-
Content Count
894 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by garmanma
-
-
I'm at home on my computer, but I can tell you what it's doing. When I open I.E. with Ewido running, I'll get an alert about Virtumonde. No matter if I click on ignore or quaratine it will pop right back up. The only way to close the window is to turn off Ewido. Then when I turn off Ewido, the pop-ups start coming. They're for Winantivirus, a spyware scanner, and sometimes a registry cleaner. I don't even have to have I.E. opened. With my browser closed, I click to open "my documents" and I'll get pop-ups
I might also add the last HJT, Ewido, and Panda scans WERE NOT run in safemode. I was in a hurry and forgot
Thanks
Mark
I just got a call from my old boss. I have a favor to do for him tomorrow, I don't know if I'll make it to my daughter's or not on Thurs. Funny, I can fix pc-controlled machines and circutboards all day long but I can't get rid of this garbage
-
Updated July 5
Logfile of HijackThis v1.99.1
Scan saved at 11:54:15 AM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adelphia HSAgent\bin\tgcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andrea\My Documents\hijack this\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [tgcmd] "c:\Program Files\Adelphia HSAgent\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119754399165
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Whenever I open Ewido I get an alert for Adware Virtumonde location
C:\WINDOWS\system32\sstqr.dll
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:58:58 PM 7/5/2006
+ Scan result:
C:\WINDOWS\system32\sstqr.dll -> Adware.Virtumonde : No action taken.
C:\Documents and Settings\Wade\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Wade\Cookies\wade@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Wade\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Wade\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Wade\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Wade\Cookies\wade@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
::Report end
I searched everywhere for uninstall_list.txt, but it is nowhere to be found. Whenever I click on "save report as" HJT closes. I wrote the list to notepad. Thank goodness my daugter can type well
adaware se personal
adelphia high-speed internet
adobe download mgr 2.0 remove only
adobe reader 7.05
aol instant messenger
astonia 3
avg free edition
battle.net
best buy rhapsody
call of duty r2
desktop calendar 0.42b
diablo
empire earth
ewido antispyware 4.0
hijack this 199.1
itunes
j2se runtime enviorment 5.0 update 4
lucas arts balance of power
lucas arts x-wing vs tie fighter
macromedia flash player 8
msn messenger 7.0
openoffice.org 2.0
panda activescan
quicktime
rollercoaster tycoon 3
security update for windows xp kb883939
kb890046
kb893066
kb893756
kb896358
kb896422
kb896423
kb896424
kb896428
kb896688
kb899587
kb899588
kb899589
kb899591
kb900725
kb901017
kb901214
kb902400
kb903235
kb904706
kb905414
kb905749
kb908519
kb911562
kb911567
kb911927
kb912812
kb912919
kb913446
kb913580
kb914389
kb916281
kb917344
kb917753
kb918439
snood for windows version 3.52-w
spybot - search & destroy 1.4
spyware blaster v3.5.1
spywareguard v2.2
star wars galactic battlegrouns: saga
the sims 2
the sims 2 family fun stuff
the sims 2 nightlife
the sims 2 open for business
the sims 2 university
update for windows xp kb894391
kb896727
kb898461
kb900485
kb908531
kb910437
viewpoint manager remove only
viewpoint media player
windows genuine advantage v1.3.0251.0
windows installer 3.1 kb893803
windows media format runtime
windows xp hotfix kb873333
kb873339
kb885250
kb885835
kb885836
kb886185
kb887472
kb887742
kb888113
kb888302
kb890175
kb890859
kb891781
kb893086
yahoo! anti-spy
yahoo! extras
yahoo! install manager
yahoo! internet mail
yahoo! messenger
yahoo! messenger explorer bar
yahoo! toolbar for internet explorer
zonealarm
Active scan report
Incident Status Location
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Andrea\Cookies\andrea@atdmt[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Andrea\Cookies\andrea@trafficmp[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Wade\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Wade\Cookies\wade@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Wade\Cookies\wade@burstnet[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Wade\Cookies\wade@ccbill[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Wade\Cookies\[email protected][1].txt
-
Here you go:
Incident Status Location
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Wade\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Wade\Cookies\wade@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Wade\Cookies\wade@burstnet[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Wade\Cookies\wade@ccbill[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Wade\Cookies\[email protected][1].txt
I opened Hijack This>misc. tools>open uninstall manager but when I click on "save list" it just closes the app. I've search the hard drive for "uninstall_list.text" but nothing shows up. ???
Mark
It was just brought to my attention that I used "text" instead of "txt" in my search. I'll look again for it on Wed.
-
hi garmanma
you say youve disabled messenger
but did you disable alerta in services
which is a part of messenger that is where all the popups
come from not from
the actual messenger.
microsoft used elerta to alert users
on different innovations
but some one exploited it and found a way to
send popups to the users
try disabling alerta and see
if that helps
tho,some one suggested highjack investigate that as well
marty
-
Here you go. This is my daughter's machine,
i'm not sure if I'll be back on it until Monday
Thanks
Markwido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:16:14 PM 6/30/2006
+ Scan result:
C:\WINDOWS\system32\sstqr.dll -> Adware.Virtumonde : No action taken.
HKU\S-1-5-21-823518204-1292428093-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : No action taken.
C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\2Z6B6PYB\WinAntiVirusPro2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Wade\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Wade\Cookies\wade@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Wade\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Wade\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Wade\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Wade\Cookies\wade@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Andrea\Cookies\andrea@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 5:25:52 PM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adelphia HSAgent\bin\tgcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Andrea\My Documents\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [tgcmd] "c:\Program Files\Adelphia HSAgent\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119754399165
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
I updated and ran all the virus and spyware programs. I'm still getting an obnoxious Win Antivirus pop-up. My daughter also told me That a window came up wanting to install a BHO helper and she couldn't get rid of it. Any help would be helpful
Thanks
MarkLogfile of HijackThis v1.99.1
Scan saved at 9:57:45 AM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adelphia HSAgent\bin\tgcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andrea\My Documents\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [tgcmd] "c:\Program Files\Adelphia HSAgent\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119754399165
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Yes, please Post a HJT log in the Malware Removal forum, and an analyst will be around to assist you.Should I post a Hijack This log? -
I'm working on my daughter's computer that has XP Pro on it. It has Spyware Guard, Spyware Blaster, AVG, Zone Alarm installed and updated. She also uses the Yahoo toolbar. M$ Messenger is turned off. I've done a few different online virus scans, and ran both Adaware and Spybor S&D. While I've gotten rid of most of the pop-ups, I still have one that continues to show up. I'd appreciate any help to get rid of this. Could it be something in the registry? Should I post a Hijack This log?
Thanks
Mark
-
Thanks. I finally waded trough M$'s site and halfa** figured it out. I'll give it a try tomorrow
Mark
-
My daughter finally got broadband and I was over installing some utilities and I noticed she has no administrative account, just 2 users. My son in law installed AVG and Zone Alarm on his account and their both active on his account and not hers. How do I go about correcting this? Do I do a repair install with XP, create a admin account and then reinstall the utilities or is their a better way? If I do that, will their preferences they already have, programs, bookmarks and whatever ,have to be redone? Also, is there an easy way to export bookmarks from one account to another? I've never had to mess with this before.
Thanks
Mark
-
Thanks for an extra choice, Rema7. I'll probably go with Audacity for now. Like Honda Boy says "It's easier to use for the less technology inclined people", meaning me. Perhaps when I get the hang of it I'll move on to something else. I like the other Sourceforge programs I've tried. Their FAQ's and forums seem to help a lot
Mark
-
I recently started doing the same thing. Someone else on these forums recommended Audacity. Works great
I agree Audacity is a great program
Sceeter32
Thank you, I'll give it a try
Mark
-
I'm sorry if this is the wrong forum, I was'nt sure where to post. I finally have the time and I would like to convert all my old LP's to CD's. I got the turntable and amplifier, and the y-cable to go to my soundcardI'm at a loss as to what software I need. Can anyone reccomend an easy to use program that does everything I need? It does'nt have to be freeware I'll gladly purchase the right pprogram
Thank you
Mark
-
I've caught Winfixer a few times. Adaware won't catch it but Spybot will. It shows up on your machine then wants you to buy their program to get rid of spyware
Mark
-
I've never had any problems with Zone Alarm Some people don't like it
Mark
-
I found it. that seemed much harder then it should have been
http://www-307.ibm.com/pc/support/site.wss...hEntry=2651-562
Everything about IBM's site is harder than it should be. You'll definitley tone up your site navigation skills
Mark
-
I know on my old Thinkpad, even though I had enough memory, I still had to flash the BIOS for XP
Mark
-
I'm surprised her company lets her log on to their system without an antivirus program. In the malware section of the forums, in the "pinned" threads, there's some good tips for protection. Most programs are free
Mark
-
It's already updated to 10. Replying to Deafgirl, WMP is inbedded in XP. You can't reinstall just WMP. I installed Real Player and that works. I'm just wondering what happened
Thanks
Mark
[/quote
This tells how to remove it:
http://www.microsoft.com/windows/windowsme...er/faq.aspx#2_3
The M.$. page I was on said you can remove it's controls but the program itself is embedded in XP. No big deal, I'm starting to like Real Player anyways
Mark
-
I'm glad your OK and everything is also the same.
Always keep a six pack of ice cold beers around. When shaken, they make good fire extinguishers. (learned from experience ). But always save one for afterwards. Thats when it'll taste the best!!!
An extra 2 to hold in each hand to help the burning sensation. Then after they warm up a little you'll have an extra 2 to drink
Mark
-
By chance, did she recently install a pop-up blocker or firewall? Also, is she using the Remote Desktop connection or something else?
Mark
-
It's already updated to 10. Replying to Deafgirl, WMP is inbedded in XP. You can't reinstall just WMP. I installed Real Player and that works. I'm just wondering what happened
Thanks
Mark
-
I don't know if this happened because I installed Firefox or not. WMP has been working all week. All of a sudden I cannot play music cd's or streaming audio. When I click on streaming link, The WMP installer opens up wanting to install WMP. I already have it,. Any ideas? Running XP with Firefox and Thunderbird I've done all the updates for it.
Thanks
Mark
-
I just tried it. If you're trying to get real close to the monitor, it could be a few things. You probably have to use manual settings not auto. You might need to use the macro setting. Remember the screen is'nt one solid, steady picture, but a bunch of rapidly pulsing pixels. You might need to prolong exposure and also use a small tripod
Just my 2 cents
Mark
Hijack Log Bho Helper And Winantivirus[RESOLVED]
in Malware Removal
Posted