\NPROTECT\00013021.MOZ -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.227:C:\RECYCLER\NPROTECT\00013021.MOZ -> Spyware.Cookie.Hitslink : Cleaned with backup
-> : Error during cleaning
:mozilla.234:C:\RECYCLER\NPROTECT\00013021.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.235:C:\RECYCLER\NPROTECT\00013021.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.504:C:\RECYCLER\NPROTECT\00014617.MOZ -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.505:C:\RECYCLER\NPROTECT\00014617.MOZ -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.509:C:\RECYCLER\NPROTECT\00014617.MOZ -> Spyware.Cookie.Coremetrics : Cleaned with backup
-> : Error during cleaning
:mozilla.526:C:\RECYCLER\NPROTECT\00014617.MOZ -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.532:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.538:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.561:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.564:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.575:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.576:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.596:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.597:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.621:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.622:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.623:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.630:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.631:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.644:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.650:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.651:C:\RECYCLER\NPROTECT\00015299.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup


::Report End
 
Joined
Sep 7, 2004
Messages
49,014
Have you done #3 - you need to post a new log

Without seeing the entire log I can say

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries

Emptry the recycle bin
 

Icehawk78

Thread Starter
Joined
Dec 30, 2005
Messages
18
Going in order, CWShredder found nothing, and HJT only found three of the things listed (including the command.exe)

Rebooted into safe mode, got the command.exe directory deleted. HJT log posted as well:

Logfile of HijackThis v1.99.1
Scan saved at 3:05:03 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRAM FILES\GOOGLE\GMAIL NOTIFIER\G001-1.0.25.0\GNOTIFY.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Saint Apollo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.2.50:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Wireless Keyboard] C:\Program Files\Microsoft IntelliType Pro\type32.exe
O4 - HKLM\..\Run: [TouchPad Drivers] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://ispe.sdc.hp.com/awebui/jsp/answerweb/applets/ISPEActiveChat.CAB
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


Thanks for all the help! Stuff seems to be working fairly well now, though I'm not sure if all the lost space has been recovered yet or not. If this is a known virus or something, any suggestions on where to check for the lost space is appreciated.
 

Icehawk78

Thread Starter
Joined
Dec 30, 2005
Messages
18
Easycleaner seems to have recovered the lost space, and the recycle bin got emptied a few steps ago, during the last safe mode step. Kaspersky didn't find anything. Everything seems to be working now, so thanks a bunch MFDnSC.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top