gamefreaks420 Posted January 12, 2006 Report Share Posted January 12, 2006 (edited) okay i ran panda scan and all my other scans and i have done a complete system restore, in the panda scan it picked to things up but wouldnt allow me to remove them here is my new log. any help will be greatly appreciatedLogfile of HijackThis v1.99.1Scan saved at 10:57:51 AM, on 1/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\Explorer.EXEc:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exec:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\EZ-DUB\EZ-DUB.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\InterMute\SpySubtract\SpySub.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\ALCXMNTR.EXEc:\windows\system\hpsysdrv.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exeC:\WINDOWS\system32\wbem\wmiprvse.exec:\program files\common files\aol\1137233307\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\1137233307\ee\aolsoftware.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\Program Files\BillP Studios\WinPatrol\WinPatrol.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exec:\program files\common files\aol\1137233307\ee\aolssc.exeC:\Program Files\America Online 9.0\waol.exec:\program files\common files\aol\1137233307\ee\aexplore.exeC:\Program Files\America Online 9.0\shellmon.exeC:\hjl\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.htmlO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [sSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [iS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"O4 - HKLM\..\Run: [urlLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /runO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137233307\ee\AOLSoftware.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137233307\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exeO4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137233307\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exeO4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exeO4 - HKLM\..\RunOnce: [AOL Deskbar Installation] regsvr32 /s "C:\Program Files\AOL Deskbar\deskbar.dll"O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -oO4 - HKLM\..\RunOnce: [Run IPH] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hideO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -bO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exeO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Edited January 14, 2006 by gamefreaks420 Link to post Share on other sites
Dan Posted January 12, 2006 Report Share Posted January 12, 2006 (edited) Hi,Please take a look at this post here: http://www.besttechie.net/forums/index.php?showtopic=5672Post me a HJT log please Sorry, Just saw it!I'm getting a responce ready Edited January 12, 2006 by Danny Link to post Share on other sites
Dan Posted January 12, 2006 Report Share Posted January 12, 2006 Hi,Do you know what this program is? EZ-DUB.exe?Now, Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan reportDanny Link to post Share on other sites
gamefreaks420 Posted January 14, 2006 Author Report Share Posted January 14, 2006 (edited) i updated my log with a new one i have scanned with every scan i have and panda virus scan online.ez dub goes to my dvd burner Edited January 14, 2006 by gamefreaks420 Link to post Share on other sites
Dan Posted January 19, 2006 Report Share Posted January 19, 2006 Uh..Can you post a new HJT log as a reply as well as the ActiveScan report.Danny Link to post Share on other sites
gamefreaks420 Posted January 28, 2006 Author Report Share Posted January 28, 2006 okay i run all of my scans and panda online scan.any help is greatly appreciated here is my panda scan log Incident Status Location Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@belnk[1].txt Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt Spyware:Cookie/go Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@go[2].txt Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tucows[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@belnk[1].txt Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].txt Spyware:Cookie/go Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@go[2].txt Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tucows[2].txt Potentially unwanted tool:Application/KillApp.B here is my hijacklogLogfile of HijackThis v1.99.1Scan saved at 12:33:02 PM, on 1/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exeC:\Program Files\Common Files\AOL\1137233307\ee\AOLSoftware.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\1137233307\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\Program Files\Common Files\AOL\1137233307\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\mcafee.com\antivirus\oasclnt.exeC:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\America Online 9.0\waol.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\EZ-DUB\EZ-DUB.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\ePrompter\ePrompter.exeC:\Program Files\America Online 9.0\shellmon.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\ALCXMNTR.EXEc:\windows\system\hpsysdrv.exeC:\Program Files\InterMute\SpySubtract\SpySub.exec:\program files\common files\aol\1137233307\ee\aolssc.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\hjl\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /runO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137233307\ee\AOLSoftware.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137233307\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exeO4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137233307\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exeO4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exeO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exeO4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exeO4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hideO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -bO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exeO4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exeO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1137233307\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Link to post Share on other sites
Dan Posted January 28, 2006 Report Share Posted January 28, 2006 Hi,Download and install CleanUp!NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it!Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click "Options..."Move the arrow down to "Custom CleanUp!"Put a check next to the following (Make sure nothing else is checked!):Empty Recycle BinsDelete CookiesDelete Prefetch files (if present)Cleanup! All UsersClick OKPress the CleanUp! button to start the program.It may ask you to log-off/reboot at the end, if it does please do so.Please tell me how your computer is doing.Danny Link to post Share on other sites
gamefreaks420 Posted January 28, 2006 Author Report Share Posted January 28, 2006 thanks danny, my computer runing smooth Link to post Share on other sites
Dan Posted January 28, 2006 Report Share Posted January 28, 2006 Ok,We have a couple of last steps to perform and then you're all set.First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading UNSELECT Show hidden files and folders. CHECK the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.Next, let's clean your restore points and set a new one:Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous re1. Turn off System Restore.On the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.Check Turn off System Restore.Click Apply, and then click OK.2. Restart your computer.3. Turn ON System Restore.On the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.UN-Check Turn off System Restore.Click Apply, and then click OK.System Restore will now be active again.store points which are likely to be infected)Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:SpywareBlaster to help prevent spyware from installing in the first place.SpywareGuard to catch and block spyware before it can execute.IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.You should also have a good firewall. Here are 3 free ones available for personal use:Sygate Personal FirewallKerio Personal FirewallZoneAlarmand a good antivirus (these are also free for personal use):AVG Anti-VirusAvast Home EditionIt is critical to have both a firewall and anti virus to protect your system and to keep them updated.To keep your operating system up to date visitMicrosoft Windows Updatemonthly. And to keep your system clean run these free malware scannersAdAware SE PersonalSpybot Search & Destroyweekly, and be aware of what emails you open and websites you visit.To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?Have a safe and happy computing day!Danny Link to post Share on other sites
gamefreaks420 Posted February 16, 2006 Author Report Share Posted February 16, 2006 thanks danny i just got done doing what you said to do, thanks allot Link to post Share on other sites
Matt Posted February 22, 2006 Report Share Posted February 22, 2006 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts